Snyk purchased a Portuguese startup founded by SonarSource and European Parliament veterans to help developers contribute to code bases more quickly. The Boston-based developer security vendor said its buy of Porto-based Reviewpad will help developers secure pull requests.
Costco warehouse customers often get free samples of cheese and beef jerky. But members who fill their prescriptions online at Costco pharmacies allegedly get their sensitive information unlawfully scraped and transmitted to third parties, claim two proposed federal class action lawsuits.
Ransomware-wielding groups are among the attackers exploiting vulnerabilities in NetScaler devices to bypass authentication and gain initial access to victims' networks. Experts say users must not just patch but also wipe device memory to prevent attackers from bypassing access controls.
Proofpoint has agreed to purchase a cloud email security provider founded by HSBC, RBS, Santander and UBS alumni to apply artificial intelligence to evolving threats. The proposed acquisition of Boston-based Tessian will help Proofpoint address common forms of data loss including data exfiltration.
U.S. President Joe Biden is invoking a Cold War-era law in an executive order directing developers of advanced AI models to notify the government and share safety tests. The order is "the strongest set of actions any government in the world has ever taken on AI safety," a White House official said.
North Korean hackers are spreading malware through known vulnerabilities in legitimate software. In a new campaign spotted by Kaspersky researchers, the Lazarus group is targeting a version of an unnamed software product for which vulnerabilities have been reported and patches are available.
The U.S. Cybersecurity and Infrastructure Security Agency launched a security tool intended to help organizations with limited resources better protect their Windows-based devices and sensitive data. Logging Made Easy is meant to serve as a turnkey log management tool.
The U.K. communication regulator laid down plans to implement a controversial regulation intended to prevent online child sexual abuse material after it officially became law. The Online Safety Bill received royal assent on Thursday after it was cleared by the parliament in September.
The United Nations unveiled Thursday an AI advisory body that looks to analyze risks and make recommendations on international governance for the technology. The body comprises 38 experts across geographies and industries, including from government, the private sector and civil society.
In the latest weekly update, ISMG editors discuss how cybersecurity businesses are building resilience during the Israel-Hamas war, the latest on the hacks of Cisco IOS XE devices, and recommendations for businesses in Indonesia looking to improve their cybersecurity practices.
Hospitals, clinics and doctor practices have long fallen victim to cyberattacks and breaches kicked off with phishing emails. But with the advent of AI-augmented phishing, the lures are more convincing and could lead to even more scams targeting healthcare organizations, federal authorities warned.
Two cybersecurity vendors are laying off a sizable chunk of their staff, with Exabeam axing 20% of its workforce and F-Secure cutting up to 70 employees. Exabeam eliminated roughly 134 positions this week, while F-Secure wants to shrink its workforce by nearly 14%.
Social media single sign-on standard OAuth has an implementation weakness that hackers could exploit to obtain unauthorized access, say researchers. "We expect that 1,000s of other websites are vulnerable to the attack," wrote Salt Security, "putting billions of additional internet users at risk."
Consumer lenders such as mortgage brokers, auto dealers and payday lenders must soon report data breaches to the Federal Trade Commission under a revised regulation that mandates public disclosure. The new disclosure requirement will become effective in six months.
Poor visibility and the complexity of cloud environments are helping criminals exploit important blind spots in critical infrastructure and business, said NetWitness' Karim Abillama. He shared how defenders need to evolve their strategies to meet new threats from nation-state groups and criminals.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.