#cybersecurity
#cybersecurity

France politics

Watch: China's Xi Jinping meets Macron in France after MoD cyberattack

China's President Xi Jinping meeting President Emmanuel Macron in France to mark 60 years of diplomatic relations; recent cyberattacks attributed to Chinese state-affiliated actors. [ more ]

www.nytimes.com

U.K. Armed Forces' Data Stolen by State-Linked Hackers, Lawmakers Say

The personal information of British military personnel was hacked in a state-orchestrated cyberattack, targeting a third-party payroll system. [ more ]

ReadWrite

China accused of hacking the UK Ministry of Defence in massive data breach

China accused of hacking UK Ministry of Defence, targeting payroll system with personal data, but operational data not compromised. [ more ]

Engadget

The UK's Ministry of Defence was hacked, and the country is reportedly blaming China

China accused of hacking UK Ministry of Defence payroll system. [ more ]

morechina

New York Post

More than 380,000 additional NYC students had personal info hacked, bringing total to over 1M

Over 380,000 NYC public school students had personal data hacked, totaling over 1 million affected. DOE offers free credit monitoring services post-security breach. [ more ]

www.theguardian.com

Google releases new tool to enable Australians to find their personal information and request removal

Google launched a tool in Australia for users to find and request removal of personal information from search results. [ more ]

Theregister

morePrivacy professionals

Over 500k Ohio Lottery lovers notified of data theft

Cybercriminals stole personal data of over 500,000 Ohio Lottery gamblers, offering credit monitoring to affected individuals. [ more ]

The Verge

Google's AI plans now include cybersecurity

Google focuses on using generative AI for cybersecurity, leveraging Gemini 1.5 Pro for threat analysis and report summarization. [ more ]

ITPro

moreArtificial intelligence

AI is changing the game when it comes to security

Cybersecurity is undergoing a significant transformation, leveraging AI for faster threat detection and response. [ more ]

vulnerabilities

New Relic

Rethinking vulnerability prioritization

A weighted prioritization system considers key elements for an objective measure, aiding laser-focused resource allocation and proactive defense, while promoting adaptive security. [ more ]

Theregister

AI helped X-Force hackers break into tech firm in 8 hours

AI automation can drastically reduce time to breach a system, making it imperative for companies to enhance their cybersecurity measures. [ more ]

morevulnerabilities

critical-infrastructure

Theregister

CISA's ransomware warnings helped critical orgs fix 852 bugs

US government's CISA is actively assisting critical infrastructure organizations in addressing vulnerabilities exploited by ransomware gangs to prevent attacks. [ more ]

Theregister

morecritical-infrastructure

CISA boss: Secure software needed to stop ransomware

Make software secure by design to combat ransomware attacks and enhance cybersecurity measures. [ more ]

New York Post

AI voice scammers are posing as loved ones to steal your money - here's a foolproof trick to stop attacks

Request a safe word to thwart AI phone scams impersonating loved ones. [ more ]

ComputerWeekly.com

Embrace alternative education pathways for cyber success | Computer Weekly

Emphasis on practical skills over formal education in cybersecurity field. [ more ]

DevOps.com

Sumo Logic Previews GenAI Tool to Improve DevSecOps Observability - DevOps.com

Sumo Logic introduces copilot with AI for easier observability platform usage. [ more ]

www.theguardian.com

CEO of world's biggest ad firm targeted by deepfake scam

Corporate world targeted by deepfake scams using AI voice clones in phishing attempts. [ more ]

cisa

CyberScoop

Krebs, Luber added to Cyber Safety Review Board

Chris Krebs and David Luber are among four new additions to the Cyber Safety Review Board, contributing their cybersecurity expertise. [ more ]

Theregister

CISA spreads Black Basta advice amid Ascension infection

US security agencies issued advisories on Black Basta after the group claimed responsibility for a cyberattack on a healthcare provider. [ more ]

morecisa

social-engineering

TechRepublic

How Can Businesses Defend Themselves Against Cyberthreats?

Businesses face growing cyberattack risks due to increased online data, accessible cyber tools, and evolving attack methods. [ more ]

TechCrunch

'Got that boomer!': How cyber-criminals steal one-time passcodes for SIM swap attacks and raiding bank accounts | TechCrunch

Cybercriminals trick victims into giving access codes, allowing hijacking of online accounts and digital wallets. [ more ]

ITPro

What is a TOAD attack?

TOAD attacks combine different phishing methods, posing a significant threat to businesses globally. [ more ]

Exponential-e Ltd.

Black Basta ransomware group's techniques evolve, as FBI issues new warning in wake of hospital attack

Security agencies warn about Black Basta ransomware group after Ascension cyberattack. [ more ]

ITPro

Scattered Spider, the ransomware group behind the MGM cyber attack, is still on a rampage - and authorities are ramping up efforts to catch them

Scattered Spider, a threat group responsible for disrupting MGM Resorts, is now targeting financial services firms with phishing attacks and fake login pages. [ more ]

moresocial-engineering

www.theguardian.com

MoD contractor hacked by China failed to report breach for months

Failure to report breach by IT company targeted in Chinese hack caused data exposure of Ministry of Defence staff. [ more ]

7NEWS

Shock as customers of Australian mortgage lender caught up in massive data breach

Customers' personal details accessed in a data breach by an Australian non-bank mortgage lender. [ more ]

ComputerWeekly.com

GCHQ to protect politicians and election candidate's from cyber-attacks | Computer Weekly

Protection offered against phishing and malware attacks to high-risk individuals before the next general election. [ more ]

critical-infrastructure

Theregister

Critical infrastructure security needs everyone's help

Cyberattacks on critical infrastructure are increasing rapidly, posing significant threats globally. [ more ]

Ars Technica

morecritical-infrastructure

Black Basta ransomware group is imperiling critical infrastructure, groups warn

Black Basta ransomware group causing havoc in critical infrastructure sectors. [ more ]

vulnerabilities

ITPro

Path traversal vulnerabilities have been 'unforgivable' for decades - developers still haven't got the message

Directory traversal flaws persist despite long-standing awareness. [ more ]

Theregister

NHS Digital hints at exploit sightings of Arcserve UDP vulns

NHS warns of actively exploited vulnerabilities in Arcserve UDP software. [ more ]

morevulnerabilities

Nextgov.com

US diplomats told China to stop Volt Typhoon campaign - It's becoming more advanced, intelligence officials say

The U.S. addressed a cyber threat from China by dismantling a botnet used to breach American critical infrastructure, but challenges persist due to evolving tactics and multiple covert networks. [ more ]

ITPro

What is hackbot as a service and are malicious LLMs a risk?

AI will likely increase cyber attacks' volume and impact in the next two years. [ more ]

CyberScoop

ONCD report: 'Fundamental transformation' in cyber, tech drove 2023 risks

Malicious hackers are exploiting emerging technologies, causing advanced cyber risks as the digital and physical worlds merge. [ more ]

CyberScoop

Dozens of tech companies pledge to build safer, more secure tech

More than 60 private-sector companies pledged to prioritize cybersecurity in their tech design, emphasizing security features and vulnerability reduction. [ more ]

WIRED

Apple's iPhone Spyware Problem Is Getting Worse. Here's What You Should Know

Apple sent notifications to iPhone users warning about targeted spyware attacks, linked to a sophisticated Chinese spyware campaign named LightSpy. [ more ]

Coindesk

Crypto Now Has a 'Neighborhood Watch' to Guard Against Hacks

The cryptocurrency industry has established Crypto ISAC, led by cybersecurity veteran Justine Bone, to enhance cybersecurity measures and information sharing. [ more ]

WIRED

A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities

The Cyber Army of Russia hyped its hacking for domestic audience, unlike other Russian hacker groups who tend to lay low after exposure. [ more ]

Nextgov.com

White House in talks with industry to build legal framework for software liability

Biden administration engaging with software developers to shift liability for software flaws onto manufacturers, incentivizing secure development practices. [ more ]

ITPro

Russian LockBit mastermind unmasked by law enforcement

Authorities unmask leader of LockBit ransomware group after international law enforcement disruption led by UK NCA, imposing sanctions and revealing US reward for his arrest. [ more ]

www.theguardian.com

UK armed forces' personal data hacked in MoD breach

UK Ministry of Defence data breach exposed military personnel's personal information, with immediate action taken to secure data and notify affected individuals. [ more ]

www.independent.co.uk

Malign actor' behind MoD cyber attack, Sunak says

The Prime Minister declined to identify the culprit behind the cyber attack on the MoD, emphasizing a robust policy towards Beijing and other potential risk-posing states. [ more ]

CyberScoop

The missed opportunities in White House's critical infrastructure directive

National security memorandum updates are necessary due to evolving threats.

Congressional action is needed to address gaps in critical infrastructure defense. [ more ]

CyberScoop

The missed opportunities in White House's critical infrastructure directive

The White House national security memorandum addressing critical infrastructure defense gaps requires Congress intervention for comprehensive protection. [ more ]

ReadWrite

Scam warning from top cybersecurity CTO over ransomware criminal tactics

Criminals are using personal tactics in ransomware attacks, such as pretending to be executives' children for higher payouts. [ more ]

Theregister

Implementation of Biden infosec EO still incomplete

Only 6 out of 55 objectives from the cybersecurity executive order remain unmet, with the definition of "critical software" being a crucial unresolved issue. [ more ]

ITPro

Nearly 70 software vendors sign up to CISA's cyber resilience program

Nearly 70 leading US software companies are committing to incorporating secure by design principles into their products to enhance cyber resilience. [ more ]

ComputerWeekly.com

Enhance identity controls before banning ransomware payments | Computer Weekly

Ransomware payments should be banned to prevent funding cybercriminals, but SMEs may struggle to recover from data loss. [ more ]

ComputerWeekly.com

Microsoft beefs up cyber initiative after hard-hitting US report | Computer Weekly

Microsoft focuses on enhancing cybersecurity through the Secure Future Initiative (SFI) by integrating recommendations and lessons learned from recent cyber attacks. [ more ]

ITPro

RSAC Chairman urges collaboration to ensure collective defense in security

Collective defense is crucial for advancing cybersecurity against evolving threats. [ more ]

Nextgov.com

Feds, military personnel compete in President's Cyber Cup Challenge

The President's Cyber Cup Challenge aims to foster cybersecurity talent within the federal government, promoting awareness and skills among the workforce. [ more ]

ComputerWeekly.com

Chinese APT suspected of Ministry of Defence hack | Computer Weekly

An undisclosed APT, potentially linked to the Chinese government, was behind a serious supply chain data breach at the UK Ministry of Defence. [ more ]

TechRepublic

10 Myths about Cybersecurity You Shouldn't Believe | TechRepublic

The first step to better cybersecurity is debunking myths to understand the true risks, including internal threats. [ more ]

ITPro

DevOps

Google Cloud blames "combination of rare issues" for customer's mysterious outage

Google Cloud attributed the UniSuper service outage to technical problems, not a cyber attack. [ more ]

ITPro

APIcalypse Now: Akamai CSO warns of surging attacks and backdoored open source components

Boaz Gelbord warned of the increasing trend of attacks targeting applications and APIs, emphasizing the challenges organizations face in inventorying and securing APIs. [ more ]

Theregister

UnitedHealth's 'egregious negligence' led to that ransomware

Cybersecurity negligence led to ransomware infection at Change Healthcare. [ more ]

TechCrunch

Akamai confirms acquisition of Noname for $450M | TechCrunch

Akamai acquires Noname Security for $450 million, reflecting the consolidation trend in the cybersecurity market. [ more ]

ComputerWeekly.com

Zero Trust: Unravelling the enigma and charting the future | Computer Weekly

Zero Trust concept is enigmatic yet crucial in cybersecurity, with ongoing discussions under a dedicated group ZTSIG led by influential figures. [ more ]

DevOps.com

Hunters Announces Full Adoption of OCSF and Introduces OCSF-Native Search - DevOps.com

Hunters adopts Open Cybersecurity Schema Framework (OCSF) and launches OCSF-native Search capability for improved cybersecurity operations. [ more ]

ComputerWeekly.com

Wales gets UK's first national SOC | Computer Weekly

The establishment of Wales' national security operations center (CymruSOC) is crucial for safeguarding public sector entities and employees from cyber threats, emphasizing a collaborative approach and the importance of digital resilience. [ more ]

ReadWrite

Dell warns 49 million customers about massive data breach

Dell warned customers of a massive data breach affecting 49 million customers. [ more ]

Irish Independent

Dell data breach may affect up to 49 million customers

A data breach at Dell exposed customer names and addresses dating back to 2017, prompting security concerns and warnings about potential phishing attempts. [ more ]

english.elpais.com

6 days ago

Eugene Kaspersky, cybersecurity expert: The good news is that we use AI to detect malware. The bad news is that criminals also use it'

Eugene Kaspersky faces challenges with Kaspersky Lab amidst global scrutiny [ more ]

Theregister

6 days ago

Ransomware negotiator weighs in on the payment debate

Ransomware attacks surged in 2023, raising concerns about negotiation regulation and payment bans. [ more ]

WIRED

'TunnelVision' Attack Leaves Nearly All VPNs Vulnerable to Spying

TunnelVision attack diverts VPN traffic, exposing it to attackers, potentially compromising user data and privacy. [ more ]

Theregister

'Four horsemen of cyber' recount building US Cyber Command

The creation of US Cyber Command was triggered by a malware-laced USB stick breach in 2008 leading to the worst military breach in US history. [ more ]

www.dw.com

Europe news

Germany: Cybercrime by foreign actors rose by 28% in 2023 DW 05/13/2024

Cybercrimes by foreign actors increased by 28% in 2023, with most attacks targeted at German companies for data theft, espionage, or sabotage. [ more ]

Hot for Security

Boeing refused to pay $200 million ransomware demand from LockBit gang

Boeing confirmed $200M ransom demand from LockBit group. Hackers failed to retrieve astronomical ransom, published data after negotiations broke down. [ more ]

Bloomberg

JavaScript

Bloomberg

Websites may detect unusual activity from users' computers, prompting them to verify their identity by solving a CAPTCHA. [ more ]

Bloomberg

JavaScript

Bloomberg

Unusual activity detected, verify browser settings for JavaScript and cookies to resolve issues. [ more ]

Bloomberg

JavaScript

Bloomberg

To access a website without being flagged as a robot, ensure your browser supports JavaScript and cookies. [ more ]

ITPro

Marketing

Sectigo names Dena Bauckman as its new product chief

Sectigo appoints Dena Bauckman as senior VP of product. [ more ]

Developer Tech News

Phylum uncovers targeted malware disguised in Python package

A malicious payload disguised as a popular Python package was discovered on the PyPI repository, demonstrating the importance of cybersecurity vigilance. [ more ]

ComputerWeekly.com

Major breach of customer information developing at Dell | Computer Weekly

Dell is investigating a serious data breach that exposed customer information, but claims no significant risk due to the data not including financial details. [ more ]

Theregister

Irony abounds as UK NCSC's simple door codes revealed

National Cyber Security Centre (NCSC) advises using three random words for passwords despite an incident with a weak door code. [ more ]

Amazic

How Teleport addresses infrastructure security identity issues and policy challenges - Amazic

Identity-first approach in security management gaining traction; crucial for cybersecurity and user experience. [ more ]

ITPro

Medical equipment supplier NRS Healthcare confirms ransomware attack

Healthcare equipment provider NRS Healthcare faces ransomware attack with over 600k documents stolen by RansomHub group. [ more ]

Washington Post

France politics

Hack of France sports minister's X account highlights Olympics cyberthreats

The need for French officials to prepare for cyberthreats when hosting the Olympics [ more ]

TechRepublic

What Is the Dark Web? | TechRepublic

The Dark Web can be used for positive purposes like journalism and cybersecurity enhancement. [ more ]

Hot for Security

Prison for cybersecurity expert selling private videos from inside 400,000 homes

A cybersecurity expert in South Korea illegally accessed and distributed private videos from vulnerable wallpad cameras in 400,000 households. [ more ]

Entrepreneur

Protect Your Business with This $50 Cyber Security Bundle | Entrepreneur

Equip yourself with cybersecurity knowledge to protect your business from escalating global cybercrime costs. [ more ]

CyberScoop

House panel leaders call on Microsoft president to testify over security shortcomings

The House Homeland Security Committee requests Microsoft President Brad Smith to testify following cybersecurity incidents. [ more ]

Theregister

'Cyberattack' shutters Christie's site days before auction

Christie's website faced a technology security issue, leading to its temporary shutdown right before a planned art auction. [ more ]

Theregister

Microsoft president summoned to House over security blunders

The House Committee on Homeland Security requesting Microsoft's Brad Smith to address cybersecurity failings on May 22. [ more ]

Theregister

NCSC and insurers target ransom payments with guidebook

The NCSC partners with insurance associations to release guidance book on avoiding ransom payments. [ more ]

ITPro

Dell hacker claims they had access to systems for nearly three weeks

The threat actor behind the recent Dell data breach accessed internal systems for weeks prior to detection by exploiting partner account registration flaws. [ more ]

www.columbiacountyspotlight.com

Medicine

Charles (Chuck) Thomas Ramsdell

The article discusses the importance of cybersecurity for businesses in the current digital landscape. [ more ]

ITPro

The HSE cyber attack was a "landmark event" in Ireland - has it learned from the experience?

The Republic of Ireland's Health Service Executive is still dealing with legal proceedings and cybersecurity challenges three years after a large-scale cyber attack in 2021. [ more ]

ComputerWeekly.com

CyberUK 24: UK insurance industry gets tough on ransomware | Computer Weekly

A coalition of insurance organizations and the NCSC aims to reduce ransomware payments by UK organizations through better-informed decision-making and support for victims. [ more ]

www.swindonadvertiser.co.uk

Evri customers issued urgent scam warning

Evri warns customers about phishing scams targeting its users. [ more ]

TechRepublic

Report: Organisations Have Endpoint Security Tools But Are Still Falling Short on the Basics

Organizations struggle to maintain compliance with security policies on managed PCs, risking cybersecurity foundation [ more ]

Theregister

2 days ago

Crook brags about US Army, '$75b defense company' breaches

Extortionist claims to have stolen files from US Army Aviation and Missile Command and a $75 billion aerospace and defense company. [ more ]

Theregister

20 hours ago

MediSecure hit by 'large-scale ransomware data breach'

Personal and health data breached from MediSecure due to ransomware attack with ongoing investigations and reassurance on current ePrescriptions' safety. [ more ]

ComputerWeekly.com

China poses genuine and increasing cyber security risk to UK, says GCHQ director | Computer Weekly

China poses a significant cyber threat to the UK and other western countries. [ more ]

adlibweb.

1 day ago

Securing HealthTech Data: Cybersecurity Essentials

HealthTech innovation in healthcare leads to improved delivery but poses security risks for patient data. [ more ]

www.theguardian.com

CEO of world's biggest ad firm targeted by deepfake scam

The head of WPP was targeted in a deepfake scam utilizing AI voice clone, exposing the rise of corporate deepfake attacks and the need for vigilance in virtual meetings. [ more ]

ComputerWeekly.com

Critical SharePoint, Qakbot-linked flaws focus of May Patch Tuesday | Computer Weekly

The critical vulnerability on Microsoft SharePoint Server and two zero-day flaws in Windows should be addressed immediately by administrators. [ more ]

arstechnica.com

Linux maintainers were infected for 2 years by SSH-dwelling backdoor with massive reach

Maintaining Linux kernel infrastructure was infected for 2 years starting in 2009, compromising encrypted password data and enabling malicious activities. [ more ]

Alleywatch

Ensuring Data Security for Startups: VPN Solutions

Using VPN technology is crucial for startups to safeguard data and protect against cyber threats. [ more ]

TechRadar