Organizations are increasingly developing incident response playbooks to plan out in advance what steps to take in case of a security breach—such as an employees accessing files without authorization, a lost computer, or a server compromised by outside attackers. A team of academics from the UK's University of Kent and University of Warwick outlined a comprehensive playbook on how organizations should communicate after a security incident.
The Zerologon vulnerability Microsoft patched in Windows Server last month is actively being exploited in several attacks, Microsoft warned.
An intruder breached a federal agency’s internal network and accessed data files using compromised credentials and custom malware, the Cybersecurity and Infrastructure Security Agency said in an Analysis Report.
CISA alerted administrators that activity from the LokiBot information stealing trojan has been increasingly sharply since July.
The SAFE DATA Act is the latest attempt to pass a national privacy law, but it relies on notice-and-consent and does not apply to federal agencies.
Federal agencies have until the end of Monday to install fixes for a recently-fixed elevation of privilege vulnerability in Windows which could be used to take control of the entire network, CISA said in an emergency directive.
MITRE’s latest project is a public library of detailed plans replicating tactics and techniques used by known attack groups. The first set of adversary emulation plans released this week describe the behavior of cybercrime group FIN6.
A large coalition of privacy and civil liberty groups have sent a letter urging senators to oppose the EARN IT Act.
The Department of Justice has charged five men with hacking offenses in connection with operations by the APT41 group from China.
The House of Representatives has unanimously passed a bipartisan bill setting minimum security requirements for Internet of Things devices connected to federal networks. The next step: get the Senate to vote on its version of the bill.
CISA says attackers affiliated with China's Ministry of State Security have been targeting public vulnerabilities in VPN appliances and F5 networking gear.
Attackers are cross-checking stolen Office 365 credentials on Microsoft Entra ID in real-time after victims type them into a malicious phishing page, researchers from Armorblox said.
A new technique called the Raccoon attack can break the confidentiality of some TLS connections under certain circumstances.
SWIFT and BAE Systems analyzed the web of businesses, money mules, and intermediate accounts used to transfer stolen money around the world until it becomes hard to trace.
An attack group TeamTNT is using Weave Scope, an open source cloud monitoring and control tool to compromise Docker and Kubernetes instances as part of a cryptocurrency mining operation, security company Intezer said.