A credit card skimmer that has been operating since April is specifically targeting sites hosted on Microsoft IIS servers that are currently running an out-of-date version of ASP.NET, according to security firm Malwarebytes. About 27 million websites still use this now unsupported software.
With so many employees working from home during the COVID-19 pandemic, vendors of time-tracking and productivity-monitoring software report surging interest in their wares. Regardless of whether organizations deploy light-touch or more Big Brother types of approaches, beware potential privacy repercussions.
A U.S. federal court has issued an injunction that gives Microsoft permission to seize control of several malicious domains being used to operate a COVID-19-themed phishing scam, according to recently unsealed court documents.
With more than 1,000 IoT security guidelines, recommendations and best practices, which ones should an organization follow? Researchers at Carleton University in Canada say 91 percent of the guides are outcome-based, which are not necessarily easy for manufacturers to follow.
The developers behind the Purple Fox fileless downloader malware recently upgraded their operation and are now targeting two new vulnerabilities to gain access to networks, according to a report by security firm Proofpoint.
Ransomware-wielding attackers continue to pummel organizations. But labeling these as being just ransomware attacks often misses how much these incidents involve serious network intrusions, exfiltration of extensive amounts of data, data leaks and, as a result, reportable data breaches.
Security researchers warn that the number of exploit attempts targeting a critical vulnerability in F5 Networks' BIG-IP networking products has steadily increased since the company first announced the flaw late last week. They urge users to immediately apply patches.
Voice-controlled assistants can be fooled by replaying a recording of someone's voice. But researchers with Australia's Commonwealth Scientific and Industrial Research Organization and Samsung Research say they've developed a lightweight software tool to detect such attempts, which are difficult to defend against.
Researchers with FortiGuard Labs have uncovered two samples of the Ekans ransomware strain that offer some additional insight into how the crypto-locking malware targets industrial control systems, according to a new report. Ekans, also known as Snake, was first spotted earlier this year.
The operators behind the Valak malware strain have expanded their malicious campaigns to other parts of the world, targeting financial, manufacturing, healthcare and insurance firms, according to Cisco Talos. Attackers are now using existing email threads and ZIP files to spread the information stealer.