Business

SIM swap fraud is back in vogue. We explain what it is, the danger it poses to organizations, and how to guard against such attacks.

Researchers claim to have found a way to recover a fingerprint by… eavesdropping on a user swiping a finger across the screen!

Cybercriminals prey on access to mailing tools by sending phishing emails through these same tools.

A look at the biggest ransomware attacks of 2023.

The KeyTrap DoS attack, which can disable DNS servers with a single malicious packet exploiting a vulnerability in DNSSEC.

Why cybercriminals want to attack PR and marketing staff and, crucially, how to protect your company from financial and reputational harm.

Our colleagues conducted a study in which, among other things, they assessed how education in the field of information security relates to a career in that field.

A fresh study of some unexpected properties of a standard feature of all modern smartphones and tablets.

A vulnerability in the glibc library affects most major Linux distributions.

Features of embedded systems and suitable protection methods for them.

Time to update Fortra GoAnywhere MFT: an exploit has been developed for a critical vulnerability that allows attackers to bypass authentication and create admin accounts.

Ethical hackers told 37C3 how they found a few eye-openers while breaking DRM to fix trains.

Google OAuth allows to create phantom Google accounts — uncontrollable by corporate Google Workspace administrators.

Single sign-on is supposed to enhance corporate security, but it’s essential that cloud vendors have the information security team’s back.

What’s the principle of least privilege, why’s it needed, and how does it help secure corporate information assets?

Detailed analysis of Operation Triangulation, the most sophisticated attack our experts have ever seen, presented at 37C3 conference.

A serious vulnerability in UEFI firmware relevant to a large number of modern computers, and even servers.

Attackers are hijacking hotel accounts on Booking.com, and stealing their clients’ banking data through its internal messaging system.

Researchers used a hardware hack to bypass Windows Hello biometric authentication on three different devices. Can you trust this login method?

During the pre-holiday period, attackers are sending invoices to companies for the delivery of non-existent documents.

Methods used by attackers to redirect victims to malicious and phishing sites from seemingly safe URLs.