Security researchers have uncovered more evidence that the North Korean Lazarus group is responsible for the software supply chain attack on 3CX, a voice and video calling desktop client used by major multinational companies. Tools and code samples match previous Lazarus hacks.
Hackers have used a modular toolkit called "AlienFox'" to compromise email and web hosting services at 18 companies. Distributed mainly by Telegram, the toolkit scripts are readily available in open sources such as GitHub, leading to constant adaptation and variation in the wild.
Security experts are urging users of IBM's Aspera Faspex file-exchange application to take it offline immediately unless they've patched a flaw being actively exploited by ransomware groups, including Buhti and IceFire. Separately, QNAP is warning customers to prepare for emergency security fixes.
A hacking group with apparent ties to Russia or Belarus has been using "simple yet effective attack techniques and tools" to gain access to multiple governments' email systems as part of apparent cyberespionage operations in support of Russia's invasion of Ukraine, researchers warn.
A slew of top tech executives and artificial intelligence researchers called for a minimum half-year pause on advanced artificial intelligence systems. Tech giants already have fallen into a race to see who can be the quickest to incorporate AI into their products.
Airbus has halted efforts to buy a 29.9% stake in Atos' $5.76 billion Evidian cybersecurity, big data and digital business. The aircraft manufacturer walked away from the transaction after determining it "does not meet the company's objectives in the current context and under the current structure."
A top Pentagon technology official on Wednesday emphasized the U.S. Department of Defense's embrace of zero trust. "We've committed to implementing zero trust across the DOD by 2027, which is an ambitious yet critical milestone," Department of Defense CIO John B. Sherman told a Senate panel.
The Food and Drug Administration on Wednesday said that starting immediately, medical device makers must include cybersecurity plans with new product applications. Beginning on Oct. 1, the FDA intends to issue "refuse to accept" determinations for submissions lacking the cyber requirements.
Cisco plans to purchase its second cloud security startup in two months to deliver context, prioritization and remediation recommendations for cloud-native resources. The networking giant said its proposed buy of Lightspin will allow clients to identify and address key cloud security risks.
Third-party risk is a key threat in the entertainment industry, where sensitive content and key assets are scattered among multiple entities across the supply chain. Shemaroo Entertainment's Dilip Joshi discusses risks, implementation challenges, budgeting and regulatory compliance in this sector.
Blue Shield of California is notifying more than 63,000 customers that their data was potentially exfiltrated in a compromise involving Fortra's GoAnywhere secure file transfer software and one of the health plan's covered mental health providers for minors.
"Stronger Together" is the theme of RSA Conference 2023. In an exclusive preview of the event, Linda Gray Martin and Britta Glade explain why that theme was selected - and what attendees can expect to see from sessions, speakers and sponsors when they attend the annual gathering in San Francisco.