Why should we get its paperwork? More than 100 medical industry groups have asked the Feds to make UnitedHealth Group, not them, go through the rigmarole of notifying everyone about the Change Healthcare ransomware infection.... [...]
Pharmacy says it's 'unwilling and unable to pay ransom' Canadian pharmacy chain London Drugs has confirmed that ransomware thugs stole some of its corporate files containing employee information and says it is "unwilling and unable to pay ransom to these cybercriminals."... [...]
Intercontinental Exchange's Q1 revenue exceeded $1B – that'll sure teach 'em The New York Stock Exchange's parent company has just been hit with a $10 million fine for failing to properly inform the Securities and Exchange Commission (SEC) of a 2021 cyber intrusion.... [...]
Microsoft announced today that it will start deprecating VBScript in the second half of 2024 by making it an on-demand feature until it's completely removed. [...]
$4.5M slushed through accounts from state healthcare and lonely people Georgia resident Malachi Mullings received a decade-long sentence for laundering money scored in scams against healthcare providers, private companies, and individuals to the tune of $4.5 million.... [...]
Security researchers are warning that China-linked state-backed hackers are increasingly relying on vast proxy networks of virtual private servers and compromised connected devices for cyberespionage operations. [...]
The Intercontinental Exchange (ICE) will pay a $10 million penalty to settle charges brought by the U.S. Securities and Exchange Commission (SEC) after failing to ensure its subsidiaries promptly reported an April 2021 VPN security breach. [...]
LastPass announced it will start encrypting URLs stored in user vaults for enhanced privacy and protection against data breaches and unauthorized access. [...]
'Clarification' weighs in on material vs voluntary disclosures The US Securities and Exchange Commission (SEC) wants to clarify guidelines for public companies regarding the disclosure of ransomware and other cybersecurity incidents.... [...]
Microsoft's announcement of the new AI-powered Windows 11 Recall feature has sparked a lot of concern, with many thinking that it has created massive privacy risks and a new attack vector that threat actors can exploit to steal data. [...]
Attend this Register live event to learn how Sponsored Survey and Live Event What are the biggest risks to your organization posed by ransomware and what security defenses does it have in place to protect its sensitive data from cyber criminals?... [...]
A previously unknown threat actor dubbed "Unfading Sea Haze" has been targeting military and government entities in the South China Sea region since 2018, remaining undetected all this time. [...]
We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that the Spring 2024 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover the 12-month period from April 1, 2023 to March …
Experiments in unredacting text that has been pixelated. [...]
Rivals ready to swoop in but drop in overall attacks illustrates LockBit’s influence The takedown of LockBit in February is starting to bear fruit for rival gangs with Play overtaking it after an eight-month period of LockBit topping the attack charts.... [...]
On the bright side, someone made up to $30,000+ for finding it GitHub has patched its Enterprise Server software to fix a security flaw that scored a 10 out of 10 CVSS severity score.... [...]
Boffins, why not simply invent an algorithm that autonomously fixes flaws, thereby ending ransomware forever The US government's Advanced Research Projects Agency for Health (ARPA-H) has pledged more than $50 million to fund the development of technology that aims to automate the process of securing hospital IT environments.... [...]
A malicious crypto mining campaign codenamed 'REF4578,' has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner. [...]
Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM). [...]
Today, the LockBit ransomware gang claimed they were behind the April cyberattack on Canadian pharmacy chain London Drugs and is now threatening to publish stolen data online after allegedly failed negotiations. [...]
You might have security or compliance standards that prevent a database user from changing their own credentials and from having multiple users with identical permissions. AWS Secrets Manager offers two rotation strategies for secrets that contain Amazon Relational Database Service (Amazon RDS) credentials: single-user and alternating-user. In the preceding …
Guess we all have imaginary monsters to fear Zoom has rolled out what it claims is post-quantum end-to-end encryption (E2EE) for video conferencing, saying it will make it available for Phone and Rooms "soon."... [...]
Western Sydney University (WSU) has notified students and academic staff about a data breach after threat actors breached its Microsoft 365 and Sharepoint environment. [...]
Enlarge (credit: Getty Images) Malware recently spotted in the wild uses sophisticated measures to disable antivirus protections, destroy evidence of infection, and permanently infect machines with cryptocurrency-mining software, researchers said Tuesday. Key to making the unusually complex system of malware operate is a function in the main payload, named …
Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects. [...]
Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide. [...]
Crashes galore, plus especially crafty crims could use it for much worse Infosec researchers are alerting the industry to a critical vulnerability in Fluent Bit – a logging component used by a swathe of blue chip companies and all three major cloud providers.... [...]
Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location …
GitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4985, which impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication. [...]
Zoom has announced the global availability of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with Zoom Phone and Zoom Rooms to follow soon. [...]
From Slashdot : Apple and Google have launched a new industry standard called “ Detecting Unwanted Location Trackers ” to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown Bluetooth device is detected moving with them. The move comes after numerous …
Fewer rivals on the scene as big-gang success soars The number of new ransomware strains in circulation has more than halved over the past 12 months, suggesting there is little need for innovation given the success of the existing tools used by top gangs.... [...]
Opponents of Myanmar’s internet-nobbling military government don't like when Facebook asks for their real names Big Tech isn't much help if you're an activist trying to work against a military junta, and FOSS tools aren't a great alternative either, according to opponents of Myanmar's military regime.... [...]
New infosec intelligence service aims to spread the word about recently discovered vulns in free code Securing open source software may soon become a little bit easier thanks to a new vulnerability info-sharing effort initiated by the Open Source Security Foundation (OpenSSF).... [...]
Let me go, Brandon WikiLeaks founder Julian Assange can appeal his extradition to the US from the UK, the High Court of England and Wales ruled Monday.... [...]
A critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants. [...]
The California-based imaging sensors manufacturer OmniVision is warning of a data breach after the company suffered a Cactus ransomware attack last year. [...]
Amazon Web Services (AWS) successfully completed a special onboarding audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, and 22301:2019, and Cloud Security Alliance (CSA) STAR Cloud Controls Matrix (CCM) v4.0. Ernst and Young CertifyPoint auditors conducted the …
The alleged owner and operator of Incognito Market, a dark web marketplace for selling illegal narcotics online, was arrested at the John F. Kennedy Airport in New York on May 18. [...]
Also, feds who switch to Google Workspace for 3 years get an extra year for free Updated Google has taken a victory lap in the wake of high-profile intrusions into Microsoft's systems, and says businesses should ditch Exchange and OneDrive for Gmail and Google Drive.... [...]
Just ask a pal in a neighboring town with laxer restrictions Updated Police in multiple major US cities have figured out a trick to circumvent bans on facial recognition technology. Just ask a friend in a city without any such restrictions to do it for you.... [...]
A new version of the BiBi Wiper malware is now deleting the disk partition table to make data restoration harder, extending the downtime for targeted victims. [...]
An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed. [...]
In this post, we discuss how to architect Zero Trust based remote connectivity to your applications hosted within Amazon Web Services (AWS). Specifically, we show you how to integrate AWS Verified Access with Jamf as a device trust provider. This post is an extension of our previous post explaining …
WatchTowr publishes report claiming vendor failed to issue fixes after four months Infosec boffins say they were forced to go public after QNAP failed to fix various vulnerabilities that were reported to it months ago.... [...]
Forced selloff case will likely be appealed again... see you in (Supreme) court The US Department of Justice and Bytedance spent a rare moment unified on Friday when the duo asked for a fast-tracked court schedule for the Chinese short video apps divest or ban case.... [...]
IBM is selling its QRadar product suite to Palo Alto Networks, for an undisclosed—but probably surprisingly small—sum. I have a personal connection to this. In 2016, IBM bought Resilient Systems, the startup I was a part of. It became part if IBM’s cybersecurity offerings, mostly and …
It quickly realized ‘dry’ progress updates weren’t cutting it CyberUK Emotional intelligence was at the heart of the British Library's widely hailed response to its October ransomware attack, according to CEO Roly Keating.... [...]
Industry reportedly pressuring digital ministry not to cut the cord Germany may soon remove Huawei and ZTE equipment from its 5G networks, according to media reports.... [...]
PLUS: Connected automakers put on notice; Cisco Talos develops macOS fuzzing technique; Last week's critical vulns Infosec in brief Nissan has admitted to another data loss – this time involving the theft of personal information belonging to more than 50,000 Nissan employees.... [...]