Information security
Information security

Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say

Pro-Russia hacktivists target critical infrastructure sectors in North America and Europe, exploiting cybersecurity weaknesses and causing physical threats. [ more ]

ITPro

Security agencies warn of heightened threat to critical national infrastructure

Hacktivists target ICS in North America and Europe with potential physical threats, utilizing unsophisticated techniques initially. [ more ]

Nextgov.com

UnitedHealth CEO grilled over 'clear national security threat' from Change Healthcare hack

Senators questioned UnitedHealth CEO on recent ransomware cyberattack. [ more ]

euronews

'Cyberwarriors' prepare against attacks during Paris Olympics

France anticipates increased cyber threats during the upcoming Paris Olympic Games, particularly from Russian actors. [ more ]

Developer Tech News

CISA sounds alarm on critical GitLab flaw under active exploit

Organizations should promptly apply security updates in response to active exploitation attempts. [ more ]

WIRED

The White House Reveals New Master Plan to Stop Everything From Cyberattacks to Terrorism

The Biden administration is updating the US government's infrastructure protection blueprint with a focus on cybersecurity and partnerships with the private sector. [ more ]

morecybersecurity

TechCrunch

United HealthCare CEO says 'maybe a third' of U.S. citizens were affected by recent hack | TechCrunch

The cyberattack on Change Healthcare systems impacted a substantial number of Americans, with uncertainty about the exact extent of the breach. [ more ]

CyberScoop

Exploitation of vulnerabilities almost tripled as a source of data breaches last year

Attacks exploiting vulnerabilities increased by 180% driven by MOVEit hack. [ more ]

Mail Online

Android users warned fake Chrome update could drain your bank account

Brokewell is a new banking malware targeting Android users, posing as Google Chrome and other popular applications, capable of spying on users and stealing sensitive information. [ more ]

ITPro

Stealthy malware: The threats hiding in plain sight

Criminals are evolving to use more sophisticated methods like hunter-killer malware to hide from security systems, with over two-thirds of malware now employing stealth techniques. [ more ]

ITPro

Don't let your network become a security blind spot

Cyber security is a crucial priority for businesses to protect their digital assets and avoid significant costs and consequences associated with cyber attacks. [ more ]

The Verge

Microsoft overhaul treats security as "top priority" after a series of failures

Microsoft is prioritizing security by tying it to compensation for senior leadership. [ more ]

TechRepublic

U.K. and U.S. Warn of Pro-Russia Hacktivist Attacks on Operational Technology Systems

Pro-Russia hacktivists are targeting providers of operational technology like smart water meters and dam monitoring systems in North America and Europe. [ more ]

russia

Theregister

1 day ago

Germany blames Fancy Bear for 2023 hacking campaign

Germany attributes cyberattacks to Russian threat actor APT28, US supports attribution. [ more ]

ComputerWeekly.com

EU calls out Fancy Bear over attacks on Czech, German governments | Computer Weekly

The EU and member states condemn Russian cyber attacks by Fancy Bear. [ more ]

morerussia

www.independent.co.uk

New laws to protect consumers from cyber attacks take effect

Manufacturers legally required to enhance security of smart devices by banning weak default passwords and ensuring transparency in security updates. [ more ]

www.ocregister.com

Kaiser Permanente may have sent private patient data to Google, Microsoft and X

Kaiser Permanente's breach resulted in sharing patients' information with tech giants; data included names and search history. [ more ]

The Verge

10 hours ago

Google's AI plans now include cybersecurity

Google focuses on using generative AI for cybersecurity, leveraging Gemini 1.5 Pro for threat analysis and report summarization. [ more ]

Ars Technica

0-click GitLab hijacking flaw under active exploit, with thousands still unpatched

A maximum severity vulnerability in GitLab allows account hijacking without user interaction. [ more ]

unitedhealth-group

ITPro

Citrix vulnerability behind Change Healthcare cyber attack, CEO claims

UnitedHealth CEO Andrew Witty testifies on cyber attack involving Citrix software. [ more ]

CyberScoop

Data stolen in Change Healthcare attack likely included U.S. service members, executive says

UnitedHealth Group CEO revealed data breach involving U.S. military personnel.

Delay in notifying affected individuals poses challenges for health data protection. [ more ]

moreunitedhealth-group

Ars Technica

Hacker free-for-all fights for control of home and office routers everywhere

Financially motivated hackers and state-sponsored cyber actors share and coexist in compromised routers for covert attacks. [ more ]

Engadget

Microsoft's latest Windows security updates might break your VPN

Windows April security updates may cause VPN issues, prompting users to uninstall updates as a temporary workaround. [ more ]

ITPro

LightSpy malware has made a comeback, and this time it's coming after your macOS devices

Businesses running macOS devices face potential risk from the new variant of LightSpy malware. [ more ]

New York Post

1 day ago

More than 380,000 additional NYC students had personal info hacked, bringing total to over 1M

Over 380,000 NYC public school students had personal data hacked, totaling over 1 million affected. DOE offers free credit monitoring services post-security breach. [ more ]

ITPro

2 hours ago

AI is changing the game when it comes to security

Cybersecurity is undergoing a significant transformation, leveraging AI for faster threat detection and response. [ more ]

BleepingComputer

New Cuttlefish malware infects routers to monitor traffic for credentials

Cuttlefish malware infects routers to steal data and authentication information, active since July 2023. [ more ]

Ars Technica

Microsoft ties executive pay to security following multiple failures and breaches

Microsoft faced major security breaches resulting in data exposure and criticism. The company is taking steps to improve its security practices and prioritize security as the top concern. [ more ]

Theregister

'Cybersecurity incident' closes London Drugs' pharmacies

London Drugs closed all stores due to a cybersecurity incident [ more ]

Fast Company

2 days ago

Israel-Hamas war cyberattacks are mostly felt by civilians

Cyber conflict consequences primarily affect civilians, not soldiers, in the Israel-Hamas war. [ more ]

Ars Technica

12 hours ago

Novel attack against virtually all VPN apps neuters their entire purpose

TunnelVision attack intercepts VPN traffic, routing it outside encrypted tunnels, compromising user privacy and security. [ more ]

Harvard Business Review

Preventing the Next Big Cyberattack on U.S. Health Care

The cyberattack on Change Healthcare exposed vulnerabilities in the U.S. health care sector that require urgent action for improved cybersecurity. [ more ]

CyberScoop

Easterly appeals to Congress on CISA funding, citing Chinese threats to critical infrastructure

More funding is crucial for CISA to enhance cybersecurity defense, particularly against Chinese hackers in critical infrastructure. [ more ]

Fast Company

Politically motivated cyber attacks are on the rise, putting our elections at risk

Politically motivated DDoS attacks increased in the second half of 2023, with specific groups targeting various sectors globally. [ more ]

CyberScoop

US spy agencies to share intelligence on critical infrastructure in policy revamp

The U.S. intelligence community will share threat information with critical infrastructure operators under the revised policy directive. [ more ]

www.aljazeera.com

Germany accuses Russia of intolerable' cyberattack, warns of consequences

Germany attributes cyberattack on SPD to Russia's APT28, military intelligence service. [ more ]

Coindesk

Exploiter Steals $68M Worth of Crypto Through Address Poisoning

A user lost $68 million worth of wrapped bitcoin due to address poisoning. [ more ]

Theregister

Dropbox warns of attack that leaked customers' personal info

Dropbox faced a major cyber attack on its Dropbox Sign service resulting in unauthorized access to personal information including email addresses, usernames, phone numbers, hashed passwords, and authentication information. [ more ]

www.amny.com

16 hours ago

NYC synagogue bomb threats still being investigated

Pols in NYC are increasing security at synagogues after bomb threats, prompting federal funds for worship places' security enhancement. [ more ]

Nextgov.com

15 hours ago

White House in talks with industry to build legal framework for software liability

Biden administration engaging with software developers to shift liability for software flaws onto manufacturers, incentivizing secure development practices. [ more ]

WIRED

2 days ago

A New Surveillance Tool Invades Border Towns

Yahoo Boys operate openly on social platforms engaging in various criminal activities. [ more ]

The Verge

AI security bill aims to prevent safety breaches of AI models

A new bill, the Secure Artificial Intelligence Act, aims to establish a database to track AI system breaches and focus on counter-AI techniques. [ more ]

Sacramento Bee

Data breach may have involved millions of patients, Kaiser says. What was leaked?

Kaiser Permanente notifies 13.4 million patients of a potential data breach involving third-party vendors and IP addresses. [ more ]

vulnerabilities

Theregister

Four critical bugs in ArubaOS lead to remote code execution

Network admins should patch critical vulnerabilities in ArubaOS immediately to avoid remote code execution by privilege escalation. [ more ]

Theregister

Software supply chain security still in early days, says CEO

Software supply chain vulnerabilities are increasing due to reliance on untrusted sources, requiring better management and vetting processes. [ more ]

morevulnerabilities

Nextgov.com

US warns of North Korean hackers using email security flaws for phishing attacks

North Korean hacking group Kimsuky exploits email security flaws for phishing attacks on organizations.

Proper configuration of email security protocols, such as DMARC, is crucial in preventing phishing attempts and spoofing. [ more ]

TechCrunch

Change Healthcare hackers broke in using stolen credentials - and no MFA, says UHG CEO | TechCrunch

Hackers exploited stolen credentials without multi-factor authentication to breach Change Healthcare's systems, leading to massive health data exfiltration in a ransomware attack. [ more ]

DevOps.com

LayerX Security Raises $24M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere - DevOps.com

LayerX secures users with innovative browser security solution for enterprises. [ more ]

Theregister

Discord snoop site Spy.pet is offline, banned from platform

Data harvesting site Spy.pet was dismantled after public exposure, highlighting the importance of transparency and scrutiny in cybersecurity. [ more ]

Ars Technica

Everyday devices are used to hide ongoing account compromise campaign

Okta warns about widespread authentication attack using devices of everyday users to hide fraudulent login attempts. [ more ]

ITPro

Hackers are exploiting critical GitLab password reset vulnerability - here's what you need to know

CISA warns of actively exploited GitLab vulnerability CVE-2023-7028, urging swift remediation to prevent potential account hijacking. [ more ]

CyberScoop

23 hours ago

Stealing cookies: Researchers describe how to bypass modern authentication

The article highlights the weaknesses of password-based authentication and the importance of modern authentication methods like FIDO2 in enhancing security in digital systems. [ more ]

BBC News

Smart gadgets: Tougher rules for sellers of internet-enabled devices in the UK

New UK law enforces stricter security rules for 'smart' gadgets to protect consumers from cyber-criminals. [ more ]

ComputerWeekly.com

NCSC updates warning over hacktivist threat to CNI | Computer Weekly

Russia-backed hacktivist groups targeting critical infrastructure with unsophisticated attacks.

NCSC and CISA warning about evolving threats from hacktivist groups not officially backed by the Kremlin. [ more ]

ReadWrite

Scam alert for Android users as 'Brokewell' malware threatens users' bank accounts

Android users on Google Chrome may fall victim to Brokewell malware affecting bank accounts. [ more ]

cisa

Nextgov.com

House cyber chairman tries again to undo SEC cyber disclosure rules

Rep. Andrew Garbarino aims to dissolve SEC cybersecurity incident disclosure rule, favoring Cybersecurity and Infrastructure Security Agency for handling such disclosures. [ more ]

WIRED

The US Government Is Asking Big Tech to Promise Better Cybersecurity

The pledge offers flexibility to companies in meeting goals but emphasizes public progress and sharing techniques. [ more ]

morecisa

www.cbc.ca

All London Drugs stores remain closed after 'cybersecurity incident' | CBC News

London Drugs stores closed due to a cybersecurity incident in Western Canada, prioritizing customer care and data security. [ more ]

FedScoop