In the midst of rising US-Iran tensions, security researchers with Crowdstrike and Dragos have uncovered a new Iranian cyber campaign targeting organizations in the United States. The state-backed Iranian hacking group APT33 (aka Magnallium, or Refined Kitten) is behind the phishing campaign that has targeted around half a dozen organizations

A new report by SafeBreach warns that millions of Dell computers are at risk of being remotely compromised by threat actors due to a critical vulnerability in SupportAssist, a hardware-diagnostics tool that comes preinstalled on all Dell machines. The flaw affects a SupportAssist component made by PC-Doctor. As many as 100

Over the past decade, California experienced close to 1,500 data breaches in which a total of 5.6 billion personal records were exposed, more than in any other state, a new report by Comparitech shows. When it comes to the number of exposed records, California is followed at a distance by

Threat actors recently obtained unauthorized access to the networks of three managed service providers (MSPs) and subsequently targeted customers of the compromised firms with ransomware using SecureAnywhere, an MSP tool by Webroot designed for the remote monitoring and management of client machines. The ransomware used in the attack is dubbed

A new Symantec report sheds light on the recent activity of Turla (aka Waterbug, KRYPTON, Venomous Bear), a Russia-linked cyber-espionage group. Since early 2018 the group has launched at least three distinct campaigns that all relied on different tools. The attacks have targeted 13 organizations, including government agencies, across 10

New figures[pdf] released by Kovrr show that a “cyber catastrophe” involving a disruptive cyberattack on a UK email service provider could result in around $3.25 billion in losses to be covered by insurance companies. Kovrr believes that insurance and reinsurance companies aren’t prepared for this scenario even though it is

A new report by (ISC)² indicates that the poor reputation of small businesses when it comes to security isn’t entirely justified. Small firms are often considered to be a supply-chain risk for larger corporations, but (ISC)² found that security breaches resulting from cooperation with a large company are slightly more

A recent security breach at Desjardins, the largest credit union in Canada and one of the world’s biggest banks, highlights how insiders can put organizations and their data at risk. Last week, Quebec police informed the bank that one of its employees had taken advantage of their access to a

In an incident that should serve as a warning for government entities and corporations alike, Riviera Beach, Florida this week decided to pay $600,000 in ransom to threat actors that infected the city network with ransomware three weeks ago. All the city’s records were encrypted as a result of the

A new study by Panaseer found that 87% of enterprise CISOs are having a hard time keeping track of sensitive data, with 31% of respondents worrying that this complicates their firm’s compliance efforts. A common problem seems to be reliance on a great number of different security tools. The average