Thousands of unpatched Exim email servers are potentially vulnerable to a critical flaw that the NSA says Russian-backed hackers are attempting to exploit, according to the security firm RiskIQ, which also warns of two other Exim vulnerabilities that should be patched.
How has the fraud landscape in the financial sector changed in Bangladesh in recent weeks, and how are banks mitigating the risks? Ashraful Alam, a security official at Shimanto Bank, addresses the trends.
Jeremy Grant has spent more than two decades championing the cause of secure digital identities. But as the COVID-19 pandemic has created a remote workforce of unprecedented scale seemingly overnight, are current approaches to securing the identity management and attestation practice up to the challenge?
Even after being notified that their personal data has been compromised in a breach, only about a third of users change their passwords - and most are not strong or unique, according to a study by researchers at Carnegie Mellon University, who call for changes in breach notification procedures.
As organizations assess the long-term implications of a remote workforce, it's clear that SD-WAN technology will play an increasingly important role, says Renee Tarun of Fortinet, who discusses the way forward.
Corporate culture can have a big impact on an organization's ability to achieve cybersecurity objectives, says Jessica Barker, chair of ClubCISO, a private members forum for European information security leaders, who provides insights on gauging an organization's security maturity.
A "zero trust" framework can help organizations better define their access control strategies and ramp up authentication, says Vishal Salvi, global CISO and head of cybersecurity at Infosys Ltd., a multinational outsourcing company.
The developers behind TrickBot have updated it to run from an infected device's memory to help better avoid detection, according to researchers at Palo Alto Network's Unit 42. The use of this malware has increased during the COVID-19 pandemic.
The world has experienced an unprecedented business disruption that instantly created the largest remote workforce - and largest attack surface - in history. How do you validate users and access in this new dynamic workforce? RSA's Steve Schlarman and Ben Smith preview an upcoming series of virtual roundtables.
The EU's General Data Protection Regulation was meant to finally bring in line organizations that didn't treat Europeans' personal data with respect. But two years after the regulation went into full effect, why have both the U.K. and Ireland each issued only one final GDPR fine to date?
An independent security researcher disclosed a zero-day vulnerability contained in the "Sign in with Apple" feature that, if exploited, could have resulted in a full account takeover. The vulnerability has been patched, and Apple says it found no account misuse tied to it.
A New York City man is facing federal charges after FBI agents arrested him at John F. Kennedy Airport with a PC allegedly containing thousands of stolen credit card numbers. Prosecutors also believe the suspect used bitcoin to launder illicit funds.
Ransomware-wielding attackers are typically breaking into victims' networks using remote desktop protocol access, phishing emails or malware that's sometimes used in drive-by attacks against browsers, experts warn, advising organizations to make sure they have the right defenses in place.
A Russian government-backed hacking group that's been tied to a series of cyberespionage campaigns has been quietly exploiting a critical remote code execution vulnerability in Exim email servers since 2019, the U.S. National Security Agency warns in an alert.
A federal judge has ordered Capital One to turn over a forensics report covering its 2019 data breach, which has been sought by plaintiffs in a class action lawsuit. The report, if it becomes public, could shed light on one of last year's biggest breaches.