London's Metropolitan Police Service is investigating a serious data breach that may have exposed names, ranks and photographs for potentially all 47,000 personnel, after someone gained "unauthorized access to the IT system" of one of its suppliers.
Ransomware and data exfiltration attacks continue to stick victims with serious bills to cover cleanup, legal and other resulting costs - to the tune of $10.8 million and counting for cloud computing giant Rackspace, for one. Rackspace was hit by the Play ransomware group last year.
Venture-backed cloud security firm Wiz swallowing up publicly traded endpoint security firm SentinelOne would be one of the most unorthodox and surprising acquisitions the cybersecurity industry has ever seen. But despite the major financial hurdles, the potential technology synergies are obvious.
A backdoor Trojan known as SmokeLoader is deploying a customized Wi-Fi scanning executable to triangulate the location of infected Windows devices. The malware, dubbed "Whiffy Recon," uses nearby Wi-Fi access points as a data point for Google's geolocation API.
A new healthcare-focused research agency is seeking proposals for innovative cybersecurity technologies that can apply a national security approach to protecting this highly targeted civilian industry. Today's off-the-shelf software is falling short, the agency said.
A three-hospital health system serving the Mississippi Gulf Coast has resorted to paper charting and other manual processes for patient care as it deals with a cyberattack that forced it to take systems offline. The incident is the latest disruptive attack on a regional medical provider.
The demand for DDoS-for-hire services has surged significantly in recent years. Cameron Schroeder, chief of the Cyber and Intellectual Property Crimes Section at the U.S. Attorney’s Office, said the increase is driven by accessibility, ease of use and the need for only minimal technical proficiency.
A likely Russian toolkit dubbed Telekopye by security researchers lets thieves focus on honing their social engineering skills without having to worry about the technical side of online scamming. Users dub victims "Mammoths," leading security firm Eset to christen Telekopye customers "Neanderthals."
A British jury found that two teenagers had been members of the Lapsus$ hacking group that attacked Uber, Okta, Rockstar and other organizations. Lapsus$ earned notoriety for stealing data via low-complexity attacks and holding it to ransom, taunting victims and leaking stolen data.
Ransomware-wielding hackers are moving faster than ever to pull the trigger on malicious encryption - but they could be bumping up against the limits of how fast they can go, say security researchers at Sophos. Better endpoint detection may be spurring ransomware hackers into acting faster.
Sharing information and threat intelligence "collectively" is critical in order for health and public health sector entities to be able to defeat their cyber adversaries, said Nitin Natarajan, deputy director of the Cybersecurity Information and Security Agency.
In encryption-less attacks, ransomware gangs steal large volumes of sensitive data, including terabytes of information, without locking up systems. Attackers leverage the value of the stolen data as a means to coerce organizations into paying ransoms to avert data release.
Conventional wisdom recommends to never negotiate with ransomware actors. They can't be trusted. But Mark Lance at GuidePoint Security recently made the case that organizations can gather important information through negotiations, slow down the process and even lower the ransom demand.
Browser security and microsegmentation play critical roles in stemming the bleeding from ransomware attacks, as "almost always the attacks come from a point-based browser vector," said Spencer Tall, managing director, AllegisCyber Capital. He shared two approaches to ensure secure browser adoption.
In the latest weekly update, ISMG editors discuss important cybersecurity and privacy issues including highlights of interviews at Black Hat 2023, lessons learned from the success of the Lapsus$ cybercrime group's attacks and why Check Point is buying startup Perimeter 81 for $490 million.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.