Almost nine in 10 organizations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack.

Microsoft’s security business is growing faster than any of its main products, and now the company is adding heft to its offerings with three new services designed to help organizations spot and respond to cybersecurity incidents. Microsoft is among the leaders in cloud software and infrastructure, which means its technology is already the backbone for many businesses of all sizes.

Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.

For more than a decade, we’ve been promised that a world without passwords is just around the corner, and yet year after year, this security nirvana proves out of reach. Now, for the first time, a workable form of passwordless authentication is about to become available to the masses in the form of a standard adopted by Apple, Google, and Microsoft that allows for cross-platform and cross-service passkeys.

APRIL HAS BEEN a big month for security updates, including emergency patches for Apple’s iOS and Google Chrome to fix vulnerabilities already being used by attackers. Microsoft has released important fixes as part of its mid-April Patch Tuesday, while Android users across multiple devices need to make sure they are applying the latest update when it becomes available.

More than 100 bugs have been discovered in the systems of the US Department of Homeland Security (DHS), some of which were deemed critical. As reported by The Register, the government organization recently kicked off its “Hack DHS” program, a three-phase event with the goal of tightening up network security.

Have you been getting weird text messages lately — from yourself? Don’t worry, you’re not alone, and you’re probably not having an out-of-body experience. The latest trend in spam text messages involves mobile phone users receiving texts from what appears to be their own phone number.

Older Americans are often taught to be fearful of hackers and scammers in their midst while also being told to investigate potential threats. Better advice is to not engage.

U.S. authorities have cautioned banks about possible cyberattacks following Russia’s recent invasion of Ukraine, but experts say financial institutions also face particular risks in a more murky area of their business—the now ubiquitous artificial-intelligence models that handle everything from lending to trading.

Okta, an authentication company used by thousands of organizations around the world, says it’s investigating news of a potential breach, Reuters reports. The disclosure comes as hacking group Lapsus$ has posted screenshots to its Telegram channel claiming to be of Okta’s internal systems, including one that appears to show Okta’s Slack channels, and another with a Cloudflare interface.

After years of tantalizing hints that a passwordless future is just around the corner, you're probably still not feeling any closer to that digital unshackling. Ten years into working on the issue, though, the FIDO Alliance, an industry association that specifically works on secure authentication, thinks it has finally identified the missing piece of the puzzle.

Ubisoft experienced a “cyber security incident” last week that temporarily disrupted some games, systems, and services, the company reported Thursday. Ubisoft hasn’t said who might be responsible, but on Friday evening, the group who purportedly hacked Nvidia took credit.

American wouldn’t stand “a fighting chance” against the combined cyberwarfare capabilities of Russia and China, the former chief software officer of the United States Air Force told Fox News last week. “Not many nations would be able to push back,” Nicolas Chaillan said. “I don’t even think the United States would be able to push back if tomorrow Russia and China decide to come together against us.”

Hackers have successfully stolen internal company data and source code for Galaxy devices from Samsung, the South Korean tech giant confirmed today. News of the breach was first reported earlier this month, with a hacking outfit named Lapsus$ claiming responsibility. The group, which recently hacked Nvidia, shared screenshots purportedly showing roughly 200GB of stolen data, including source code used by Samsung for encryption and biometric unlocking functions on Galaxy hardware.

U.S. leaders must rethink the current cyberdefense system and rally around a centralized regulator. 

Data extortionists who stole up to 1 terabyte of data from Nvidia have delivered one of the most unusual ultimatums ever in the annals of cybercrime: allow Nvidia's graphics cards to mine cryptocurrencies faster or face the imminent release of the company's crown-jewel source code.

Last month, we warned you about a major security flaw affecting Apple’s Safari browser. This flaw potentially allowed hackers on one website to steal your personal information from other open sites, which is, you know, bad. After months of delay, Apple finally patched this gaping security breach, just in time for another to poke through the cracks.

China’s cyberspace regulator said it will implement new rules from February 15 that require platform companies with data for more than one million users to undergo a security review before listing their shares overseas.

LastPass members have reported multiple attempted logins using correct master passwords from various locations, but the company says that the recent attacks are a result of shared passwords gleaned from breaches of other services.

Attackers who remain unidentified exploited a vulnerability in the Log4J library to compromise HP 9000 servers powered by AMD EPYC processors and mine the Raptoreum CPU cryptocurrency on these resources between December 9 and December 17. Consequently, the Raptoreum network’s hashrate doubled until the equipment was taken offline.