UnitedHealth CEO admits it paid $22 million ransom to BlackCat
CEO Andrew Witty confirmed paying a $22 million ransom to hackers for data breach, facing criticism and calls for better cybersecurity measures. [ more ]
Preventing the Next Big Cyberattack on U.S. Health Care
The cyberattack on Change Healthcare exposed vulnerabilities in the U.S. health care sector that require urgent action for improved cybersecurity. [ more ]
Human errors still a leading cause of cyber incidents, says Kaseya
Over two human-involved cyber incidents daily last year, majority not severe. Tool commoditization leads to more automated attacks. Government and IT sectors most targeted. [ more ]
Rabbit R1 AI box revealed to just be an Android app
The Rabbit R1 is a smartphone replacement device running a limited Android OS without Google Play access, facing issues with functionality and battery life. [ more ]
UK's long-awaited device security law kicks in | Computer Weekly
The PSTI Act of 2022 places legal duties on manufacturers to ensure basic security standards in electronic devices to protect consumers from data privacy violations and cyber attacks. [ more ]
New laws to protect consumers from cyber attacks take effect
Manufacturers legally required to enhance security of smart devices by banning weak default passwords and ensuring transparency in security updates. [ more ]
UnitedHealth CEO: 'Decision to pay ransom was mine'
Cybercriminals used stolen credentials to access Change Healthcare's systems, prompting CEO Andrew Witty to pay a $22 million ransom, emphasizing the importance of cybersecurity measures. [ more ]
Clark Hill was 'duped by an obvious scam,' costing its client $1.1M, suit alleges
Clark Hill fell victim to a sophisticated email scam, transferring $1.1M to wrong account, emphasizing the importance of verifying financial requests. [ more ]
CISA unveils guidelines for AI and critical infrastructure
The Cybersecurity and Infrastructure Security Agency released safety guidelines for critical infrastructure, addressing AI risks and obligations under the Biden administration's executive order. [ more ]
Today At ILTA EVOLVE: AI Icebreakers, Cybersecurity Challenges, Live Entertainment
Exciting educational sessions and networking opportunities at ILTA EVOLVE event in Charlotte, focusing on cybersecurity, generative AI, and top security actions for law firms. [ more ]
Foreign adversaries using AI to push disinformation, crumble election process, US warns
Foreign actors are using generative AI tools to conduct propaganda campaigns aimed at influencing U.S. elections and exacerbating partisan tensions. [ more ]
The White House Reveals New Master Plan to Stop Everything From Cyberattacks to Terrorism
The Biden administration is updating the US government's infrastructure protection blueprint with a focus on cybersecurity and partnerships with the private sector. [ more ]
Change Healthcare hackers broke in using stolen credentials - and no MFA, says UHG CEO | TechCrunch
Hackers exploited stolen credentials without multi-factor authentication to breach Change Healthcare's systems, leading to massive health data exfiltration in a ransomware attack. [ more ]
A backdoor was discovered in xz utils affecting Linux distributions like Debian Sid and Fedora, emphasizing the importance of cybersecurity diligence. [ more ]
UK finally bans '12345' passwords on connected devices
Smart device manufacturers in the UK must adhere to new laws like the PSTI Act, focusing on minimum security standards and crackable default passwords. [ more ]
Data is rapidly growing, with its value increasing significantly; protecting data is crucial for businesses to prevent cyberattacks and financial loss. [ more ]
"Junk gun" ransomware: the cheap new threat to small businesses
Cheap, unsophisticated ransomware like 'junk gun' poses a serious threat to organizations, despite not making headlines like other advanced variants. [ more ]
Microsoft is facing serious security challenges, requiring a complete overhaul of its security culture to prevent further breaches and restore trust. [ more ]
Questions for IT and cyber leaders from the CSRB Microsoft report | Computer Weekly
Organizations should consider assessing their security and risk profile in relation to Microsoft's Global Hyperscale Cloud in light of recent hacking incidents. [ more ]
Attack (or Penetrate Test) Cloud Native the Easy Way
Weak cloud native infrastructure security defenses leave distributed networks vulnerable to attacks via simple tools or unpatched security holes, including easy access through dark web purchases. [ more ]
VPNs encrypt online traffic to protect user data from prying eyes, providing an additional layer of security for both businesses and consumers. [ more ]
Malvertising Slips Through: Boosting Digital PR And Ad Safety Is Vital
Digital ad tools by mar-tech startups are crucial, but malvertising poses significant threats exploiting trust and mimicking legitimate brands. [ more ]
Germany Arrests 3 Suspected of Passing Secrets to China
German citizens arrested for gathering naval data for Chinese security services show delicate relationship dynamics between the two countries. [ more ]
In a world inundated with digital communication channels, it's crucial to be vigilant and discerning about the information and opportunities that come our way. [ more ]
Russian hackers accessed U.S. government emails in Microsoft breach, CISA says
Kremlin-backed hackers breached Microsoft systems in January, exfiltrating email communication from federal agencies, raising cybersecurity concerns. [ more ]
Yemeni women become mobile phone technicians to curb sextortion
Women in Yemen face challenges fixing mobile phones due to gender norms and risks of extortion, impacting their daily lives and work opportunities. [ more ]
Congress tries again for comprehensive data privacy bill
The American Privacy Rights Act aims to establish nationwide data security practices and hold companies accountable for protecting personal data.
The bill empowers the Federal Trade Commission to enforce legislation and requires large data holders to conduct privacy impact assessments regularly. [ more ]
Devices Infected With Data-Stealing Malware Increased by 7 Times Since 2020
The number of devices infected with data-stealing malware in 2023 was 9.8 million, with an expected rise to 16 million; infostealers are on the rise due to ease of access. [ more ]
EU Formally Adopts Cyber Law for Connected Products | Data Matters Privacy Blog
The EU Parliament passed the EU Cyber Resilience Act (CRA) to ensure connected products are resilient against cyber threats and comply with essential cybersecurity requirements. [ more ]
Steam Hit Ready Or Not Source Code Stolen In Massive Hack
Hackers stole millions of files, including Ready or Not game source code and console builds, highlighting cybersecurity risks in the gaming industry. [ more ]
Evolution Equity Partners raises $1.1B for new cybersecurity and AI fund | TechCrunch
Investment in cybersecurity dropped 40% but is showing signs of recovery. Evolution Equity Partners launched a $1.1 billion cybersecurity and AI fund. [ more ]
Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted
Backups do not guarantee safety from ransomware attacks; compromised backups significantly increase the likelihood of paying ransom and recovery costs. [ more ]
Apple warns users in over 90 countries on mercenary spyware attacks
Apple warned users in 92 countries of potential spyware attacks, specifically targeting individuals with a high level of sophistication and resources. [ more ]
Identify vulnerabilities across application environments
Securing application environments is essential for operational security, compliance, and customer trust, requiring identification and mitigation of vulnerabilities through detailed understanding and effective strategies. [ more ]