Information security

Information security

A branch environment is completely different from that of an organization's head office. Of course, employees want a fast and, above all, reliable Wi-Fi connection there too. The same applies to the internet connection. In addition, employees also see workloads disappearing to other locations. In addition to SaaS and public cloud, they are also moving to the company's central data center. New AI workloads at the branch, like more automated customer services at retail sites, certainly don't make the branch environment any easier to manage.

Another campaign, documented by Sekoia, targeted Windows users. The attackers behind it first compromise a hotel's account for Booking.com or another online travel service. Using the information stored in the compromised accounts, the attackers contact people with pending reservations, an ability that builds immediate trust with many targets, who are eager to comply with instructions, lest their stay be canceled. The site eventually presents a fake CAPTCHA notification that bears an almost identical look and feel to those required by content delivery network Cloudflare.

Digital engineering outfit GlobalLogic says personal data from more than 10,000 current and former employees was exposed in the wave of Oracle E-Business Suite (EBS) attacks attributed to the Clop ransomware gang. The Hitachi-owned biz joins a growing roster of high-profile victims that also now includes The Washington Post and Allianz UK. In a filing with Maine's attorney general, the US-based GlobalLogic said that 10,471 individuals were affected after criminals gained unauthorized access to its systems.

AI-enabled supply chain attacks are exploding in scale and sophistication - Malicious package uploads to open-source repositories jumped 156% in the past year. AI-generated malware has game-changing characteristics - It's polymorphic by default, context-aware, semantically camouflaged, and temporally evasive. Real attacks are already happening - From the 3CX breach affecting 600,000 companies to NullBulge attacks weaponizing Hugging Face and GitHub repositories.

The campaign involves two components: A self-propagating malware referred to as SORVEPOTEL that's spread via the desktop web version of WhatsApp and is used to deliver a ZIP archive containing the Maverick payload. The malware is designed to monitor active browser window tabs for URLs that match a hard-coded list of financial institutions in Latin America. Should the URLs match, it establishes contact with a remote server to fetch follow-on commands to gather system information and serve phishing pages to steal credentials.

You might think the only thing you need to do to prevent that would be to use your desktop operating system's firewall. Although that's a great start, you need more protection. One of the best ways to protect your home network is to deploy a dedicated firewall, and there are a few ways you can do that. Also: How to secure your home and office network: The best DNS blockers and firewalls

For cryptography, .NET 10 introduces extensive new APIs across cryptography, globalization, numerics, serialization, collections, and diagnostics. Also, with quantum computing on the horizon, .NET 10 expands post-quantum cryptography support with Windows Cryptography API: Next Generation (CNG) support, enhanced ML-DSA with simplified APIs, and HashML-DSA support, plus Composite ML-DSA for hybrid approaches. Additional cryptography enhancements include AES KeyWrap with Padding support for secure key wrapping scenarios.

Under the guidance of the multi-vendor FIDO Alliance, the passkey standard -- considered a non-phishable type of login credential -- has been around for five years. However, the global shift to passkeys has been hindered by the immaturity of some supporting technologies in today's operating systems and devices, as well as in the various identity management systems used by relying parties.

The European Commission is stepping up efforts to bolster the security of Europe's telecommunications networks by urging member states to phase out equipment from vendors such as Chinese tech giants Huawei and ZTE from its 5G and next-gen networks, Bloomberg reported, citing anonymous sources. The EC had in 2020 recommended that member nations stop using tech from "high-risk" vendors like Huawei and ZTE, and now its vice president, Henna Virkkunen, is pushing to turn that recommendation into regulation, Bloomberg reported.

"Some of these leaks could have exposed organizational structures, training data, or even private models," said Wiz threat researchers Shay Berkovich and Rami McCarthy in a blog post. The secrets consist of API keys, tokens, and other digital credentials that are supposed to be kept out of code commits to git repos. But as the security biz noted last month, developers of VS Code extensions keep making their secrets known, a problem that McCarthy has attributed in part to vibe coding.

It's really important to go back to just the cybersecurity basics. Are you using multi-factor authentication? Are you training your staff and employees at all levels to not click that link? Are you patching your systems? Do you have good monitoring software and applications that are monitoring your network even when you're sleeping?

Small and medium-sized businesses (SMBs) across the UK are struggling to get cybersecurity strategy plans up and running, according to new research. Analysis from Kaspersky shows more than two-thirds (67%) of SMBs lack "fully actionable" cybersecurity strategies. This means that while many have developed theoretical plans for how to tackle growing security threats, real-world implementation is falling flat. These shortcomings are leaving a concerning number of businesses at higher risk of attacks amidst an escalating cyber threat landscape, the company warned.

When thieves stole more than $80 million in jewels from the Louvre in Paris, they didn't exploit a total absence of security but rather gaps in the museum's broader security program, encompassing both aging systems and situational awareness, according to early reports. The museum's director later confirmed that the balcony used in the break-in wasn't covered by a functioning external camera; the only camera nearby faced the wrong direction.

The defense industry has had nearly a decade of warnings, but today (Monday, Nov. 10) marks the day that companies need to start complying with the government's standards around how they protect controlled unclassified information. Of course, they should have been complying with the National Institute of Standards & Technology's SP 800-171 standard for the last eight years. But now the Cybersecurity Maturity Model Certification program begins in earnest.

Exploiting the so-called "RediShell" remote code execution vulnerability, an authenticated user can use a specially crafted script to manipulate the garbage collector, trigger a use-after-free, and potentially execute arbitrary code remotely. The vulnerability exploits a 13-year-old UAF memory corruption bug in Redis, allowing a post-auth attacker to send a crafted Lua script to escape the default Lua sandbox and execute arbitrary native code.

When you see a car, truck or bus making its way down the road, who do you assume is control of it? This isn't a trick question. Decades ago, there would have been one answer: the person behind the wheel. In more recent years, as vehicles became increasingly connected to the internet and driver-assist and self-driving technology grew more widespread, it's not as clear if a driver is, well, a driver.

A random "can you hear me?" question should be your first red flag that this unsolicited call could be a scam, said Kelly Richmond Pope, a professor of forensic accounting at DePaul University and the author of Fool Me Once: Scams, Stories, and Secrets From the Trillion-Dollar Fraud Industry. A conversation with a random number that starts with "can you hear me?" is suspicious "because it's so outside of the typical conversational cycle," Pope said.

A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues. The organization, according to a report from Broadcom's Symantec and Carbon Black teams, is "active in attempting to influence U.S. government policy on international issues." The attackers managed to gain access to the network for several weeks in April 2025.

Last month, Google said that the ransomware gang Clop was targeting companies after exploiting multiple vulnerabilities in Oracle's E-Business Suite software, which companies use for their business operations, storing their human resources files, and other sensitive data. The exploits allowed the hackers to steal their customer's business data and employee records from more than 100 companies, per Google.

A previously unknown Android spyware family called LANDFALL exploited a zero-day in Samsung Galaxy devices for nearly a year, installing surveillance code capable of recording calls, tracking locations, and harvesting photos and logs before Samsung finally patched it in April. The surveillance campaign likely began in July 2024 and abused CVE-2025-21042, a critical bug in Samsung's image-processing library that affects Galaxy devices running Android versions 13, 14, 15, and 16,

CISOs often operate in environments where security is underfunded, under prioritised, or misunderstood at the board and C-suite level. A lack of senior-level buy-in trickles down into: Budget constraints that limit the scope and impact of the CISO function, including resources for tooling and automation. Skills shortages and restrictive operating models that prevent effective delegation. Strategic misalignment, where short-term delivery is prioritised over long-term business resilience and customer outcomes.

Martin had apparently seen how this system worked in practice through his job, and he approached a pair of other people to help him make some easy cash. One of these people was allegedly Ryan Goldberg of Watkinsville, Georgia, who worked as an incident manager at the cybersecurity firm Sygnia. Goldberg told the FBI that Martin had recruited him to "try and ransom some companies."

implemented additional monitoring and new security controls to further protect the agency's systems

Last year almost a dozen major U.S. ISPs were the victim of a massive, historic intrusion by Chinese hackers who managed to spy on public U.S. officials for more than a year. The "Salt Typhoon" hack was so severe, the intruders spent much of the last year rooting around the ISP networks even after discovery. AT&T and Verizon, two of the compromised companies, apparently didn't think it was worth informing subscribers any of this happened.

Using apartments in the San Fernando Valley and Glendale area, a shadowy group of identity thieves has been quietly exploiting a new kind of victim - foreign scholars who left the U.S. years ago but whose Social Security numbers still linger in American databases, according to a cybercrime expert. Criminals are resurrecting these dormant identities and submitting hundreds of applications for bank accounts and credit cards, says David Maimon, head of fraud insights at SentiLink and a criminology professor at Georgia State University.

In April, the group targeted a Ukrainian university with two wipers, a form of malware that aims to permanently destroy sensitive data and often the infrastructure storing it. One wiper, tracked under the name Sting, targeted fleets of Windows computers by scheduling a task named DavaniGulyashaSdeshka, a phrase derived from Russian slang that loosely translates to "eat some goulash," researchers from ESET said. The other wiper is tracked as Zerlot.

SonicWall has blamed an unnamed, state-sponsored collective for the September break-in that saw cybercriminals rifle through a cache of firewall configuration backups. The network security vendor said it spotted "suspicious activity" in early September involving the unauthorized downloading of backup firewall configuration files from "a specific cloud environment." The company initially said that "fewer than 5 percent" of its firewall installed base had files accessed,

Cybersecurity is as much about communication as it is about code. When leadership sends mixed signals - one message in a company memo, another in marketing materials - the inconsistency confuses employees and customers alike. A StratusPoint IT report found that 74% of data breaches involved a human element, including social engineering and error. These incidents often begin with misunderstanding rather than malice.

Bitdefender has once again been recognized as a Representative Vendor in the Gartner® Market Guide for Managed Detection and Response (MDR) - marking the fourth consecutive year of inclusion. According to Gartner, more than 600 providers globally claim to deliver MDR services, yet only a select few meet the criteria to appear in the Market Guide. While inclusion is not a ranking or comparative assessment, we believe it underscores Bitdefender's human-driven approach to MDR and our continued alignment with Gartner's rigorous inclusion standards.