cybersecurity

The incident responders investigating how hackers carried out a complex supply-chain attack targeting enterprise phone provider 3CX say the company was compromised by another supply chain attack. 3CX

APT28, a state-sponsored hacking group operated by Russian military intelligence, is exploiting a six-year-old vulnerability in Cisco routers to deploy malware and carry out surveillance, according to

Simplification has been a big theme in the enterprise world in the last couple of years. If a company can consolidate multiple point solutions into one product or contract, it can reduce complexity an

Security has a data problem. That’s according to Kfir Tishbi, who led the engineering team at Datorama, a marketing analytics company that was acquired by Salesforce in 2018. Tishbi — who

Last year, Apple launched a new feature for iPhone users who are worried about getting targeted with sophisticated spyware, such as journalists or human rights defenders. Now, researchers say they hav

Hackers published a trove of data stolen from U.S. network infrastructure giant CommScope, including thousands of employees’ Social Security numbers and bank account details. The North Carolina–ba

The hackers who breached data storage giant Western Digital claim to have stolen around 10 terabytes of data from the company, including reams of customer information. The extortionists are pushing th

Microsoft has patched a zero-day vulnerability affecting all supported versions of Windows, which researchers say hackers exploited to launch ransomware attacks. Microsoft said in a security alert on

If you haven’t noticed, the internet is frequently on fire. Overseas cyberattacks are hitting public services like healthcare at home. Data breaches are the new school “snow days.” S

Enterprise phone provider 3CX has confirmed that North Korea–backed hackers were behind last month’s supply chain attack that appeared to target cryptocurrency companies. 3CX, which provides onlin

Hackers using spyware made by a little known cyber mercenary company used malicious calendar invites to hack the iPhones of journalists, political opposition figures and an NGO worker, according to tw

A security lapse saw Proskauer Rose, an international law firm headquartered in New York City, expose sensitive client data for more than six months, TechCrunch has learned. A person with knowledge of

Most cybersecurity founders get slowed down by the same six challenges with building products, but there are ways to overcome them.

For years, online alcohol recovery startups Monument and Tempest were sharing with advertisers the personal information and health data of their patients without their consent. Monument, which acquire

Data storage giant Western Digital has confirmed that hackers exfiltrated data from its systems during a “network security incident” last week. The California-based company said in a state

Multiple security firms have sounded the alarm about an active supply chain attack that’s using a trojanized version of 3CX’s widely used voice and video-calling client to target downstream cu

Online businesses are at risk of bad bot activity, certainly more now than they used to be. According to a survey from Imperva, 42.3% of internet traffic in 2021 wasn’t human, but instead bots t

An important lesson in how not to respond to a breach, courtesy of LastPass and Fortra.

A group of bipartisan lawmakers has called on the U.S. Postal Service to strengthen its internal processes to reduce change of address fraud, which each year allows fraudsters to redirect thousands of

Thanks to three vulnerabilities chained together, malicious hackers could remotely hack into a Tesla, turn off the lights, honk the horn, open the trunk, activate the windshield wipers and mess with t