#Cybersecurity

[ follow ]
china
www.independent.co.uk
2 days ago
EU data protection

Cyberattack by China' exposed details of 270,000 UK armed forces personnel

Massive hacking attack on British military by China affecting 270,000+ serving personnel; Special Forces unaffected, with missing personal information of members. [ more ]
www.independent.co.uk
2 days ago
France politics

Watch: China's Xi Jinping meets Macron in France after MoD cyberattack

China's President Xi Jinping meeting President Emmanuel Macron in France to mark 60 years of diplomatic relations; recent cyberattacks attributed to Chinese state-affiliated actors. [ more ]
www.nytimes.com
2 days ago
Information security

U.K. Armed Forces' Data Stolen by State-Linked Hackers, Lawmakers Say

The personal information of British military personnel was hacked in a state-orchestrated cyberattack, targeting a third-party payroll system. [ more ]
ReadWrite
2 days ago
EU data protection

China accused of hacking the UK Ministry of Defence in massive data breach

China accused of hacking UK Ministry of Defence, targeting payroll system with personal data, but operational data not compromised. [ more ]
Engadget
2 days ago
EU data protection

The UK's Ministry of Defence was hacked, and the country is reportedly blaming China

China accused of hacking UK Ministry of Defence payroll system. [ more ]
morechina
Privacy professionals
New York Post
4 days ago
Privacy professionals

More than 380,000 additional NYC students had personal info hacked, bringing total to over 1M

Over 380,000 NYC public school students had personal data hacked, totaling over 1 million affected. DOE offers free credit monitoring services post-security breach. [ more ]
www.theguardian.com
3 days ago
Privacy professionals

Google releases new tool to enable Australians to find their personal information and request removal

Google launched a tool in Australia for users to find and request removal of personal information from search results. [ more ]
morePrivacy professionals
Artificial intelligence
The Verge
3 days ago
Artificial intelligence

Google's AI plans now include cybersecurity

Google focuses on using generative AI for cybersecurity, leveraging Gemini 1.5 Pro for threat analysis and report summarization. [ more ]
ITPro
2 days ago
Artificial intelligence

AI is changing the game when it comes to security

Cybersecurity is undergoing a significant transformation, leveraging AI for faster threat detection and response. [ more ]
moreArtificial intelligence
New Relic
2 days ago
Information security

Rethinking vulnerability prioritization

A weighted prioritization system considers key elements for an objective measure, aiding laser-focused resource allocation and proactive defense, while promoting adaptive security. [ more ]
cisa
Theregister
2 days ago
Information security

CISA's ransomware warnings helped critical orgs fix 852 bugs

US government's CISA is actively assisting critical infrastructure organizations in addressing vulnerabilities exploited by ransomware gangs to prevent attacks. [ more ]
Theregister
1 day ago
Information security

CISA boss: Secure software needed to stop ransomware

Make software secure by design to combat ransomware attacks and enhance cybersecurity measures. [ more ]
CyberScoop
3 days ago
Information security

Krebs, Luber added to Cyber Safety Review Board

Chris Krebs and David Luber are among four new additions to the Cyber Safety Review Board, contributing their cybersecurity expertise. [ more ]
morecisa
Artificial intelligence
New York Post
2 days ago
Artificial intelligence

AI voice scammers are posing as loved ones to steal your money - here's a foolproof trick to stop attacks

Request a safe word to thwart AI phone scams impersonating loved ones. [ more ]
ComputerWeekly.com
3 days ago
Artificial intelligence

Embrace alternative education pathways for cyber success | Computer Weekly

Emphasis on practical skills over formal education in cybersecurity field. [ more ]
DevOps.com
1 day ago
Artificial intelligence

Sumo Logic Previews GenAI Tool to Improve DevSecOps Observability - DevOps.com

Sumo Logic introduces copilot with AI for easier observability platform usage. [ more ]
moreArtificial intelligence
microsoft
ComputerWeekly.com
3 days ago
Information security

Microsoft beefs up cyber initiative after hard-hitting US report | Computer Weekly

Microsoft focuses on enhancing cybersecurity through the Secure Future Initiative (SFI) by integrating recommendations and lessons learned from recent cyber attacks. [ more ]
Ars Technica
6 days ago
Privacy professionals

Microsoft ties executive pay to security following multiple failures and breaches

Microsoft faced major security breaches resulting in data exposure and criticism. The company is taking steps to improve its security practices and prioritize security as the top concern. [ more ]
CyberScoop
6 days ago
Information security

Microsoft organizational changes seek to address security failures

Microsoft ties executive compensation to security targets and prioritizes security over new features to address recent breaches. [ more ]
The Verge
6 days ago
Information security

Read Satya Nadella's Microsoft memo on putting security first

Prioritize security above all else for the company's success, with a focus on the Secure Future Initiative (SFI) principles. [ more ]
Engadget
1 week ago
Tech industry

You can finally use passkeys to sign into your Microsoft account

Microsoft has introduced consumer passkey support for Microsoft accounts, following Apple and Google, making sign-ins easier and more secure. [ more ]
moremicrosoft
Bloomberg
18 hours ago
JavaScript

Bloomberg

Websites may detect unusual activity from users' computers, prompting them to verify their identity by solving a CAPTCHA. [ more ]
Bloomberg
1 day ago
JavaScript

Bloomberg

Unusual activity detected, verify browser settings for JavaScript and cookies to resolve issues. [ more ]
Bloomberg
1 day ago
JavaScript

Bloomberg

To access a website without being flagged as a robot, ensure your browser supports JavaScript and cookies. [ more ]
critical-infrastructure
Nextgov.com
2 days ago
Information security

US diplomats told China to stop Volt Typhoon campaign - It's becoming more advanced, intelligence officials say

The U.S. addressed a cyber threat from China by dismantling a botnet used to breach American critical infrastructure, but challenges persist due to evolving tactics and multiple covert networks. [ more ]
euronews
6 days ago
Information security

'Cyberwarriors' prepare against attacks during Paris Olympics

France anticipates increased cyber threats during the upcoming Paris Olympic Games, particularly from Russian actors. [ more ]
CyberScoop
1 week ago
Information security

Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say

Pro-Russia hacktivists target critical infrastructure sectors in North America and Europe, exploiting cybersecurity weaknesses and causing physical threats. [ more ]
morecritical-infrastructure
TechCrunch
6 days ago
Privacy professionals

UnitedHealth data breach should be a wakeup call for the UK and NHS | TechCrunch

Ransomware attack on UnitedHealth Group highlights the risk of entrusting sensitive data to companies with irresponsible data protection practices. [ more ]
Los Angeles Times
1 week ago
Privacy professionals

Panda Express is the latest to be hacked. What to do when your personal data are exposed

Companies collecting even mundane information can be targeted by hackers, leading to data breaches and potential misuse of personal data. [ more ]
www.theguardian.com
1 week ago
Privacy professionals

NSW club patrons advised to replace ID documents after leak of more than a million records

Residents urged to replace ID documents after a data breach affecting club and pub patrons in NSW and ACT. [ more ]
www.nytimes.com
1 week ago
Privacy professionals

N.S.A. Disclosure of U.S. Identities in Surveillance Reports Nearly Tripled in 2023

The number of unmaskings by the NSA from warrantless surveillance nearly tripled in 2022. [ more ]
vulnerabilities
Theregister
6 days ago
Information security

Software supply chain security still in early days, says CEO

Software supply chain vulnerabilities are increasing due to reliance on untrusted sources, requiring better management and vetting processes. [ more ]
ComputerWeekly.com
6 days ago
Information security

Patch GitLab vuln without delay, users warned | Computer Weekly

Prompt patching of CVE-2023-7028 vulnerability in GitLab is essential to prevent account takeover and potential cyber threats. [ more ]
Theregister
1 week ago
Privacy professionals

Chinese government website security has big problems

Chinese researchers found vulnerabilities in Chinese government websites, including DNS configuration lapses and a notable dependence on a few DNS service providers. [ more ]
Harvard Business Review
1 week ago
Information security

Preventing the Next Big Cyberattack on U.S. Health Care

The cyberattack on Change Healthcare exposed vulnerabilities in the U.S. health care sector that require urgent action for improved cybersecurity. [ more ]
morevulnerabilities
cisa
ITPro
6 days ago
Information security

Hackers are exploiting critical GitLab password reset vulnerability - here's what you need to know

CISA warns of actively exploited GitLab vulnerability CVE-2023-7028, urging swift remediation to prevent potential account hijacking. [ more ]
CyberScoop
1 week ago
Information security

How to fine-tune the White House's new critical infrastructure directive

Biden administration updated federal infrastructure protection policy via NSM-22, linking it to modern cyber threat landscape, but fell short by not including space and cloud industries. [ more ]
Theregister
1 week ago
Information security

Federal frenzy to patch gaping security hole in GitLab

CISA mandates federal agencies to patch critical GitLab vulnerability under active exploitation. [ more ]
morecisa
critical-infrastructure
CyberScoop
1 week ago
Information security

CISA's incident reporting requirements go too far, trade groups and lawmakers say

The draft rule for cyber incident reporting may be too burdensome for critical infrastructure entities and for the agency itself. [ more ]
FedScoop
1 week ago
Artificial intelligence

CISA unveils guidelines for AI and critical infrastructure

The Cybersecurity and Infrastructure Security Agency released safety guidelines for critical infrastructure, addressing AI risks and obligations under the Biden administration's executive order. [ more ]
CyberScoop
1 week ago
Information security

US spy agencies to share intelligence on critical infrastructure in policy revamp

The U.S. intelligence community will share threat information with critical infrastructure operators under the revised policy directive. [ more ]
morecritical-infrastructure
Bloomberg
1 week ago
JavaScript

Bloomberg

To prevent unusual activity prompts, ensure browser supports JavaScript/cookies and isn't blocking them. [ more ]
ITPro
18 hours ago
Information security

What is hackbot as a service and are malicious LLMs a risk?

AI will likely increase cyber attacks' volume and impact in the next two years. [ more ]
CyberScoop
2 days ago
Information security

ONCD report: 'Fundamental transformation' in cyber, tech drove 2023 risks

Malicious hackers are exploiting emerging technologies, causing advanced cyber risks as the digital and physical worlds merge. [ more ]
CyberScoop
1 day ago
Information security

Dozens of tech companies pledge to build safer, more secure tech

More than 60 private-sector companies pledged to prioritize cybersecurity in their tech design, emphasizing security features and vulnerability reduction. [ more ]
WIRED
3 days ago
Information security

Apple's iPhone Spyware Problem Is Getting Worse. Here's What You Should Know

Apple sent notifications to iPhone users warning about targeted spyware attacks, linked to a sophisticated Chinese spyware campaign named LightSpy. [ more ]
Coindesk
3 days ago
Information security

Crypto Now Has a 'Neighborhood Watch' to Guard Against Hacks

The cryptocurrency industry has established Crypto ISAC, led by cybersecurity veteran Justine Bone, to enhance cybersecurity measures and information sharing. [ more ]
WIRED
1 day ago
Information security

A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities

The Cyber Army of Russia hyped its hacking for domestic audience, unlike other Russian hacker groups who tend to lay low after exposure. [ more ]
Nextgov.com
3 days ago
Information security

White House in talks with industry to build legal framework for software liability

Biden administration engaging with software developers to shift liability for software flaws onto manufacturers, incentivizing secure development practices. [ more ]
ITPro
2 days ago
Information security

Russian LockBit mastermind unmasked by law enforcement

Authorities unmask leader of LockBit ransomware group after international law enforcement disruption led by UK NCA, imposing sanctions and revealing US reward for his arrest. [ more ]
www.theguardian.com
3 days ago
EU data protection

UK armed forces' personal data hacked in MoD breach

UK Ministry of Defence data breach exposed military personnel's personal information, with immediate action taken to secure data and notify affected individuals. [ more ]
www.independent.co.uk
2 days ago
EU data protection

Malign actor' behind MoD cyber attack, Sunak says

The Prime Minister declined to identify the culprit behind the cyber attack on the MoD, emphasizing a robust policy towards Beijing and other potential risk-posing states. [ more ]
CyberScoop
3 days ago
Information security

The missed opportunities in White House's critical infrastructure directive

National security memorandum updates are necessary due to evolving threats.
Congressional action is needed to address gaps in critical infrastructure defense. [ more ]
CyberScoop
3 days ago
Information security

The missed opportunities in White House's critical infrastructure directive

The White House national security memorandum addressing critical infrastructure defense gaps requires Congress intervention for comprehensive protection. [ more ]
ReadWrite
1 day ago
Information security

Scam warning from top cybersecurity CTO over ransomware criminal tactics

Criminals are using personal tactics in ransomware attacks, such as pretending to be executives' children for higher payouts. [ more ]
Theregister
3 days ago
Information security

Implementation of Biden infosec EO still incomplete

Only 6 out of 55 objectives from the cybersecurity executive order remain unmet, with the definition of "critical software" being a crucial unresolved issue. [ more ]
ITPro
18 hours ago
Information security

Nearly 70 software vendors sign up to CISA's cyber resilience program

Nearly 70 leading US software companies are committing to incorporating secure by design principles into their products to enhance cyber resilience. [ more ]
ComputerWeekly.com
16 hours ago
Information security

Enhance identity controls before banning ransomware payments | Computer Weekly

Ransomware payments should be banned to prevent funding cybercriminals, but SMEs may struggle to recover from data loss. [ more ]
ITPro
3 days ago
Information security

RSAC Chairman urges collaboration to ensure collective defense in security

Collective defense is crucial for advancing cybersecurity against evolving threats. [ more ]
Nextgov.com
11 hours ago
Information security

Feds, military personnel compete in President's Cyber Cup Challenge

The President's Cyber Cup Challenge aims to foster cybersecurity talent within the federal government, promoting awareness and skills among the workforce. [ more ]
ComputerWeekly.com
2 days ago
Information security

Chinese APT suspected of Ministry of Defence hack | Computer Weekly

An undisclosed APT, potentially linked to the Chinese government, was behind a serious supply chain data breach at the UK Ministry of Defence. [ more ]
TechRepublic
3 days ago
Information security

10 Myths about Cybersecurity You Shouldn't Believe | TechRepublic

The first step to better cybersecurity is debunking myths to understand the true risks, including internal threats. [ more ]
ITPro
19 hours ago
DevOps

Google Cloud blames "combination of rare issues" for customer's mysterious outage

Google Cloud attributed the UniSuper service outage to technical problems, not a cyber attack. [ more ]
ITPro
2 days ago
Information security

APIcalypse Now: Akamai CSO warns of surging attacks and backdoored open source components

Boaz Gelbord warned of the increasing trend of attacks targeting applications and APIs, emphasizing the challenges organizations face in inventorying and securing APIs. [ more ]
Theregister
2 days ago
Information security

UnitedHealth's 'egregious negligence' led to that ransomware

Cybersecurity negligence led to ransomware infection at Change Healthcare. [ more ]
TechCrunch
2 days ago
Information security

Akamai confirms acquisition of Noname for $450M | TechCrunch

Akamai acquires Noname Security for $450 million, reflecting the consolidation trend in the cybersecurity market. [ more ]
ComputerWeekly.com
14 hours ago
Information security

Zero Trust: Unravelling the enigma and charting the future | Computer Weekly

Zero Trust concept is enigmatic yet crucial in cybersecurity, with ongoing discussions under a dedicated group ZTSIG led by influential figures. [ more ]
DevOps.com
2 days ago
Information security

Hunters Announces Full Adoption of OCSF and Introduces OCSF-Native Search - DevOps.com

Hunters adopts Open Cybersecurity Schema Framework (OCSF) and launches OCSF-native Search capability for improved cybersecurity operations. [ more ]
ComputerWeekly.com
7 hours ago
Information security

Wales gets UK's first national SOC | Computer Weekly

The establishment of Wales' national security operations center (CymruSOC) is crucial for safeguarding public sector entities and employees from cyber threats, emphasizing a collaborative approach and the importance of digital resilience. [ more ]
ReadWrite
12 hours ago
Information security

Dell warns 49 million customers about massive data breach

Dell warned customers of a massive data breach affecting 49 million customers. [ more ]
ITPro
1 day ago
Marketing

Sectigo names Dena Bauckman as its new product chief

Sectigo appoints Dena Bauckman as senior VP of product. [ more ]
ITPro
1 day ago
Information security

Medical equipment supplier NRS Healthcare confirms ransomware attack

Healthcare equipment provider NRS Healthcare faces ransomware attack with over 600k documents stolen by RansomHub group. [ more ]
WIRED
5 days ago
Information security

A New Surveillance Tool Invades Border Towns

Yahoo Boys operate openly on social platforms engaging in various criminal activities. [ more ]
www.independent.co.uk
6 days ago
Information security

French cyberwarriors ready to test their defense against hackers and malware during the Olympics

Cybersecurity preparations for the Paris Olympics are in full swing, focusing on defending against a wide range of potential attackers and scenarios. [ more ]
ITPro
6 days ago
Information security

Security agencies warn of heightened threat to critical national infrastructure

Hacktivists target ICS in North America and Europe with potential physical threats, utilizing unsophisticated techniques initially. [ more ]
ITPro
6 days ago
Information security

April rundown: Ransomware revenants and 'open source' AI

April highlighted AWS legal issues, a ransomware attack on Change Healthcare, and advancements in AI like Llama 3. [ more ]
InfoQ
1 week ago
Deliverability

Understanding Email Threats with Cloudflare Radar

Cloudflare launched Email Security section on Cloudflare Radar, offering insights into email security trends and real-time visibility into threats. [ more ]
CyberScoop
1 week ago
Information security

Iranian hackers impersonate journalists in social engineering campaign

Iranian hackers linked to Revolutionary Guard impersonated journalists and human rights groups for phishing attacks. [ more ]
CyberScoop
1 week ago
Information security

Data stolen in Change Healthcare attack likely included U.S. service members, executive says

UnitedHealth Group CEO revealed data breach involving U.S. military personnel.
Delay in notifying affected individuals poses challenges for health data protection. [ more ]
Developer Tech News
1 week ago
Information security

CISA sounds alarm on critical GitLab flaw under active exploit

Organizations should promptly apply security updates in response to active exploitation attempts. [ more ]
Graham Cluley
1 week ago
Information security

Smashing Security podcast #370: The closed loop conundrum, default passwords, and Baby Reindeer

The 'Smashing Security' podcast episode covers cybersecurity, online privacy, IoT weaknesses, identity theft, and scams. [ more ]
TechCrunch
1 week ago
Information security

Google brings passkey support to its Advanced Protection Program ahead of the US presidential election | TechCrunch

Google is introducing passkey support for its Advanced Protection Program, offering an additional security option for high-risk users like campaign workers and journalists. [ more ]
ITPro
1 week ago
Information security

The Dropbox data breach is a classic case of "breach by acquisition"

Breaches through acquisitions can expose organizations to unknown vulnerabilities. [ more ]
Coindesk
1 week ago
Information security

Rabotnik, Affiliate of Ransomware Group REvil, Sentenced to 13 Years in Jail

Rabotnik, a member of the REvil ransomware group, sentenced to 13 years and seven months in jail. [ more ]
Nextgov.com
1 week ago
Information security

NASA doesn't know if its spacecraft have adequate cyber defenses, GAO warns

NASA needs mandatory cybersecurity guidelines for spacecraft acquisition policies. [ more ]
The Verge
1 week ago
Information security

UnitedHealth CEO admits it paid $22 million ransom to BlackCat

CEO Andrew Witty confirmed paying a $22 million ransom to hackers for data breach, facing criticism and calls for better cybersecurity measures. [ more ]
Nextgov.com
1 week ago
Information security

UnitedHealth CEO grilled over 'clear national security threat' from Change Healthcare hack

Senators questioned UnitedHealth CEO on recent ransomware cyberattack. [ more ]
Ars Technica
1 week ago
Tech industry

Rabbit R1 AI box revealed to just be an Android app

The Rabbit R1 is a smartphone replacement device running a limited Android OS without Google Play access, facing issues with functionality and battery life. [ more ]
CyberScoop
1 week ago
Information security

Easterly appeals to Congress on CISA funding, citing Chinese threats to critical infrastructure

More funding is crucial for CISA to enhance cybersecurity defense, particularly against Chinese hackers in critical infrastructure. [ more ]
WIRED
1 week ago
Information security

The US Government Is Asking Big Tech to Promise Better Cybersecurity

The pledge offers flexibility to companies in meeting goals but emphasizes public progress and sharing techniques. [ more ]
ITPro
1 week ago
Information security

Human errors still a leading cause of cyber incidents, says Kaseya

Over two human-involved cyber incidents daily last year, majority not severe. Tool commoditization leads to more automated attacks. Government and IT sectors most targeted. [ more ]
ITPro
1 week ago
Information security

Why remote desktop tools are facing an onslaught of cyber threats

Remote desktop tools are crucial for hybrid work but are often targeted by cybercriminals. [ more ]
ComputerWeekly.com
1 week ago
Information security

Better hygiene may mitigate the need to ban ransomware payments | Computer Weekly

Handling ransomware attacks requires weighing up asset value and determining the best recovery strategy. [ more ]
TechCrunch
1 week ago
Information security

Citigroup's VC arm invests in API security startup Traceable | TechCrunch

API attacks are increasing, highlighting the need for improved API security measures. [ more ]
Ars Technica
1 week ago
Information security

Change Healthcare hacked through stolen password for account with no MFA

Cyberattack on Change Healthcare due to lack of multifactor authentication led to prescription market disruption. [ more ]
Theregister
1 week ago
Information security

UnitedHealth CEO: 'Decision to pay ransom was mine'

Cybercriminals used stolen credentials to access Change Healthcare's systems, prompting CEO Andrew Witty to pay a $22 million ransom, emphasizing the importance of cybersecurity measures. [ more ]
ABA Journal
1 week ago
Law

Clark Hill was 'duped by an obvious scam,' costing its client $1.1M, suit alleges

Clark Hill fell victim to a sophisticated email scam, transferring $1.1M to wrong account, emphasizing the importance of verifying financial requests. [ more ]
www.cbc.ca
1 week ago
London

All London Drugs stores remain closed after 'cybersecurity incident' | CBC News

London Drugs stores closed due to a cybersecurity incident in Western Canada, prioritizing customer care and data security. [ more ]
WIRED
1 week ago
Information security

The White House Reveals New Master Plan to Stop Everything From Cyberattacks to Terrorism

The Biden administration is updating the US government's infrastructure protection blueprint with a focus on cybersecurity and partnerships with the private sector. [ more ]
TechCrunch
1 week ago
Information security

Exclusive: SafeBase taps AI to automate software security reviews

SafeBase utilizes AI to automate security questionnaires, saving time and improving accuracy for customers. [ more ]
TechCrunch
1 week ago
Information security

Change Healthcare hackers broke in using stolen credentials - and no MFA, says UHG CEO | TechCrunch

Hackers exploited stolen credentials without multi-factor authentication to breach Change Healthcare's systems, leading to massive health data exfiltration in a ransomware attack. [ more ]
[ Load more ]