Information security

Information security

Microsoft is prioritizing security by tying it to compensation for senior leadership. [ more ]

Pro-Russia hacktivists are targeting providers of operational technology like smart water meters and dam monitoring systems in North America and Europe. [ more ]

CISA mandates federal agencies to patch critical GitLab vulnerability under active exploitation. [ more ]

A maximum severity vulnerability in GitLab allows account hijacking without user interaction. [ more ]

Biden administration updated federal infrastructure protection policy via NSM-22, linking it to modern cyber threat landscape, but fell short by not including space and cloud industries. [ more ]

CISA warns of actively exploited GitLab vulnerability CVE-2023-7028, urging swift remediation to prevent potential account hijacking. [ more ]

Russia-backed hacktivist groups targeting critical infrastructure with unsophisticated attacks.

NCSC and CISA warning about evolving threats from hacktivist groups not officially backed by the Kremlin. [ more ]

Rep. Andrew Garbarino aims to dissolve SEC cybersecurity incident disclosure rule, favoring Cybersecurity and Infrastructure Security Agency for handling such disclosures. [ more ]

Windows April security updates may cause VPN issues, prompting users to uninstall updates as a temporary workaround. [ more ]

Iranian hackers linked to Revolutionary Guard impersonated journalists and human rights groups for phishing attacks. [ more ]

Microsoft faced major security breaches resulting in data exposure and criticism. The company is taking steps to improve its security practices and prioritize security as the top concern. [ more ]

The EU and member states condemn Russian cyber attacks by Fancy Bear. [ more ]

UnitedHealth Group CEO revealed data breach involving U.S. military personnel.

Delay in notifying affected individuals poses challenges for health data protection. [ more ]

Dropbox Sign (formerly HelloSign) faced a data breach leading to unauthorized access to customer data, prompting security measures and notifications to impacted users. [ more ]

Breaches through acquisitions can expose organizations to unknown vulnerabilities. [ more ]

Dropbox faced a major cyber attack on its Dropbox Sign service resulting in unauthorized access to personal information including email addresses, usernames, phone numbers, hashed passwords, and authentication information. [ more ]

The cyberattack on Change Healthcare systems impacted a substantial number of Americans, with uncertainty about the exact extent of the breach. [ more ]

Germany attributes cyberattack on SPD to Russia's APT28, military intelligence service. [ more ]

A user lost $68 million worth of wrapped bitcoin due to address poisoning. [ more ]

Network admins should patch critical vulnerabilities in ArubaOS immediately to avoid remote code execution by privilege escalation. [ more ]

Software supply chain vulnerabilities are increasing due to reliance on untrusted sources, requiring better management and vetting processes. [ more ]

Oversecured identified over two dozen vulnerabilities in Xiaomi and Google's Android Open Source Project over the past years. [ more ]

North Korean hacking group Kimsuky exploits email security flaws for phishing attacks on organizations.

Proper configuration of email security protocols, such as DMARC, is crucial in preventing phishing attempts and spoofing. [ more ]

LayerX secures users with innovative browser security solution for enterprises. [ more ]

Ransomware attack on UnitedHealth Group highlights the risk of entrusting sensitive data to companies with irresponsible data protection practices. [ more ]

Three million Docker Hub repositories impacted by malware campaigns since 2021. [ more ]

Microsoft ties executive compensation to security targets and prioritizes security over new features to address recent breaches. [ more ]

Microsoft has introduced consumer passkey support for Microsoft accounts, following Apple and Google, making sign-ins easier and more secure. [ more ]

Chinese researchers found vulnerabilities in Chinese government websites, including DNS configuration lapses and a notable dependence on a few DNS service providers. [ more ]

Almost half of EMEA data breaches are internal. Human error is a significant factor. Zero-day vulnerabilities are increasing, with ransomware exploiting them. [ more ]

Compliance with the PSTI Act is crucial for IoT security and innovation in the U.K. [ more ]

Microsoft is investigating a bug in recent Windows updates affecting VPN software. [ more ]

Cybersecurity preparations for the Paris Olympics are in full swing, focusing on defending against a wide range of potential attackers and scenarios. [ more ]

Google introduced passkeys as a more secure alternative for user authentication, simplifying the login process and proving faster than traditional passwords. [ more ]

Microsoft's April 2024 security update caused a significant increase in NTLM authentication traffic on Windows Server. [ more ]

Rabotnik, a member of the REvil ransomware group, sentenced to 13 years and seven months in jail. [ more ]

Financially motivated hackers and state-sponsored cyber actors share and coexist in compromised routers for covert attacks. [ more ]

NASA needs mandatory cybersecurity guidelines for spacecraft acquisition policies. [ more ]

Brokewell is a new banking malware targeting Android users, posing as Google Chrome and other popular applications, capable of spying on users and stealing sensitive information. [ more ]

A new bill, the Secure Artificial Intelligence Act, aims to establish a database to track AI system breaches and focus on counter-AI techniques. [ more ]

Senators questioned UnitedHealth CEO on recent ransomware cyberattack. [ more ]

Attacks exploiting vulnerabilities increased by 180% driven by MOVEit hack. [ more ]

More funding is crucial for CISA to enhance cybersecurity defense, particularly against Chinese hackers in critical infrastructure. [ more ]