The Electronic Identification, Authentication and Trust Services Act passed the European Union Parliament back in 2014 and has been slowly enacted since July 2016. But a more recent change this past summer with a proposed Article 45 of eDIAS has gotten more attention as of late, and not in a good way. A group of ...

A new report released today by Akamai Technologies calls out the increasing number of ransomware attacks but finds a prime method of recovering from them isn’t being used often enough. The report, entitled The State of Segmentation 2023, surveyed 1,200 computer professionals working for large companies from around the world. It found that though microsegmentation is ...

The Iranian hacking group Scarred Manticore, which has been linked to the country’s Ministry of Intelligence and Security, has been secretly running a digital spy ring across the Mideast. It has targeted government and large infrastructure companies such as telecom and financial services to steal data. A new report Tuesday from Check Point Software Technologies Ltd.’s ...

President Biden signed a sweeping executive order yesterday covering numerous generative AI issues, and it’s comprehensive and thoughtful, as well as lengthy. The EO contains eight goals along with specifics of how to implement them, which on the surface sounds good. However, it may turn out to be more inspirational than effective, and it has ...

Russian language media outlets reported this week that a prototype of a new homegrown virus analysis service, to be called Multiscanner, will be released later this year and fully operational in 2025. A website has already been reserved for the service, virustest.gov.ru, but doesn’t yet have any content. According to government sources quoted in Cybernews, ...

Earlier this month another vulnerability was found in Citrix Systems Inc.’s NetScaler and NetGateway product lines. This time around, the Citrix Bleed exploit is a lot more dangerous and harder to snuff out. In July and August, about 2,000 NetScalers were exploited by a threat actor to get persistent access. NetScaler and NetGateway perform a ...

A malware group has been busy creating a dangerous new vulnerability in the Roundcube webmail service, which is popular in European government circles. The group goes by Winter Vivern and has been on the radar of several security researchers, including DomainTools, Sentinel One and Proofpoint. It targets numerous government workers by sending malicious phishing documents, emails and websites. What makes ...

As generative AI and machine learning takes hold, the bad guys are paying attention and looking for ways to subvert these algorithms.  One of the more interesting methods that is gaining popularity is called data poisoning. Although it’s not new — an early version called Polygraph was proposed back in 2006 by some academic researchers ...

Even as much attention is focused on problems with Meta Platform Inc.’s personal use, other dangers involving business social media accounts are emerging as well. A new report from G Data Software Tuesday about a recent attack using malware-laced Facebook ads shows how it can happen and the depths of the danger, and it offers some suggestions on ...

One of the challenges for phishing attacks is that innovation is rife, especially when it comes to convincing targets that they are responding to a legitimate email. New reports from Microsoft and eSentire highlight some of them in the area called attackers-in-the-middle, or AITM. It’s a variation on the general man-in-the-middle types of attacks and ...