According to European researchers, the GEA/1 encryption algorithm used by GPRS phones in the 1990s was seemingly designed to be weaker than it appears to allow eavesdropping.

The SEC announced Tuesday that it has settled charges with First American Financial over its 2019 leak of sensitive customer information that exposed more than 800 million document images.

While investigating the MobileInter skimmer, researchers observed that some bit2check domains share the same hosting pattern as Magecart domains observed abusing Alibaba and Google hosting services.

As per a new report, younger employees are most likely to admit they cut cybersecurity corners, with 51% of 16-24-year-olds and 46% of 25-34-year-olds reporting they’ve used security workarounds.

It is an out-of-bounds read vulnerability in the software that could allow an attacker to obtain sensitive information, cause a denial of service or carry out a distributed denial-of-service attack.

Researchers took the wraps off the operators of the Hades ransomware as they came across a new adversary group Gold Winter, whose behavior coincides with the former. The recent finding suggests that threat actors may be deliberately trying to find ways to look different or evolve their attack techniques.

Experts are concerned as the source code of the .NET version of Paradise ransomware was found to have been leaked on a hacker forum. Such leaks could prove to be devastating as any interested attacker can create their own ransomware version to target victims. 

The Avaddon ransomware gang has shared 2,934 decryption keys, with Bleeping Computer, shrouded in an anonymous tip pretending to be from the FBI. The team soon shared it with Emsisoft, who confirmed the legitimacy of the keys.

On Thursday, WebsitePlanet, together with researcher Jeremiah Fowler, revealed the discovery of an online database belonging to CVS Health that was not password-protected.

A defibrillator management platform was riddled with vulnerabilities including a remote command execution flaw that could seemingly be invoked by uploading an Excel spreadsheet to the platform.