darkreading

Individuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say.

Parasitic advanced persistent threat (APT) Secret Blizzard accessed another APT's infrastructure, and stole the same kinds of info it targets in South Asian government and military victims.

The vulnerability affects certain versions of the Veeam Service Provider Console that can only be fixed by updating with the latest patch.

The notorious spyware from Israel's NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 2,500 mobile phones.

The evolving regulatory environment presents both challenges and opportunities for businesses.

Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.

BCID mitigates the risk of consumers being harmed by fraud and bad actors by vetting to deliver a trusted, branded call experience for consumers.

Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack.

A change in ownership and what it means for our readers.

Cisco encourages users to update to an unaffected version of its Adaptive Security Appliance (ASA) software since there are no workarounds for the 2014 vulnerability.

Too much access and privilege, plus a host of unsafe cyber practices, plague most workplaces, and the introduction of tools like GenAI will only make things worse.

A novel backdoor malware and a loader that customizes payload names for each victim have been added to the threat group's cybercriminal tool set.

Until C-level executives fully understand potential threats and implement effective mitigation strategies, healthcare organizations will remain vulnerable and at risk of disruption.

Websites these days know everything about you — even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe's GDPR-mandated data portability rules.

Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors.

Chalk up another win for global cooperation among law enforcement, this time targeting seven types of cyber fraud, including voice phishing and business email compromise.

AWS Security Incident Response will help security teams defend their organizations from account takeovers, breaches, ransomware attacks, and other types of security threats.