Texas healthcare provider UMC Health System was forced to divert some patients to other locations after a ransomware attack impacted its operations. [...]

The Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia. The US also indicted one of its members for conducting BitPaymer ransomware attacks. [...]

Law enforcement authorities from 12 countries arrested four suspects linked to the LockBit ransomware gang, including a developer, a bulletproof hosting service administrator, and two people connected to LockBit activity. [...]

The U.S. Securities and Exchange Commission (SEC) charged Robert B. Westbrook, a U.K. citizen, with hacking into the computer systems of five U.S. public companies to access confidential earnings information and conduct insider trading. [...]

Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. [...]

Microsoft Defender now automatically detects and notifies users with a Microsoft 365 Personal or Family subscription when they're connected to unsecured Wi-Fi networks. [...]

Enlarge (credit: Getty Images) Public records systems that courts and governments rely on to manage voter registrations and legal filings have been riddled with vulnerabilities that made it possible for attackers to falsify registration databases and add, delete, or modify official documents. Over the past year, software developer turned …

Japan's Computer Emergency Response Center (JPCERT/CC) has shared tips on detecting different ransomware gang's attacks based on entries in Windows Event Logs, providing timely detection of ongoing attacks before they spread too far into a network. [...]

The Federal Communications Commission (FCC) announced a $31.5 million settlement with T-Mobile over multiple data breaches that compromised the personal information of millions of U.S. consumers. [...]

Global news agency AFP (Agence France-Presse) is warning that it suffered a cyberattack on Friday, which impacted IT systems and content delivery services for its partners. [...]

A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources. [...]

The Data Protection Commission (DPC) in Ireland has fined Meta Platforms Ireland Limited (MPIL) €91 million ($100 million) for storing in plaintext passwords of hundreds of millions of users. [...]

The U.S. Department of Justice unsealed an indictment charging three Iranian hackers with a "hack-and-leak" campaign that aimed to influence the 2024 U.S. presidential election. [...]

Enlarge (credit: Getty Images) Officials in Ireland have fined Meta $101 million for storing hundreds of millions of user passwords in plaintext and making them broadly available to company employees. Meta disclosed the lapse in early 2019. The company said that apps for connecting to various Meta-owned social networks …

Enlarge (credit: The Tor Project) The Tor Project, the nonprofit that maintains software for the Tor anonymity network, is joining forces with Tails, the maker of a portable operating system that uses Tor. Both organizations seek to pool resources, lower overhead, and collaborate more closely on their mission of …

Enlarge (credit: Getty Images) The National Institute of Standards and Technology (NIST), the federal body that sets technology standards for governmental agencies, standards organizations, and private companies, has proposed barring some of the most vexing and nonsensical password requirements. Chief among them: mandatory resets, required or restricted use of …

Amazon Web Services (AWS) is excited to announce that a new Information Security Registered Assessors Program (IRAP) report (2024 H1) is now available through AWS Artifact. An independent Australian Signals Directorate (ASD) certified IRAP assessor completed the IRAP assessment of AWS in August 2024. The new IRAP report includes …

AutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang. [...]

Enlarge (credit: Getty Images) When security researcher Johann Rehberger recently reported a vulnerability in ChatGPT that allowed attackers to store false information and malicious instructions in a user’s long-term memory settings, OpenAI summarily closed the inquiry, labeling the flaw a safety issue, not, technically speaking, a security concern …

Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning. [...]

The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year. [...]

Infostealer malware developers released updates claiming to bypass Google Chrome's recently introduced feature App-Bound Encryption to protect sensitive data such as cookies. [...]

CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks. [...]

While cybercriminals have used generative AI technology to create convincing emails, government agencies have warned about the potential abuse of AI tools to creating malicious software, despite the safeguards and restrictions that vendors implemented. [...]

Salesforce's Einstein Copilot can provide insights and perform tasks help streamline daily processes. However, it also comes with risks that you should takes steps to mitigate. Learn more from Varonis on how to prepare for Salesforce Einstein Copilot, [...]