Researchers have identified a new wave of phishing attacks exploiting a vulnerability in the comments feature of Google Docs to deliver malicious phishing websites. It hit more than 500 inboxes across 30 tenants, with hackers using more than 100 different Gmail accounts, Avanan researchers say.
The increasingly connected home is a vulnerable part of the extended enterprise, especially as the line blurs between personal life and work, says Forrester principal analyst Heidi Shey. She encourages organizations to adopt a two-pronged approach to protecting the "work from home" workforce.
Sen. Gary Peters, D-Mich., who chairs the Homeland Security and Governmental Affairs Committee, said this week that his committee convened a virtual briefing with both CISA and National Cyber Director Chris Inglis to discuss efforts to mitigate the threat posed by the Log4j vulnerability.
The Apache Log4j vulnerability capped the end of a long year for CISOs and incident responders. Security leaders Pooja Shimpi and Deepayan Chanda discuss how they have tackled Log4j - and significant lessons learned about incident response and information sharing.
French data protection agency CNIL has imposed fines of $170 million on Google and $66 million on Facebook for not complying with cookie regulations. The watchdog has ruled that the firms should make opting out of cookies as simple as opting in, or pay a $113,000 fine for each day of delay.
A Chicago-based fertility center has reported that a hacking incident detected in February 2021 has affected the protected health information of nearly 80,000 individuals. The breach is among the latest major security incidents involving fertility healthcare providers.
A California man has pleaded guilty to his role in a scheme to commit a $50 million wire and securities fraud that involved the creation of fake websites to solicit funds from investors, the Department of Justice announced Wednesday.
A senior executive at a Russian cybersecurity services firm has been denied bail after being extradited from Switzerland to the U.S. to face charges that he participated in a hacking scheme that stole pre-public earnings information for publicly traded companies to make $82.5 million via insider trading.
In the latest update, four ISMG editors discuss key cybersecurity issues, including myth busting from the founder of Zero Trust, the reason behind the surge in high-profile cryptocurrency scams in India and how ransomware attackers routinely lie about their inclinations, motivations and tactics.
The latest edition of the ISMG Security Report features an analysis of the recent surge in Russian cyber interference in Ukrainian government and civilian networks, the impact of China's privacy law, and the battle against cryptocurrency cybercrime.
Arbix Finance, a yield-farming protocol that runs on Binance Smart Chain, has reportedly siphoned user funds in what blockchain security firm CertiK labeled a "rug pull." This follows a Library of Congress report indicating that the number of nations banning cryptocurrency has doubled since 2018.
Bernalillo County, the largest county in New Mexico, shut down its IT systems after reportedly suffering a ransomware attack on Wednesday. County officials say they are working with third-party vendors to remediate the incident. County staff are working remotely as systems are restored.
A proposed class action lawsuit has been filed against a practice management and electronic health records vendor in the wake of a 2021 cyberattack affecting nearly 320,000 individuals. Among other demands, the lawsuit seeks a long list of security improvements by the company.
The Apache Log4j vulnerability capped the end of a long year for CISOs and incident responders, and it left them with a mitigation project that carries them well into the New Year. CISOs John Bassett and Martin Dinel discuss how their teams have tackled Log4j - and significant lessons learned.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.