IoT devices and applications often use a range of components, including third-party libraries and open source code. Steve Springett, who created Dependency-Track, explains how to reduce risk and keep third-party code up to date.
The operators behind a botnet dubbed "Gitpaste-12" are abusing legitimate services such as GitHub and Pastebin to help hide the malware's malicious infrastructure, according to Juniper Threat Labs. This botnet mainly targets Linux apps and IoT devices and can mine cryptocurrency.
Apple issued an update for iOS and iPadOS on Thursday that fixes three zero-day flaws found by Google's Project Zero bug-hunting team and a range of other security-related flaws. Google says the bugs are being exploited by attackers but haven't been used in election-related cyber activity.
Aleksandr Brovko, a Russian national, has been sentenced to eight years in federal prison for stealing personally identifiable data and online banking credentials using a botnet, according to the U.S. Justice Department. Federal prosecutors estimate the losses at $100 million.
After a federal judge blocked an order that would have banned ByteDance-owned TikTok from operating within the U.S., the Commerce Department vowed to continue to defend the Trump administration's executive order. Additional court hearings over the order are scheduled for later this year.
The latest edition of the ISMG Security Report features a discussion with FBI Agent Elvis Chan on the cyber disruptions to expect immediately after the Nov. 3 U.S. election. Also featured: smart lock security flaws; cryptocurrency-funded crimes in 2021.
A new online platform called VulnerableThings.com is aiming to become the go-to place for reporting and viewing reports on software flaws in IoT devices. The IoT Security Foundation and Oxford Information Labs say the platform could help vendors comply with new IoT regulations and standards.
The latest edition of the ISMG Security Report analyzes a new report that labels ransomware as the No. 1 cybercrime threat. Also featured: A former FBI agent offers an update on "disruptionware" attacks; how Tesla's autopilot is tricked by phantom images.
Ransomware attacks remain the top cyber-enabled threat seen by law enforcement. But phishing, business email compromises and other types of fraud - many now using a COVID-19 theme - also loom large, Europol warns in its latest Internet Organized Crime Threat Assessment.
The latest edition of the ISMG Security Report analyzes cybersecurity firm McAfee's plans to again become a publicly traded company. Also featured: 'Zero trust' strategic insights and an IoT security flaw saga.
An internet-connected coffee machine is the latest IoT device to show security problems. The security firm Avast infected the Smarter Coffee machine with ransomware that causes uncontrollable spinning of its grinder and dispensing of hot water. The only option to stop it? Unplug the machine.
A recently uncovered Linux malware variant dubbed "CDRThief" is targeting VoIP networks to steal phone metadata, such as caller IP addresses, ESET reports. The malware appears to be designed for cyberespionage or fraud.
In the face of growing cybersecurity threats, it is increasingly important to measure the cost and concentration of "exposure." Having an accurate view of the resilience of organizations and industries against cyber-attacks can help target efforts to reduce exposure to the sectors that need it most and enhance...