In an eleventh-hour scramble before a key contract was set to expire on Tuesday night, the United States Cybersecurity and Infrastructure Security Agency renewed its funding for the longtime software-vulnerability-tracking project known as the Common Vulnerabilities and Exposures Program. Managed by the nonprofit research-and-development group MITRE, the CVE Program isContinue Reading
The pecking order of ransomware gangs is always shifting and evolving, with the most aggressive and reckless groups netting big payouts from vulnerable targets—but often ultimately flaming out. Russian-speaking group Black Basta is the latest example of the trend having stalled out in recent months due to takedowns by lawContinue Reading
One of the most prominent of the smishing actors is often referred to as the Smishing Triad—although security researchers group Chinese-speaking threat actors and affiliates in different ways—which has impersonated organizations and brands in at least 121 countries, according to recent research by security company Silent Push. Around 200,000 domainsContinue Reading
Password managers are the vegetables of the internet. We know they’re good for us, but most of us are happier snacking on the password equivalent of junk food. For nearly a decade, that’s been “123456” and “password”—the two most commonly used passwords on the web. The problem is, most ofContinue Reading
Researchers from multiple firms say that the campaign seems to come from a loosely connected ecosystem of fraud groups rather than one single actor. Each group has its own versions of the Badbox 2.0 backdoor and malware modules and distributes the software in a variety of ways. In some cases,Continue Reading
TP-Link is one of the most popular router manufacturers in the US, but the company is facing a potential ban due to security concerns about its links to China. A December report from The Wall Street Journal revealed that the US Commerce, Defense, and Justice Departments are investigating TP-Link, thoughContinue Reading
While software makers and app developers continue to make their wares safer and less open to attack, you can never get complacent with digital security—and you need to be aware of all the different methods of attack that bad actors use to get at your accounts. Those methods include targetingContinue Reading
When the Chinese hacker group known as Salt Typhoon was revealed last fall to have deeply penetrated major US telecommunications companies—ultimately breaching no fewer than nine of the phone carriers and accessing Americans’ texts and calls in real time—that hacking campaign was treated as a four-alarm fire by the USContinue Reading
“It’s pretty shocking to build an AI model and leave the backdoor wide open from a security perspective,” says independent security researcher Jeremiah Fowler, who was not involved in the Wiz research but specializes in discovering exposed databases. “This type of operational data and the ability for anyone with anContinue Reading
