Information security
Information security

'Cyberwarriors' prepare against attacks during Paris Olympics

France anticipates increased cyber threats during the upcoming Paris Olympic Games, particularly from Russian actors. [ more ]

CyberScoop

morecritical-infrastructure

CISA's incident reporting requirements go too far, trade groups and lawmakers say

The draft rule for cyber incident reporting may be too burdensome for critical infrastructure entities and for the agency itself. [ more ]

data-breach

TechCrunch

United HealthCare CEO says 'maybe a third' of U.S. citizens were affected by recent hack | TechCrunch

The cyberattack on Change Healthcare systems impacted a substantial number of Americans, with uncertainty about the exact extent of the breach. [ more ]

CyberScoop

Data stolen in Change Healthcare attack likely included U.S. service members, executive says

UnitedHealth Group CEO revealed data breach involving U.S. military personnel.

Delay in notifying affected individuals poses challenges for health data protection. [ more ]

Theregister

Dropbox warns of attack that leaked customers' personal info

Dropbox faced a major cyber attack on its Dropbox Sign service resulting in unauthorized access to personal information including email addresses, usernames, phone numbers, hashed passwords, and authentication information. [ more ]

ITPro

The Dropbox data breach is a classic case of "breach by acquisition"

Breaches through acquisitions can expose organizations to unknown vulnerabilities. [ more ]

ComputerWeekly.com

Dropbox Sign user information accessed in data breach | Computer Weekly

Dropbox Sign (formerly HelloSign) faced a data breach leading to unauthorized access to customer data, prompting security measures and notifications to impacted users. [ more ]

The Verge

UnitedHealth CEO admits it paid $22 million ransom to BlackCat

CEO Andrew Witty confirmed paying a $22 million ransom to hackers for data breach, facing criticism and calls for better cybersecurity measures. [ more ]

moredata-breach

ITPro

Security agencies warn of heightened threat to critical national infrastructure

Hacktivists target ICS in North America and Europe with potential physical threats, utilizing unsophisticated techniques initially. [ more ]

CyberScoop

4 days ago

Exploitation of vulnerabilities almost tripled as a source of data breaches last year

Attacks exploiting vulnerabilities increased by 180% driven by MOVEit hack. [ more ]

Mail Online

Android users warned fake Chrome update could drain your bank account

Brokewell is a new banking malware targeting Android users, posing as Google Chrome and other popular applications, capable of spying on users and stealing sensitive information. [ more ]

Nextgov.com

UnitedHealth CEO grilled over 'clear national security threat' from Change Healthcare hack

Senators questioned UnitedHealth CEO on recent ransomware cyberattack. [ more ]

Developer Tech News

CISA sounds alarm on critical GitLab flaw under active exploit

Organizations should promptly apply security updates in response to active exploitation attempts. [ more ]

The Verge

Microsoft overhaul treats security as "top priority" after a series of failures

Microsoft is prioritizing security by tying it to compensation for senior leadership. [ more ]

TechRepublic

U.K. and U.S. Warn of Pro-Russia Hacktivist Attacks on Operational Technology Systems

Pro-Russia hacktivists are targeting providers of operational technology like smart water meters and dam monitoring systems in North America and Europe. [ more ]

cisa

Theregister

Federal frenzy to patch gaping security hole in GitLab

CISA mandates federal agencies to patch critical GitLab vulnerability under active exploitation. [ more ]

Ars Technica

0-click GitLab hijacking flaw under active exploit, with thousands still unpatched

A maximum severity vulnerability in GitLab allows account hijacking without user interaction. [ more ]

CyberScoop

How to fine-tune the White House's new critical infrastructure directive

Biden administration updated federal infrastructure protection policy via NSM-22, linking it to modern cyber threat landscape, but fell short by not including space and cloud industries. [ more ]

CyberScoop

4 days ago

Easterly appeals to Congress on CISA funding, citing Chinese threats to critical infrastructure

More funding is crucial for CISA to enhance cybersecurity defense, particularly against Chinese hackers in critical infrastructure. [ more ]

ITPro

Hackers are exploiting critical GitLab password reset vulnerability - here's what you need to know

CISA warns of actively exploited GitLab vulnerability CVE-2023-7028, urging swift remediation to prevent potential account hijacking. [ more ]

ComputerWeekly.com

NCSC updates warning over hacktivist threat to CNI | Computer Weekly

Russia-backed hacktivist groups targeting critical infrastructure with unsophisticated attacks.

NCSC and CISA warning about evolving threats from hacktivist groups not officially backed by the Kremlin. [ more ]

morecisa

Coindesk

Rabotnik, Affiliate of Ransomware Group REvil, Sentenced to 13 Years in Jail

Rabotnik, a member of the REvil ransomware group, sentenced to 13 years and seven months in jail. [ more ]

Ars Technica

Hacker free-for-all fights for control of home and office routers everywhere

Financially motivated hackers and state-sponsored cyber actors share and coexist in compromised routers for covert attacks. [ more ]

Engadget

Microsoft's latest Windows security updates might break your VPN

Windows April security updates may cause VPN issues, prompting users to uninstall updates as a temporary workaround. [ more ]

BleepingComputer

New Cuttlefish malware infects routers to monitor traffic for credentials

Cuttlefish malware infects routers to steal data and authentication information, active since July 2023. [ more ]

CyberScoop

Iranian hackers impersonate journalists in social engineering campaign

Iranian hackers linked to Revolutionary Guard impersonated journalists and human rights groups for phishing attacks. [ more ]

Ars Technica

Microsoft ties executive pay to security following multiple failures and breaches

Microsoft faced major security breaches resulting in data exposure and criticism. The company is taking steps to improve its security practices and prioritize security as the top concern. [ more ]

Nextgov.com

NASA doesn't know if its spacecraft have adequate cyber defenses, GAO warns

NASA needs mandatory cybersecurity guidelines for spacecraft acquisition policies. [ more ]

ComputerWeekly.com

EU calls out Fancy Bear over attacks on Czech, German governments | Computer Weekly

The EU and member states condemn Russian cyber attacks by Fancy Bear. [ more ]

Harvard Business Review

Preventing the Next Big Cyberattack on U.S. Health Care

The cyberattack on Change Healthcare exposed vulnerabilities in the U.S. health care sector that require urgent action for improved cybersecurity. [ more ]

Theregister

Four critical bugs in ArubaOS lead to remote code execution

Network admins should patch critical vulnerabilities in ArubaOS immediately to avoid remote code execution by privilege escalation. [ more ]

Theregister

Software supply chain security still in early days, says CEO

Software supply chain vulnerabilities are increasing due to reliance on untrusted sources, requiring better management and vetting processes. [ more ]

Theregister

More than two dozen Android vulnerabilities fixed

Oversecured identified over two dozen vulnerabilities in Xiaomi and Google's Android Open Source Project over the past years. [ more ]

www.aljazeera.com

Germany accuses Russia of intolerable' cyberattack, warns of consequences

Germany attributes cyberattack on SPD to Russia's APT28, military intelligence service. [ more ]

Coindesk

Exploiter Steals $68M Worth of Crypto Through Address Poisoning

A user lost $68 million worth of wrapped bitcoin due to address poisoning. [ more ]

WIRED

19 hours ago

A New Surveillance Tool Invades Border Towns

Yahoo Boys operate openly on social platforms engaging in various criminal activities. [ more ]

The Verge

AI security bill aims to prevent safety breaches of AI models

A new bill, the Secure Artificial Intelligence Act, aims to establish a database to track AI system breaches and focus on counter-AI techniques. [ more ]

Nextgov.com

US warns of North Korean hackers using email security flaws for phishing attacks

North Korean hacking group Kimsuky exploits email security flaws for phishing attacks on organizations.

Proper configuration of email security protocols, such as DMARC, is crucial in preventing phishing attempts and spoofing. [ more ]

DevOps.com

LayerX Security Raises $24M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere - DevOps.com

LayerX secures users with innovative browser security solution for enterprises. [ more ]

ReadWrite

Scam alert for Android users as 'Brokewell' malware threatens users' bank accounts

Android users on Google Chrome may fall victim to Brokewell malware affecting bank accounts. [ more ]

Nextgov.com

House cyber chairman tries again to undo SEC cyber disclosure rules

Rep. Andrew Garbarino aims to dissolve SEC cybersecurity incident disclosure rule, favoring Cybersecurity and Infrastructure Security Agency for handling such disclosures. [ more ]

WIRED

The US Government Is Asking Big Tech to Promise Better Cybersecurity

The pledge offers flexibility to companies in meeting goals but emphasizes public progress and sharing techniques. [ more ]

TechCrunch

UnitedHealth data breach should be a wakeup call for the UK and NHS | TechCrunch

Ransomware attack on UnitedHealth Group highlights the risk of entrusting sensitive data to companies with irresponsible data protection practices. [ more ]

ITPro

Three million Docker Hub repositories are being used to spread malware

Three million Docker Hub repositories impacted by malware campaigns since 2021. [ more ]

CyberScoop

Microsoft organizational changes seek to address security failures

Microsoft ties executive compensation to security targets and prioritizes security over new features to address recent breaches. [ more ]

Engadget

You can finally use passkeys to sign into your Microsoft account

Microsoft has introduced consumer passkey support for Microsoft accounts, following Apple and Google, making sign-ins easier and more secure. [ more ]

The Verge

Over 400 million Google accounts have used passkeys but our passwordless future remains elusive

Google introduced passkeys as a more secure alternative for user authentication, simplifying the login process and proving faster than traditional passwords. [ more ]

Theregister

Chinese government website security has big problems

Chinese researchers found vulnerabilities in Chinese government websites, including DNS configuration lapses and a notable dependence on a few DNS service providers. [ more ]

BKReader

Top 10 Tips for Seniors to Defend Against Scammers

Seniors are frequent targets of scammers due to trust and digital unfamiliarity. [ more ]

ITPro

Nearly half of EMEA data breaches were due to internal blunders in 2023

Almost half of EMEA data breaches are internal. Human error is a significant factor. Zero-day vulnerabilities are increasing, with ransomware exploiting them. [ more ]

ITPro

Why remote desktop tools are facing an onslaught of cyber threats

Remote desktop tools are crucial for hybrid work but are often targeted by cybercriminals. [ more ]

TechRepublic

4 IoT Trends U.K. Businesses Should Watch in 2024

Compliance with the PSTI Act is crucial for IoT security and innovation in the U.K. [ more ]

Theregister

Microsoft admits VPN problems in Windows after April update

Microsoft's April Windows update can cause VPN connection failures in Windows 10 and 11. [ more ]

Theregister

NTLM auth traffic spikes after Windows Server patch

Microsoft's April 2024 security update caused a significant increase in NTLM authentication traffic on Windows Server. [ more ]

Ars Technica

April updates for Windows 10 and 11 break some VPN software, Microsoft says

Microsoft is investigating a bug in recent Windows updates affecting VPN software. [ more ]

www.independent.co.uk

French cyberwarriors ready to test their defense against hackers and malware during the Olympics

Cybersecurity preparations for the Paris Olympics are in full swing, focusing on defending against a wide range of potential attackers and scenarios. [ more ]

InfoQ

Understanding Email Threats with Cloudflare Radar

Cloudflare launched Email Security section on Cloudflare Radar, offering insights into email security trends and real-time visibility into threats. [ more ]

TechCrunch

Google brings passkey support to its Advanced Protection Program ahead of the US presidential election | TechCrunch

Google is introducing passkey support for its Advanced Protection Program, offering an additional security option for high-risk users like campaign workers and journalists. [ more ]

wbm312 14 hours ago

Read Satya Nadellaâs Microsoft memo on putting security first.

Security is now Microsoftâs âtop priority.â https://t.co/k8EbSfLGWQ

The Verge

Read Satya Nadella's Microsoft memo on putting security first

Prioritize security above all else for the company's success, with a focus on the Secure Future Initiative (SFI) principles. [ more ]

The Verge

Read Satya Nadella's Microsoft memo on putting security first

Prioritize security above all else for the company's success, with a focus on the Secure Future Initiative (SFI) principles. [ more ]

The Verge

Microsoft launches passkey support for all consumer accounts

Microsoft introduces passkey support for all consumer accounts, enabling easier login without passwords across devices. [ more ]

Engadget

Google says its secure entry passkeys have been used a billion times

Passkeys are faster and more secure than passwords, used by over one billion times by 400 million Google accounts. [ more ]

Graham Cluley

Smashing Security podcast #370: The closed loop conundrum, default passwords, and Baby Reindeer

The 'Smashing Security' podcast episode covers cybersecurity, online privacy, IoT weaknesses, identity theft, and scams. [ more ]

Ars Technica

Microsoft plans to lock down Windows DNS like never before. Here's how.

ZTDNS aims to address security risks in DNS by encrypting connections and allowing strict control over resolved domains within Windows networks. [ more ]

ITPro

Preventing deepfake attacks: How businesses can stay protected

Deepfake technology is increasingly used in fraudulent activities, posing a significant threat to businesses. [ more ]

The Verge

LastPass goes independent over a year after serious breaches

LastPass separates from parent company GoTo, faces security challenges, and aims to restore trust through reforms. [ more ]

Theregister

Microsoft, Google do a victory lap around passkeys

Microsoft introduces passkey support for consumer accounts as a step towards a password-free world. [ more ]

Tech.co

6 Ways Remote Workers Can Stop Their Boss Spying on Them

Remote work has privacy risks due to cybersecurity threats and employer monitoring, requiring tools for staying secure online. [ more ]

ITPro

April rundown: Ransomware revenants and 'open source' AI

April highlighted AWS legal issues, a ransomware attack on Change Healthcare, and advancements in AI like Llama 3. [ more ]

ITPro

C-suite to cyber pros: Try and tone down the technical jargon

Lack of understanding and communication between executives, boards, and security professionals leaves security vulnerable. [ more ]

ComputerWeekly.com

EMEA CISOs must address human factors behind cyber incidents | Computer Weekly

Organizations in EMEA need to address human factors in data breaches, with 87% attributed to human errors, system intrusion, and social engineering. [ more ]

TechRepublic

Are VPNs Legal To Use?

Using VPN for data protection is legal in many countries, but illegal activities through VPN are still prohibited and punishable. [ more ]

TechRepublic

Adobe Adds Firefly and AI Watermarking to Bug Bounty Program

Security researchers in Adobe's bug bounty program can now earn rewards for finding vulnerabilities in Adobe Firefly and Content Credentials. [ more ]

Los Angeles Times

Panda Express is the latest to be hacked. What to do when your personal data are exposed

Companies collecting even mundane information can be targeted by hackers, leading to data breaches and potential misuse of personal data. [ more ]

ReadWrite

Microsoft to make signing in easier with passkeys - here's how it works

Microsoft is introducing Passkeys to replace passwords for consumer accounts. [ more ]

TechCrunch