With the GandCrab ransomware-as-service gang promising to retire - and free decryptors now aiding victims - rival Sodinokibi has already stepped into the void, security experts warn. Driven also by attackers wielding Ryuk, Dharma and Phobos, ransom payments by victims have been surging.
At a Senate committee hearing on Tuesday, lawmakers grilled a Facebook executive about the company's plans to launch a cryptocurrency. One Democratic senator said Facebook "does not respect the power of the technologies they are playing with - like a toddler who has gotten his hands on a book of matches."
A vulnerability in global airline check-in software used by 500 airlines could have been exploited to download other individuals' valid boarding passes, potentially giving them access to restricted airport spaces, warns security expert David Stubley. The flaw in Amadeus travel software has now been fixed.
Fraudsters continue to get new tricks up their sleeves. Criminals are increasingly using Apple Pay, setting up mobile call centers to socially engineer victims as well as tricking consumers via fake e-commerce sites that never fulfill orders, fraud-fighting experts warn.
In the run-up to Amazon Prime Day, some of the company's customers were being targeted by a phishing kit called 16Shop, according to McAfee researchers. The campaign is similar to an earlier attack that focused on Apple users.
A new ransomware strain called eCh0raix is targeting enterprise storage devices sold by QNAP Network by exploiting vulnerabilities in the gear and bypassing weak credentials using brute-force techniques, warns security firm Anomali.
As more organizations rely on third parties for various services, managing the security risks involved is becoming a bigger challenge. Three CISOs offer insights on their real-world strategies for success.
Apple has taken an extraordinary move to protect its users from a yet-to-be-disclosed vulnerability that could compromise Macs that have the Zoom video conferencing software installed. It released a silent update to remove a vulnerable left-behind local web server, which likely has a remote code execution flaw.
Cybersecurity firm McAfee is reportedly planning a return to the public market, eyeing an IPO that could happen as early as later this year, raise $1 billion and value the company at $5 billion, The Wall Street Journal reports. The news comes amid a record volume of technology sector IPOs, including for Crowdstrike.
Security researchers have found yet another unsecured database that left personal data exposed to the internet. In this latest case, a MongoDB database containing about 188 million records, mostly culled from websites and search engines, was exposed, researchers say.