A high impact vulnerability, named CVE-2020-28052, has been discovered in a popular Java cryptography library which could allow attackers to more easily brute force Bcrypt hashed passwords.
Browser makers Apple, Google, Microsoft, and Mozilla, have banned today a root certificate that was being used by the Kazakhstan government to intercept and decrypt HTTPS traffic for residents in the country’s capital, the city of Nur-Sultan.
More information has come to light about the Sunburst / Solorigate backdoor that could help defenders get a better handle on the scope of the sprawling SolarWinds espionage attack.
UK-based renewable energy supplier People’s Energy has disclosed that cybercriminals accessed the personal details of its entire 250,000 customer database in a data breach.
The new proposal from U.S. banking regulators would direct banks to notify their primary regulator as soon as possible after a breach is discovered that could impair services or the organization itself.
As U.S. government agencies and thousands of companies around the world assess whether they’ve been compromised in the SolarWinds breach, security experts are concerned that the full reach of the suspected hackers may only be just coming to light.
U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree used weaknesses in other, non-SolarWinds products to attack high-value targets.
U.S. Justice Department officials said they had seized two internet domains purporting to belong to biotechnology firms developing treatments for the coronavirus, but which really were used to collect visitors’ personal data as part of a scam.
A threat actor is distributing fake Windows and Android installers for the Cyberpunk 2077 game that is installing a ransomware calling itself CoderWare, according to a Kaspersky researcher.
The hackers have been able to do more damage at FERC than the other agencies, and officials there have evidence of highly malicious activity, the officials said, but did not elaborate.