Information security

[ follow ]
power-gridonline-securityransomwaredata-theftmalwareattcloud-securitydata-encryptionhackingphishing

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

An updated Python-based NodeStealer targets Facebook Ads Manager accounts, collecting sensitive data including credit card information and account budgets.

How Zero Trust redefines traditional authentication and authorization practices - Amazic

Zero Trust requires continuous identity verification for users and devices and transforms traditional security methods to prevent data breaches.
#cybersecurity

New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

Helldown ransomware evolves to target Linux and VMware environments, expanding its threat vector and utilizing aggressive tactics for network infiltration.

A third of Americans are served by insecure water systems

A third of US drinking water systems have cybersecurity issues, putting millions at risk, and the EPA lacks a tracking system for potential attacks.

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

A new cyber espionage group, Liminal Panda, has targeted telecommunications entities in South Asia and Africa since 2020 for intelligence collection.

Alleged Russian Phobos ransomware administrator extradited to U.S., in custody

A Russian man, Evgenii Ptitsyn, was extradited to the U.S. for allegedly managing Phobos ransomware, which extorted over $16 million.

Does regulatory compliance actually improve business cybersecurity?

Compliance with cyber regulations significantly enhances a company's security posture and should not be viewed merely as a bureaucratic exercise.

Change Healthcare's clearing house restored after 9 months

Change Healthcare's clearinghouse services have resumed operations after a significant ransomware attack, with ongoing recovery efforts still in progress.

New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

Helldown ransomware evolves to target Linux and VMware environments, expanding its threat vector and utilizing aggressive tactics for network infiltration.

A third of Americans are served by insecure water systems

A third of US drinking water systems have cybersecurity issues, putting millions at risk, and the EPA lacks a tracking system for potential attacks.

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

A new cyber espionage group, Liminal Panda, has targeted telecommunications entities in South Asia and Africa since 2020 for intelligence collection.

Alleged Russian Phobos ransomware administrator extradited to U.S., in custody

A Russian man, Evgenii Ptitsyn, was extradited to the U.S. for allegedly managing Phobos ransomware, which extorted over $16 million.

Does regulatory compliance actually improve business cybersecurity?

Compliance with cyber regulations significantly enhances a company's security posture and should not be viewed merely as a bureaucratic exercise.

Change Healthcare's clearing house restored after 9 months

Change Healthcare's clearinghouse services have resumed operations after a significant ransomware attack, with ongoing recovery efforts still in progress.
morecybersecurity
#phishing

US charges five accused of multi-year hacking spree targeting tech and crypto giants | TechCrunch

The DOJ charged five individuals linked to a hacking group for targeting tech firms and cryptocurrency owners, stealing millions through phishing and SIM swapping.

Five Scattered Spider suspects indicted for crypto heists

A US indictment names five members of the cyber-gang Scattered Spider accused of stealing millions in cryptocurrency through phishing and ransomware tactics.

Feds charge 5 hackers tied to notorious Scattered Spider group - here's how they stole from big companies

The case against Scattered Spider marks a significant crackdown on a prominent hacker group targeting US companies and individuals through phishing scams.

5 Defendants Charged Federally with Running Scheme that Targeted Victim Companies via Phishing Text Messages

A group of five defendants is charged with using phishing schemes to steal sensitive data and millions in cryptocurrency.

US charges five accused of multi-year hacking spree targeting tech and crypto giants | TechCrunch

The DOJ charged five individuals linked to a hacking group for targeting tech firms and cryptocurrency owners, stealing millions through phishing and SIM swapping.

Five Scattered Spider suspects indicted for crypto heists

A US indictment names five members of the cyber-gang Scattered Spider accused of stealing millions in cryptocurrency through phishing and ransomware tactics.

Feds charge 5 hackers tied to notorious Scattered Spider group - here's how they stole from big companies

The case against Scattered Spider marks a significant crackdown on a prominent hacker group targeting US companies and individuals through phishing scams.

5 Defendants Charged Federally with Running Scheme that Targeted Victim Companies via Phishing Text Messages

A group of five defendants is charged with using phishing schemes to steal sensitive data and millions in cryptocurrency.
morephishing
#microsoft

Microsoft announces its own Black Hat-like hacking event with big rewards for AI security

Microsoft's Zero Day Quest event aims to enhance cloud and AI security by incentivizing researchers with $4 million in awards.
The event fosters collaboration between security researchers and Microsoft engineers to tackle high-impact vulnerabilities.

Microsoft's Copilot has an oversharing problem. The company is trying to help customers fix it.

Microsoft's Copilot has faced security oversharing issues, prompting updates to mitigate risks and retain corporate clients.

Microsoft announces its own Black Hat-like hacking event with big rewards for AI security

Microsoft's Zero Day Quest event aims to enhance cloud and AI security by incentivizing researchers with $4 million in awards.
The event fosters collaboration between security researchers and Microsoft engineers to tackle high-impact vulnerabilities.

Microsoft's Copilot has an oversharing problem. The company is trying to help customers fix it.

Microsoft's Copilot has faced security oversharing issues, prompting updates to mitigate risks and retain corporate clients.
moremicrosoft
from CyberScoop
1 day ago

Rail and pipeline representatives push to dial back TSA's cyber mandates

House Republicans and rail representatives criticize TSA's security regulations, arguing they are overly burdensome and could impact future cybersecurity measures under Trump administration.
#apple

Apple says Mac users targeted in zero-day cyberattacks | TechCrunch

Apple has urged all users to update their devices following the discovery of security vulnerabilities exploited in cyberattacks targeting Mac users.

Apple admins: Update your hardware now

Urgent software patches are crucial for protecting Apple devices from currently exploited zero-day vulnerabilities.

Apple says Mac users targeted in zero-day cyberattacks | TechCrunch

Apple has urged all users to update their devices following the discovery of security vulnerabilities exploited in cyberattacks targeting Mac users.

Apple admins: Update your hardware now

Urgent software patches are crucial for protecting Apple devices from currently exploited zero-day vulnerabilities.
moreapple
from Mail Online
20 hours ago

Update your iPhone NOW: Apple releases 'important security fixes'

iPhone users must update to iOS 18.1.1 to address serious security vulnerabilities actively exploited by hackers.

Exclusive: Prompt Security raises $18 million to help companies better secure generative AI tools like ChatGPT

Prompt Security has raised $18 million to address cybersecurity risks linked to AI use, highlighting the growing need for specialized security solutions.
#cyber-security

21K Equinox patients, employees notified of data theft

Equinox faced a data breach affecting 21,565 clients and employees, compromising sensitive personal and health information.

Overcoming the cyber paradox: Shrinking budgets - growing threats | Computer Weekly

Economic pressures and compliance drive a plateau in cyber security spending despite increasing threats.

Robots are used to draw teens into cyber security

The event inspired students to explore careers in cyber security, addressing the national skills gap in the industry.

21K Equinox patients, employees notified of data theft

Equinox faced a data breach affecting 21,565 clients and employees, compromising sensitive personal and health information.

Overcoming the cyber paradox: Shrinking budgets - growing threats | Computer Weekly

Economic pressures and compliance drive a plateau in cyber security spending despite increasing threats.

Robots are used to draw teens into cyber security

The event inspired students to explore careers in cyber security, addressing the national skills gap in the industry.
morecyber-security

Update your iPhone, iPad, and Mac now to patch these serious zero-day security flaws

Apple issued urgent patches for serious security vulnerabilities affecting iPhone, iPad, and Mac to thwart potential attacks on devices. Security update action is critical.

3 potential security risks to stay ahead of post-election

Security leaders need to proactively plan for potential unrest following the election to protect community safety.

Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany

US digital advertising data may inadvertently expose military and intelligence personnel movements, raising national security concerns.

Microsoft unveils Windows 365 Link, a thin client device for Windows 365 users

Windows 365 Link offers a secure, cloud-first solution for businesses to manage remote work and hot desking effectively.

City Council Brings Back Security at 55 NYCHA Senior Complexes in NYC

City Council restored funding for NYCHA security guards at senior buildings, prioritizing resident safety after previous budget cuts.

How to create a secure password policy

NIST advocates for memorable passwords and multi-factor authentication over complex, frequently changed passwords to enhance security.

How your browser is spying on you: Hidden dangers lurking behind every click

Web browsers are essential tools for internet access but pose serious privacy risks.

D-Link says replace vulnerable routers or risk pwnage

Users of older D-Link VPN routers should replace their devices to avoid critical security vulnerabilities.
The vulnerability allows for remote code execution without authentication, raising significant security concerns.

New Windows 11 tool fixes booting issues

Microsoft is launching a Windows Resiliency Initiative to address issues like those caused by the CrowdStrike incident, preventing future system failures.

What Is a Risk Assessment? My Complete Guide [+ Free Template]

Effective risk assessments allow businesses to identify and prioritize potential risks, leading to proactive management and safety improvements.

DevOps and the importance of shift-left security - Developer Tech News

Integrating security early in the DevOps process reduces vulnerabilities and enhances overall application security.

Microsoft Ignite: A $4m zero-day reward plus $349 thin client | Computer Weekly

Microsoft is committed to continuous improvement in IT security, focusing on principles like secure by design and operations.
The new Windows 365 Link device enhances productivity and security in shared workspaces by eliminating local data.

AI is helping one software security company send 5 times the number of threat alerts in record time

Black Duck Software leverages AI to significantly increase the speed of sending security advisories to customers, enhancing their risk management efforts.

Microsoft tries to convince Windows 10 users to buy a new PC with full-screen prompts

Microsoft is actively encouraging Windows 10 users to upgrade to Windows 11 before support ends in October 2025.

If no security we are safe?

Security encompasses measures to protect people, property, and information from harm, including both physical and cyber protection techniques.

Microsoft's new Windows Resiliency Initiative aims to avoid another CrowdStrike incident

Microsoft has launched the Windows Resiliency Initiative to enhance security and help customers recover from future incidents like the CrowdStrike catastrophe.

What is hybrid warfare, which some fear Russia will use after Ukraine's strike?

The Ukrainian missile strike has escalated fears of hybrid warfare reprisals from Russia.

Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity

Microsoft is launching a new Windows Resiliency Initiative to enhance security and system integrity.

The role of artificial intelligence in cyber resilience

AI is pivotal in enhancing cyber resilience strategies for organizations.

The U.S. National Security State is Here to Make AI Even Less Transparent and Accountable

The Biden administration aims to leverage private AI for national security, raising concerns about transparency and accountability.

Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign

T-Mobile has been targeted by Chinese hackers in a cyber espionage campaign without significant impact reported on customers or data.

Microsoft to launch new custom chips for data processing, security | TechCrunch

Microsoft has launched the Azure Boost DPU, a specialized chip for high-efficiency data processing aimed at enhancing Azure cloud capabilities.

Business Internet Security: Everything You Need to Consider

Investing in cybersecurity is essential for small businesses to protect sensitive data and maintain customer trust.
CarlyPage_1 day ago
The US has secured the extradition of a Russian hacker who allegedly served as a key administrator of Phobos ransomware, which has been used to extort at least $16 million from victims globally https://t.co/6Zv7JREQVA

US extradites Russian accused of extorting millions in Phobos ransomware payments | TechCrunch

The extradition of Evgenii Ptitsyn underscores the U.S. government's commitment to tackling international cybercrime and ransomware operations.

Dell Unveils AI and Cybersecurity Solutions at Microsoft Ignite 2024

Dell announced innovative connected services at Microsoft Ignite to enhance AI adoption and security, targeting generative AI deployment and Microsoft Copilot+ PCs.

Alleged Phobos ransomware IT admin extradited to US

Evgenii Ptitsyn has been extradited to the US for his alleged role in the Phobos ransomware operation, which extorted $16 million from various victims.

Microsoft's Windows 365 Link is a thin client device for shared workspaces

Microsoft's Link device, launching April 2025 at $349, enables secure and fast access to Windows 365, catering to hybrid workplaces.

iOS 18 reboots iThings after 72 hours - secretly and smartly

iOS 18's undocumented feature reduces unauthorized access by rebooting devices after 72 hours of inactivity, maintaining high security standards.

Microsoft to tighten Windows security dramatically in 2025 - here's how

The CrowdStrike incident exposed critical flaws in Windows, prompting significant updates to security protocols and recovery features.
Microsoft's new cooperative initiative with endpoint security vendors aims to prevent future system meltdowns through safer deployment practices.

Trust and security are top concerns in the public sector's use of generative AI, survey says

Public sector organizations see the importance of adopting generative AI but have significant concerns regarding trust, cost, and security during implementation.

Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments

Hackers exploit NFC technology and mobile payments, enabling global fraud through Google Pay and Apple Pay.

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Critical flaw CVE-2024-21287 in Oracle Agile PLM allows unauthenticated file leaks; urgent patch advised.

Microsoft made a $349 hardware client to connect to Cloud PCs

Windows 365 Link boosts secure cloud access for businesses with a device tailored for desktop computing needs.

Microsoft beefs up Windows security with new recovery and patching features | TechCrunch

Microsoft is implementing new security features in Windows to prevent incidents like the CrowdStrike outage.
Updates like Quick Machine Recovery and Administrator Protection aim to improve system resilience.

Microsoft presents large amount of security updates for Windows

Microsoft's new security features in Windows aim to enhance user protection and system integrity in significant ways.

Microsoft offers $4 million in AI and cloud bug bounties - how to qualify

Microsoft launches Zero Day Quest, offering $4 million in bug bounties for security researchers uncovering vulnerabilities.

Security Concerns Loom as GenAI Adoption Grows in DevOps - DevOps.com

Despite the integration of GenAI in app development, significant security concerns continue to challenge developers and security professionals.

US Space Force Major Applies for Military Advisor Position on Bitcoin Strategy Featured Bitcoin News

A U.S. Space Force major aims to shape defense policy by advocating a national bitcoin reserve and highlighting Proof-of-Work technology's role in strategic security.

Crypto Tool or Data Thief? How Meme-Token-Hunter-Bot and Its Clones Steal from macOS Users | HackerNoon

Open-source software, while innovative, can be exploited by malware like 'Meme-Token-Hunter-Bot' to steal data from macOS users.

Microsoft's new mini PC is designed for the office. Here's what it can do

Microsoft announces Windows 365 Link, a compact device for secure cloud access targeting productivity in enterprises, reflecting a shift towards cloud-based operations.

An airline crew member tried to bring a loaded gun through airport security, the TSA said

A TSA officer intercepted a loaded gun brought by an airline crew member, highlighting ongoing security concerns at airports.

Whitestone man arrested for allegedly running $1M cable theft operation: DA - QNS

A Whitestone man was arrested for allegedly creating and distributing forged modems filled with malware linked to a cable theft operation.
[ Load more ]