The Hacker News
4 Cloud Data Security Best Practices All Businesses Should Follow Today
4 Cloud Data Security Best Practices All Businesses Should Follow Today
DataBreaches
Follow-up: Woman Who Stole and Sold Protected Health Information Sentenced to 2 ½ Years in Prison
There was a follow-up last week to a case DataBreaches.net has reported on several times, beginning in December, 2020 when Demetrius Cervantes, 46, of...
ThreatPost
Planned Parenthood Breach Opens Patients to Follow-On Attacks
Cyberattackers made off with addresses, insurance information, dates of birth, and most worryingly, clinical information, such as diagnosis, procedures and/or prescription information.
DataBreaches
Follow-on extortion campaign: confirmation of some findings by Arctic Wolf
Bill Toulas of Bleeping Computer reported on a recent Arctic Wolf Labs investigation that caught my eye. Arctic Wolf investigated two cases where victims of...
CyberSecurity Dive
Cloudflare hit by follow-on attack from previous Okta breach
A threat actor that previously intruded Cloudflare’s network through its Okta environment regained access with mistakenly unrotated credentials.
DarkReading
TikTok Banned on Govt. Devices; Will Private Sector Follow Suit?
Texas and Maryland this week joined three other states in prohibiting accessing the popular social media app from state-owned devices.
CyberSecurity Dive
Enterprises rarely follow advice to never pay ransoms
Ransomware foists a difficult choice on executives and very few leave business operations in limbo to test a best practice.
DataBreaches
NYS Comptroller Audit: Cyber Incident Response Team (Follow-Up)
Issued Date: July 20, 2023 Agency/Authority: Homeland Security and Emergency Services, Division of Objective To assess the extent of implementation of the...
CyberNews
FCC sees abusers exploiting connected cars: rules for carmakers will follow
After multiple media reports on abusers using smart car services for stalking and harming their victims, the FCC is launching formal proceedings.
ZDNet
Follow this one simple rule for better phone security
Here's a bit of advice that Android users should consider to keep their smartphones and tablets as secure as possible.
DataBreaches
When ransom negotiations become public, self-inflicted reputation harm may follow
Not all ransomware victims have given up on getting attackers to sign a nondisclosure agreement (NDA), so they can call a ransom payment a “bug...
Ars Technica
Zuckerberg’s AGI remarks follow trend of downplaying AI dangers
Zuckeberg and Altman both tamp down fear and hype with casual statements about AGI.
Cyber Security News
New Ransomware Trend - Threat Actors Deploy Two Ransomware on Victims' Networks
The FBI alerts on rising ransomware trends and urges organizations to follow mitigation recommendations for minimizing ransomware risks and consequences.
CyberNews
When Facebook blocks news, studies show political risks follow
Blocking of news links has led to changes in the way Canadian Facebook users engage with info about politics.
DataBreaches
Follow-up: Forensic audit didn’t reveal any unauthorized access to customer data: Mobikwik
Mint reports: Payments firm One Mobikwik Systems Ltd on Monday, in its draft IPO prospectus, said that a forensic audit conducted by an independent expert...
SecurityWeek
Bill Would Force Period Tracking Apps to Follow Privacy Laws
When the Supreme Court last June stripped away constitutional protections for abortion, concerns grew over the use of period tracking apps because they aren’t protected by federal privacy laws.
Infosecurity News
Okta Breach Hit Over 130 Customers
Several suffered follow-on session hijacking attacks
The Record
ExpressVPN pulls servers out of India over cybersecurity law, and others may follow
Several VPN services said they are considering moving operations out of India after ExpressVPN announced this week that it plans to remove servers from the country.
The Cyber Express
The Cybersecurity Guardians: Meet the Top 30 cybersecurity Influencers to Follow in 2024
The ever-evolving landscape of cybersecurity is shaped by a dedicated group of individuals. These pioneers, through their research, entrepreneurship, and
DataBreaches
Au: Hackers Follow Through with Dark Web Threat After Law Firm Rejects Ransom
GVS reports: A hacking group claiming to be Russian-linked cybercriminals has published sensitive data from one of Australia’s largest law firms, HWL...
Bleeping Computer
NSA shares guidance on securing voice, video communications
The National Security Agency (NSA) has shared mitigations and best practices that systems administrators should follow when securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems.
Infosecurity News
AP Stylebook Breach May Have Hit Hundreds of Journalists
Victims were targeted by follow-on phishing attacks
Ars Technica
Microsoft says Kremlin-backed hackers accessed its source and internal systems
Midnight Blizzard is now using stolen secrets in follow-on attacks against customers.
Ars Technica
CEO: Raspberry Pi is “where we said we’d be” for 2023, recovery to follow
Following "lousy first quarter," Upton expects "hundreds of thousands" by Q3.
The Record
Lawmakers set sights on data minimization as states seek to limit companies from capturing vast amounts of personal info
A comprehensive data privacy bill that includes the country’s toughest data minimization standards is on the cusp of passing the Maryland state legislature, giving advocates hope that similar bills will follow nationwide.
DataBreaches
UT: EMI Health alerting plan members to breach — notices will follow at a later date
EMI Health is committed to protecting the confidentiality and security of our members’ information. Regrettably, we recently identified and addressed a...
The Record
European Commission's Despina Spanou on why cyber officials must 'learn lessons from crises'
When it comes to privacy and cybersecurity regulations, the EU often sets the standards that other governments follow, and Despina Spanou has played a key role.
Infosecurity News
Apple and Google Turn Off Map Features to Help Ukraine
Tech giants also follow Meta in cracking down on Kremlin propaganda
DataBreaches
Th: Hospital hack prompts call for cooperation
Wassayos Ngamkham has some interesting follow-up reporting on the recent attack on Phetchabun Hospital. That hospital and Bhumirajanagarindra Kidney...
The Hacker News
Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern
Ransomware attacks on VMware ESXi follow a similar pattern, exploiting misconfigurations and vulnerabilities.
DataBreaches
DOJ Announces New Cyber-Fraud Initiative Promoting False Claims Act Enforcement Against Contractors and Grantees Failing to Follow Cybersecurity Standards
Anthony Mirenda, Stephen Garvey, and Natalie Panariello of Foley Hoag write: As we anticipated last spring, the Department of Justice (DOJ) has signaled that...
DataBreaches
Update: Missouri Delta Medical Center acknowledges ransomware incident
DataBreaches.net has continued to follow up on the ransomware attack on Missouri Delta Medical Center claimed by Hive threat actors. This site broke the story...
DarkReading
Atlassian Tightens API After Hacker Scrapes 15M Trello Profiles
The company hasn't acknowledged responsibility for the incident, although allowing scraping paves the way for dangerous follow-on attacks.
DataBreaches
ClearBalance, Bricker & Eckler settle data breach lawsuits involving patient data
To follow up on two previously reported breaches involving protected health information, here are two class action settlements that involve business...
DarkReading
Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages
Sites spoofing Grammarly and a Cisco webpage are spreading the DarkTortilla threat, which is filled with follow-on malware attacks.
The Record
A top Ukrainian security official on defending the nation against cyber attacks
In the wake of an escalating crisis between Ukraine and Russia, Serhii Demediuk agreed to a follow-up interview in which he discussed issues including the recent defacement of Ukrainian websites, the security of the country’s critical infrastructure, and Russia’s motivations.
DataBreaches
ShopBack fined S$74,400 for data breach of over a million users
Zhao Yifan reports a follow-up to an incident previously noted on this site. Ecommerce Enablers, which operates the online shopping service platform ShopBack,...
DarkReading
'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds
Deployed by the infamous SmokeLoader botnet, the location-tracking malware could be used for a host of follow-on cyberattacks or even physical targeting.
DarkReading
'Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month
A new threat actor just concluded a month and a half of two major leaks per day. Now comes phase two: follow-on attacks.
DataBreaches
Tulsa Says Network Hack Gained Some Social Security Numbers
There’s a follow-up to the Tulsa ransomware incident previously reported on this site in May and June. AP is reporting that continued investigation by...
DataBreaches
Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed
Lorenzo Franceschi-Bicchierai reports on yet another incident in which responsible disclosure by a researcher and follow-up by media failed to get a company to...
DataBreaches
TX: Medical provider waited months to send patients letters about ransomware attack
This is a follow-up to an incident first reported on this site back in May. Jeremy Rogalski reports: HOUSTON — A local health care provider attacked by a...
Infosecurity News
Thousands of Mobile Apps Expose User Data Via Cloud Misconfigurations
Check Point study urges developers to follow best practices
CyberScoop
NATO, G-7 leaders promise bulwark against retaliatory Russian cyberattacks
The pledges by NATO and G-7 nations follow the Biden administration saying that Russia's calculus on digital assaults had changed.
DataBreaches
FL: inmates filing lawsuit after data breach
Rochelle Alleyne reports a follow up to a breach not previously noted on this site: Hacked. That was the headline back in April when it came to the 20th...
DataBreaches
Report: Missouri Governor’s Office Responsible for Teacher Data Leak
Brian Krebs reports on a follow-up to the case of Missouri’s Governor Parsons tried to sue a journalist and others who had responsibly disclosed and...
Bleeping Computer
Researchers compile list of vulnerabilities abused by ransomware gangs
Security researchers are working on compiling an easy to follow list of initial access attack vectors ransomware gangs and their affiliates are using to breach victims' networks.
SecurityWeek
AT&T Says Data on 73 Million Customers Leaked on Dark Web
AT&T on March 30 said that data on 73 million customers was exposed on the dark web, including social security numbers.
CSO
CISA, FBI urge developers to patch path traversal bugs before shipping
The advisory highlights how developers can follow best practices to fix these vulnerabilities during production.
The Hacker News
Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums
Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums
Bleeping Computer
Elon Musk's Twitter followers targeted in fake crypto giveaway scam
Twitter accounts giving Elon Musk a follow are being targeted in a crypto giveaway scam dubbed 'Freedom Giveaway.'
Bleeping Computer
Elon Musk "Freedom Giveaway" crypto scam promoted via Twitter lists
Twitter accounts giving Elon Musk a follow are being targeted in a crypto giveaway scam dubbed 'Freedom Giveaway.'
ThreatPost
TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands
The resurgent trojan has targeted 60 top companies to harvest credentials for a wide range of applications, with an eye to virulent follow-on attacks.
DataBreaches
Internal emails raise questions about government’s investigation into Walgreens privacy breach
I am so glad to see a follow-up on this case because I had the same questions about how and why Walgreens did not suffer the same federal penalties as CVS and...
DataBreaches
HC3 Alert on Lorenz Ransomware
HC3 has issued an alert about Lorenz ransomware. Lorenz threat actors have been mentioned on DataBreaches’ site several times since 2021. In one case...
Naked Security
Office macro security: on-again-off-again feature now BACK ON AGAIN!
20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That’s progress!
DataBreaches
Norton Healthcare update on cyberattack
Norton Healthcare has six hospitals in Kentucky and one in Indiana. Since May 9, they have been working on recovering from a cyberattack. They don’t call...
Bleeping Computer
Microsoft shares guidance on securing Windows 365 Cloud PCs
Microsoft has shared guidance on securing Windows 365 Cloud PCs and more info on their built-in security capabilities.
The Hacker News
U.S. Imposes New Sanctions on Iran Over Cyberattack on Albania
The U.S. Treasury Department has imposed new sanctions on Iran for engaging in cyberattack activities against the Albanian government.
CyberScoop
White House to give aviation executives classified cyberthreat briefing, latest in series of industry meetings
The meeting will follow an Aug. 4 briefing with railroad executives to discuss industry responses to critical infrastructure cybersecurity.
The Cyber Express
NoName on Rampage! Claims DDoS Attacks on Ukrainian Government Sites
NoName ransomware group has allegedly targeted multiple Ukrainian government websites. The latest victims of the alleged NoName ransomware attack on
The Cyber Express
Mogilevich Ransomware Group Claims Cyberattack on Bazaarvoice, Data on Sale
The Mogilevich ransomware group has claimed responsibility for a cyberattack on Bazaarvoice, a leading platform connecting brands and retailers with
Ars Technica
Big ambitions, tiny LEDs: Apple said to be developing Micro LED displays for 2024
Screens said to ship in Apple Watch first, with iPhone and others to follow.
CyberNews
Stormous claims cyberattack on Belgian brewer
The ransomware group Stormous has claimed responsibility for the cyberattack on Duvel Moortgat brewery on Wednesday.
The Cyber Wire
All in on cybersecurity.
Solution Spotlight: Simone Petrella sits down with Kristie Grinnell from DXC Technology to discuss their All in on Cyber program.
The Hacker News
Keep Your Grinch at Bay: Here's How to Stay Safe Online this Holiday Season
Don't let cybercriminals steal your holiday cheer – follow these simple steps to protect yourself and your personal information while shopping online.
DataBreaches
Attack on the Azienda Ospedaliera di Alessandria hospital: additional details on the case
Marco A. De Felice prefaces his reporting on a Ragnar_Locker attack with this message: For ethical reasons we did not want to spread the news of the attack on...
DarkReading
Key Proposals in Biden's Cybersecurity Strategy Face Congressional Challenges
The strategy document does nothing to change things on the ground in the near term; legislation, regulation, and follow-up executive action are all going to be key to moving forward the administration's agenda.
ZDNet
How to set up a VPN on your router
Setting up a VPN on your router can protect the computers and devices on your network. Here's how to pull this off.
CSO
NetRise releases Trace solution with AI-powered semantic search aimed at protecting firmware
The platform analyzes XIoT firmware using large language model capabilities to follow compromised or vulnerable assets back to their source.
Bleeping Computer
These hands-on STEM courses are absolutely Brilliant, and on sale
Join over nine million people on Brilliant, and discover a better way to learn. One subscription will unlock the benefits on all your devices. Be one of the first 200 students to get started today and enjoy 20% off a year of Brilliant Premium.
DataBreaches
Ransomware attack on Grass Valley
The City of Grass Valley has a notice on YubaNet that begins: On June 29, 2021 the City of Grass Valley discovered an unknown source had made unauthorized...
DataBreaches
Fr: Ransomware attack on spa is anything but relaxing
On July 9, the Royatonic spa in France suffered a ransomware attack. A notice on their web site informs people that as of July 12, the spa had to close...
DataBreaches
Hong Kong electoral office apologizes after employee accidentally sends details of 15,000 voters to random email
Kathleen Magramo reports: Hong Kong’s electoral office has apologised after an employee failed to follow guidelines and sent the personal details of about...
Bleeping Computer
Why IT service desks can be open targets for threat actors
IT service desks have become a popular target over the past year in social engineering attacks. Learn more from Specops Software on the best practices orgs should follow to secure their help desks.
ZDNet
2G's security weaknesses are still a problem, even for modern phones | ZDNet
EFF urges Apple to follow Google and give smartphone users the option to dodge 2G.
The Cyber Express
Hacktivists Claim Cyberattack on Columbia University After Police Crackdown on Protests
Anonymous Arabia, a notorious group of hacktivists, has allegedly launched a cyberattack on Columbia University in response to the recent
DataBreaches
PA Health Dept Sued; Investigation Looms, After Contact Tracing Breach
Jessica Davis has the somewhat predictable follow-up to a recently reported breach involving Insight Global, a contact tracing vendor for the Pennsylvania...
The Hacker News
Experts Sound Alarm on DCRat Backdoor Being Sold on Russian Hacking Forums
Cybersecurity researchers have shed light on an actively maintained remote access trojan called DCRat ( aka DarkCrystal RAT).
The Cyber Wire
All in on cybersecurity.
Solution Spotlight: Simone Petrella sits down with Kristie Grinnell from DXC Technology to discuss their All in on Cyber program.
Bleeping Computer
UK’s Cyber Security Center publishes new guidance to fight smishing
UK's National Cyber Security Center (NCSC) has published new guidance for organizations to follow when communicating with customers via SMS or phone calls.
Infosecurity News
UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware
These new sanctions follow a first wave in February 2023, where seven Russians involved with Trickbot and Conti were also sanctioned
Ars Technica
FTC warns consumers to beware of QR codes used in malware and payment scams
The convenience of QR codes is a double-edged sword. Follow these tips to stay safe.
CyberNews
iPhone users: turn on new security feature
Apple has released a new security feature called Stolen Device Protection – and you should definitely turn it on, experts say.
Infosecurity News
Cyber-attack on California Healthcare Organization
Ransomware gang claims responsibility for attack on Partnership HealthPlan
Computerworld
On browsers and bugs
While most computer users focus on desktop and mobile device patches, it’s important to make sure browsers are kept up to date as well.
SecurityWeek
What's Going on With Cybersecurity VC Investments?
A discussion on the state of cybersecurity investments, venture capital strategies in a confusing economic climate, predictions on hot and not-so-hot product categories, and what happens with all those cybersecurity unicorns.
CyberNews
Meta cuts political content on Reels but users say “Don’t babysit us”
Meta has announced changes in how it shares political content by excluding it from Reels and Explore on Instagram and not recommending it on Threads.
Naked Security
Reddit admits it was hacked and data stolen, says “Don’t panic”
Reddit is suggesting three tips as a follow-up to this breach. We agree with two of them but not with the third…
Infosecurity News
LockBit Claims Ransomware Attack on Continental
The ransomware gang made the announcement on its leak site
DataBreaches
Cyberattack on debt-buying giant exposes sensitive info on nearly 500,000 people
Jonathan Greig reports: Nearly half a million people had their sensitive financial information leaked during a cyberattack on NCB Management Services – a...
Security Affairs
Compromised WordPress sites launch DDoS on Ukrainian websites
Threat actors compromised WordPress sites to deploy a script that was used to launch DDoS attacks, when they are visited, on Ukrainian websites. MalwareHunterTeam researchers discovered the malicious script on a compromised WordPress site, when the users were visiting the website the script launched a DDoS attack against ten Ukrainian sites. The JavaScript was designed […]
The Hacker News
Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise
As the mobile threat landscape evolves in 2022, new and existing banking trojans are increasingly targeting Android devices to perform on-device fraud
Security Affairs
BEC scammers impersonate CEOs on virtual meeting platforms
The FBI warned US organizations and individuals are being increasingly targeted in BECattacks on virtual meeting platforms The Federal Bureau of Investigation (FBI) warned this week that US organizations and individuals are being increasingly targeted in BEC (business email compromise) attacks on virtual meeting platforms. Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that […]
DataBreaches
On Password Day, a Chilling Observation
It’s Password Day, and this is as good a time as any to mention that Britton White and I have been collaborating on some research expanding on his...
Trend Micro
2023 Review: Reflecting on Cybersecurity Trends
Every year, experts weigh in with predictions of what the big cybersecurity trends will be—but how often are they right? That’s the question Trend Micro’s Greg Young and Bill Malik asked recently on their Real Cybersecurity podcast, looking at what forecasters got wrong on a wide range of topics, from AI to human factors.
Security Affairs
Researchers warn of malicious packages on PyPI using steganography
Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. CheckPoint researchers discovered a malicious package, named ‘apicolor,’ on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. The malicious package infects PyPI users through open-source projects on Github. The […]
DarkReading
Russian Spies, War Ministers Reliant on Cybercrime in Pariah State
Swiss intelligence warns that Russia ramping up cyberattacks on infrastructure and cyber espionage as on-the-ground options evaporate.
CSO
How harm reduction can more effectively reduce employee risky behavior
Black Hat speaker proposes framework to reduce the negative consequences of risky user actions and encourage them to follow security's advice.
SecurityWeek
NATO Condemns Alleged Iranian Cyberattack on Albania
NATO condemned a cyberattack on Albania that Tirana and Washington blamed on Iran, and pledged to bolster the alliance member's defenses against hackers.
Loading more articles....