Four ISMG editors discuss important cybersecurity issues, including misconceptions around Zero Trust implementation, lessons learned from the crippling NotPetya malware attack of 2017 that nearly sank logistics giant Maersk and how a Russian cyberwar in Ukraine could move beyond its borders.
A New York federal court has recommended the dismissal of a class action lawsuit filed against medical practice management vendor Practicefirst in the aftermath of a 2020 ransomware attack that involved data exfiltration and affected the personal and health information of 1.2 million individuals.
Pharmaceutical giant Pfizer alleges in a federal lawsuit that two former executives stole documents containing trade secrets about diabetes, obesity and cancer treatments under development by the drugmaker to benefit two new biotech startups they had launched.
A popular British supplier of crisps revealed in a letter to grocery wholesaler Nisa on Wednesday that it had been the victim of a cyberattack. KP Snacks has stopped its orders, causing stores to worry that its products will be in short supply. Ransomware group Conti is allegedly behind the attack.
A new wave of Delphi malware called Micropsia, developed and operated by the Arid Viper APT group, is reported to be targeting Palestinian entities and activists using politically themed lures in an ongoing campaign, according to researchers at Cisco Talos.
Greek data protection authority Hellenic DPA has imposed fines totaling more than $10 million on two telecommunication companies for GDPR violations including inadequate information disclosure to subscribers in the wake of data breaches, illegal data processing and inadequate security measures.
India’s Union Budget 2022 resolves some of the uncertainty around the legitimacy of crypto assets. While crypto assets will not be considered as currency, Finance Minister Nirmala Sitharaman announced that the Reserve Bank of India will be launching a blockchain-based digital rupee this year.
A variety of underground markets exist to help malware-wielding criminals monetize their attacks, including via log marketplaces such as Genesis, Russian Market and 2easy, which offer for sale batches of data that can be used to emulate a victim, whether it's a consumer, an enterprise IT administrator or anyone in...
U.S. DHS Secretary Alejandro Mayorkas confirmed on Thursday that the department is establishing a Cyber Safety Review Board, as directed by President Joe Biden's sweeping cybersecurity executive order signed in May 2021. The board aims to mirror the work of the National Transportation Safety Board.
The Wormhole network, a token bridge that allows users to trade multiple cryptocurrencies without a centralized exchange, has been exploited for 120,000 wETH tokens ($321 million). The company says it has issued a fix for the flaw and is working to "get the network back up as soon as possible."
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
The Log4j vulnerability exists in unpatched versions of Ubiquiti's UniFi Network applications, and is being actively targeted by attackers via a customized exploit, researchers at security firm Morphisec warn. While updates are available, systems remain at risk until patched.
The House Oversight and Reform Committee today advanced its version of the Federal Information Security Modernization Act of 2022, which entails cybersecurity updates for federal civilian agencies. The bipartisan measure was sent to the full House on a voice vote.
Of the $5.6 billion obtained by the Department of Justice in civil settlements and judgements involving false claims and fraud against the U.S. government in 2021, more than $5 billion - or nearly 90% - involved healthcare sector entities. Why? Healthcare fraud, including false claims.
Learn to understand the gray space in which malicious attack campaigns function in order to get ahead of attackers, and avoid data breaches or negative outcomes for your business.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.