Information security
Information security

Citrix vulnerability behind Change Healthcare cyber attack, CEO claims

UnitedHealth CEO Andrew Witty testifies on cyber attack involving Citrix software. [ more ]

morevulnerabilities

Nextgov.com

AI could be tapped to design weapons of mass destruction, DHS warns

The Department of Homeland Security released guidelines to mitigate AI risks in critical infrastructure and the development of weapons of mass destruction. [ more ]

www.independent.co.uk

Cyberattack by China' exposed details of 270,000 UK armed forces personnel

Massive hacking attack on British military by China affecting 270,000+ serving personnel; Special Forces unaffected, with missing personal information of members. [ more ]

cybersecurity

CyberScoop

Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say

Pro-Russia hacktivists target critical infrastructure sectors in North America and Europe, exploiting cybersecurity weaknesses and causing physical threats. [ more ]

ITPro

What is hackbot as a service and are malicious LLMs a risk?

AI will likely increase cyber attacks' volume and impact in the next two years. [ more ]

ITPro

Security agencies warn of heightened threat to critical national infrastructure

Hacktivists target ICS in North America and Europe with potential physical threats, utilizing unsophisticated techniques initially. [ more ]

CyberScoop

ONCD report: 'Fundamental transformation' in cyber, tech drove 2023 risks

Malicious hackers are exploiting emerging technologies, causing advanced cyber risks as the digital and physical worlds merge. [ more ]

Nextgov.com

UnitedHealth CEO grilled over 'clear national security threat' from Change Healthcare hack

Senators questioned UnitedHealth CEO on recent ransomware cyberattack. [ more ]

euronews

'Cyberwarriors' prepare against attacks during Paris Olympics

France anticipates increased cyber threats during the upcoming Paris Olympic Games, particularly from Russian actors. [ more ]

morecybersecurity

TechCrunch

US, UK police identify and charge Russian leader of LockBit ransomware gang | TechCrunch

The leader of LockBit ransomware group, Dmitry Khoroshev, has been identified and charged with computer crimes, fraud, and extortion. [ more ]

data-breach

TechCrunch

United HealthCare CEO says 'maybe a third' of U.S. citizens were affected by recent hack | TechCrunch

The cyberattack on Change Healthcare systems impacted a substantial number of Americans, with uncertainty about the exact extent of the breach. [ more ]

www.nytimes.com

U.K. Armed Forces' Data Stolen by State-Linked Hackers, Lawmakers Say

The personal information of British military personnel was hacked in a state-orchestrated cyberattack, targeting a third-party payroll system. [ more ]

moredata-breach

Theregister

Countries hacking infrastructure 'should be a wake-up call'

Intrusions into US water systems by China, Russia, and Iran serve as a warning about the vulnerability of critical infrastructure.

Hacktivists may have ties to government intelligence services, posing a threat to critical infrastructure security.

Nation-state intelligence services using hacktivist groups to carry out cyber attacks is a concerning trend that adds complexity to cybersecurity threats. [ more ]

www.nytimes.com

Ukraine Says It Foiled Russian Plot to Kill Zelensky

Ukraine's security services foiled a Russian plot to assassinate President Zelensky and other top officials. [ more ]

cybercrime

Theregister

LockBit kingpin finally unmasked by investigators

The unmasking of Dmitry Yuryevich Khoroshev reveals the kingpin behind the LockBit ransomware operation, efforts to disrupt and dismantle it are ongoing. [ more ]

euronews

Cybercrime on the rise thanks to artificial intelligence

The global cost of cybercrime is estimated to reach 11.2 trillion euros a year by 2025. [ more ]

Ars Technica

Hacker free-for-all fights for control of home and office routers everywhere

Financially motivated hackers and state-sponsored cyber actors share and coexist in compromised routers for covert attacks. [ more ]

morecybercrime

CyberScoop

Exploitation of vulnerabilities almost tripled as a source of data breaches last year

Attacks exploiting vulnerabilities increased by 180% driven by MOVEit hack. [ more ]

Mail Online

Android users warned fake Chrome update could drain your bank account

Brokewell is a new banking malware targeting Android users, posing as Google Chrome and other popular applications, capable of spying on users and stealing sensitive information. [ more ]

ITPro

Stealthy malware: The threats hiding in plain sight

Criminals are evolving to use more sophisticated methods like hunter-killer malware to hide from security systems, with over two-thirds of malware now employing stealth techniques. [ more ]

cyberattacks

www.independent.co.uk

Top LockBit hacker revealed to be Russian

Dmitry Khoroshev, a Russian national, was unmasked as the administrator of LockBit ransomware group, involved in high-profile cyber attacks, prompting law enforcement action. [ more ]

The Verge

Microsoft overhaul treats security as "top priority" after a series of failures

Microsoft is prioritizing security by tying it to compensation for senior leadership. [ more ]

Theregister

Germany blames Fancy Bear for 2023 hacking campaign

Germany attributes cyberattacks to Russian threat actor APT28, US supports attribution. [ more ]

morecyberattacks

ITPro

Don't let your network become a security blind spot

Cyber security is a crucial priority for businesses to protect their digital assets and avoid significant costs and consequences associated with cyber attacks. [ more ]

TechRepublic

U.K. and U.S. Warn of Pro-Russia Hacktivist Attacks on Operational Technology Systems

Pro-Russia hacktivists are targeting providers of operational technology like smart water meters and dam monitoring systems in North America and Europe. [ more ]

www.independent.co.uk

New laws to protect consumers from cyber attacks take effect

Manufacturers legally required to enhance security of smart devices by banning weak default passwords and ensuring transparency in security updates. [ more ]

www.ocregister.com

SpirosMargaris 1 week ago

Kaiser Permanente may have sent private patient data to Google, Microsoft and X

Kaiser Permanente's breach resulted in sharing patients' information with tech giants; data included names and search history. [ more ]

RT @SpirosMargaris: Google’s #AI plans

now include #cybersecurity

https://t.co/u98fLsr7BT #fintech #Gemini #ArtificialIntelligence #Mac…

The Verge

Google's AI plans now include cybersecurity

Google focuses on using generative AI for cybersecurity, leveraging Gemini 1.5 Pro for threat analysis and report summarization. [ more ]

The Verge

Google's AI plans now include cybersecurity

Google focuses on using generative AI for cybersecurity, leveraging Gemini 1.5 Pro for threat analysis and report summarization. [ more ]

Ars Technica

0-click GitLab hijacking flaw under active exploit, with thousands still unpatched

A maximum severity vulnerability in GitLab allows account hijacking without user interaction. [ more ]

Engadget

Microsoft's latest Windows security updates might break your VPN

Windows April security updates may cause VPN issues, prompting users to uninstall updates as a temporary workaround. [ more ]

ITPro

LightSpy malware has made a comeback, and this time it's coming after your macOS devices

Businesses running macOS devices face potential risk from the new variant of LightSpy malware. [ more ]

New York Post

More than 380,000 additional NYC students had personal info hacked, bringing total to over 1M

Over 380,000 NYC public school students had personal data hacked, totaling over 1 million affected. DOE offers free credit monitoring services post-security breach. [ more ]

ITPro

AI is changing the game when it comes to security

Cybersecurity is undergoing a significant transformation, leveraging AI for faster threat detection and response. [ more ]

BleepingComputer

New Cuttlefish malware infects routers to monitor traffic for credentials

Cuttlefish malware infects routers to steal data and authentication information, active since July 2023. [ more ]

ITPro

Ransomware group publishes stolen NHS Scotland data to dark web

Ransomware attack on NHS Dumfries and Galloway led to leak of 3TB of sensitive data onto dark web. [ more ]

Coindesk

Crypto Now Has a 'Neighborhood Watch' to Guard Against Hacks

The cryptocurrency industry has established Crypto ISAC, led by cybersecurity veteran Justine Bone, to enhance cybersecurity measures and information sharing. [ more ]

CyberScoop

Iranian hackers impersonate journalists in social engineering campaign

Iranian hackers linked to Revolutionary Guard impersonated journalists and human rights groups for phishing attacks. [ more ]

DevOps.com

The Role of DevOps in Orchestrating Enterprise-Wide Cloud Security - DevOps.com

Moving to the cloud poses security challenges - data breaches, misconfigurations, compliance, and unauthorized access. Robust security measures and employee training are crucial for data protection. [ more ]

CyberScoop

How to fine-tune the White House's new critical infrastructure directive

Biden administration updated federal infrastructure protection policy via NSM-22, linking it to modern cyber threat landscape, but fell short by not including space and cloud industries. [ more ]

Ars Technica

Microsoft ties executive pay to security following multiple failures and breaches

Microsoft faced major security breaches resulting in data exposure and criticism. The company is taking steps to improve its security practices and prioritize security as the top concern. [ more ]

Theregister

'Cybersecurity incident' closes London Drugs' pharmacies

London Drugs closed all stores due to a cybersecurity incident [ more ]

Nextgov.com

NASA doesn't know if its spacecraft have adequate cyber defenses, GAO warns

NASA needs mandatory cybersecurity guidelines for spacecraft acquisition policies. [ more ]

Fast Company

Israel-Hamas war cyberattacks are mostly felt by civilians

Cyber conflict consequences primarily affect civilians, not soldiers, in the Israel-Hamas war. [ more ]

ComputerWeekly.com

EU calls out Fancy Bear over attacks on Czech, German governments | Computer Weekly

The EU and member states condemn Russian cyber attacks by Fancy Bear. [ more ]

TechCrunch

Exclusive: SafeBase taps AI to automate software security reviews

SafeBase utilizes AI to automate security questionnaires, saving time and improving accuracy for customers. [ more ]

ITPro

Microsoft security boss warns AI insecurity 'unprecedented' as tech goes mainstream

Generative AI adoption increases security risks, creating a complex threat landscape. [ more ]

Ars Technica

Novel attack against virtually all VPN apps neuters their entire purpose

TunnelVision attack intercepts VPN traffic, routing it outside encrypted tunnels, compromising user privacy and security. [ more ]

WIRED

A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities

The Cyber Army of Russia hyped its hacking for domestic audience, unlike other Russian hacker groups who tend to lay low after exposure. [ more ]

Harvard Business Review

Preventing the Next Big Cyberattack on U.S. Health Care

The cyberattack on Change Healthcare exposed vulnerabilities in the U.S. health care sector that require urgent action for improved cybersecurity. [ more ]

CyberScoop

Easterly appeals to Congress on CISA funding, citing Chinese threats to critical infrastructure

More funding is crucial for CISA to enhance cybersecurity defense, particularly against Chinese hackers in critical infrastructure. [ more ]

Fast Company

Politically motivated cyber attacks are on the rise, putting our elections at risk

Politically motivated DDoS attacks increased in the second half of 2023, with specific groups targeting various sectors globally. [ more ]

Theregister

CISA's ransomware warnings helped critical orgs fix 852 bugs

US government's CISA is actively assisting critical infrastructure organizations in addressing vulnerabilities exploited by ransomware gangs to prevent attacks. [ more ]

CyberScoop

US spy agencies to share intelligence on critical infrastructure in policy revamp

The U.S. intelligence community will share threat information with critical infrastructure operators under the revised policy directive. [ more ]

CyberScoop

Data stolen in Change Healthcare attack likely included U.S. service members, executive says

UnitedHealth Group CEO revealed data breach involving U.S. military personnel.

Delay in notifying affected individuals poses challenges for health data protection. [ more ]

www.mediaite.com