#cybersecurity
#cybersecurity

Privacy professionals

More than 380,000 additional NYC students had personal info hacked, bringing total to over 1M

Over 380,000 NYC public school students had personal data hacked, totaling over 1 million affected. DOE offers free credit monitoring services post-security breach. [ more ]

www.nytimes.com

Information security

U.K. Armed Forces' Data Stolen by State-Linked Hackers, Lawmakers Say

The personal information of British military personnel was hacked in a state-orchestrated cyberattack, targeting a third-party payroll system. [ more ]

ReadWrite

EU data protection

China accused of hacking the UK Ministry of Defence in massive data breach

China accused of hacking UK Ministry of Defence, targeting payroll system with personal data, but operational data not compromised. [ more ]

Engadget

EU data protection

The UK's Ministry of Defence was hacked, and the country is reportedly blaming China

China accused of hacking UK Ministry of Defence payroll system. [ more ]

www.theguardian.com

EU data protection

UK armed forces' personal data hacked in MoD breach

UK Ministry of Defence data breach exposed military personnel's personal information, with immediate action taken to secure data and notify affected individuals. [ more ]

moredata-breach

The Verge

Artificial intelligence

Google's AI plans now include cybersecurity

Google focuses on using generative AI for cybersecurity, leveraging Gemini 1.5 Pro for threat analysis and report summarization. [ more ]

#international-relations

www.independent.co.uk

France politics

Watch: China's Xi Jinping meets Macron in France after MoD cyberattack

China's President Xi Jinping meeting President Emmanuel Macron in France to mark 60 years of diplomatic relations; recent cyberattacks attributed to Chinese state-affiliated actors. [ more ]

english.elpais.com

moreinternational-relations

Information security

Eugene Kaspersky, cybersecurity expert: The good news is that we use AI to detect malware. The bad news is that criminals also use it'

Eugene Kaspersky faces challenges with Kaspersky Lab amidst global scrutiny [ more ]

ITPro

Information security

What is hackbot as a service and are malicious LLMs a risk?

AI will likely increase cyber attacks' volume and impact in the next two years. [ more ]

#ai

ITPro

Artificial intelligence

AI is changing the game when it comes to security

Cybersecurity is undergoing a significant transformation, leveraging AI for faster threat detection and response. [ more ]

ComputerWeekly.com

Artificial intelligence

Embrace alternative education pathways for cyber success | Computer Weekly

Emphasis on practical skills over formal education in cybersecurity field. [ more ]

DevOps.com

Artificial intelligence

Sumo Logic Previews GenAI Tool to Improve DevSecOps Observability - DevOps.com

Sumo Logic introduces copilot with AI for easier observability platform usage. [ more ]

moreai

www.theguardian.com

Privacy professionals

Google releases new tool to enable Australians to find their personal information and request removal

Google launched a tool in Australia for users to find and request removal of personal information from search results. [ more ]

CyberScoop

Information security

ONCD report: 'Fundamental transformation' in cyber, tech drove 2023 risks

Malicious hackers are exploiting emerging technologies, causing advanced cyber risks as the digital and physical worlds merge. [ more ]

CyberScoop

Information security

Dozens of tech companies pledge to build safer, more secure tech

More than 60 private-sector companies pledged to prioritize cybersecurity in their tech design, emphasizing security features and vulnerability reduction. [ more ]

#spyware

WIRED

Information security

Apple's iPhone Spyware Problem Is Getting Worse. Here's What You Should Know

Apple sent notifications to iPhone users warning about targeted spyware attacks, linked to a sophisticated Chinese spyware campaign named LightSpy. [ more ]

TechCrunch

3 days ago

Information security

Spyware app pcTattletale was hacked and its website defaced | TechCrunch

A consumer-grade spyware app, pcTattletale, was hacked with internal data made public by the hacker responsible. [ more ]

morespyware

#ransomware

New Relic

Information security

Rethinking vulnerability prioritization

A weighted prioritization system considers key elements for an objective measure, aiding laser-focused resource allocation and proactive defense, while promoting adaptive security. [ more ]

Theregister

Information security

CISA's ransomware warnings helped critical orgs fix 852 bugs

US government's CISA is actively assisting critical infrastructure organizations in addressing vulnerabilities exploited by ransomware gangs to prevent attacks. [ more ]

ITPro

Information security

Russian LockBit mastermind unmasked by law enforcement

Authorities unmask leader of LockBit ransomware group after international law enforcement disruption led by UK NCA, imposing sanctions and revealing US reward for his arrest. [ more ]

Theregister

Information security

CISA boss: Secure software needed to stop ransomware

Make software secure by design to combat ransomware attacks and enhance cybersecurity measures. [ more ]

ITPro

Information security

Nearly 70 software vendors sign up to CISA's cyber resilience program

Nearly 70 leading US software companies are committing to incorporating secure by design principles into their products to enhance cyber resilience. [ more ]

ComputerWeekly.com

Information security

Enhance identity controls before banning ransomware payments | Computer Weekly

Ransomware payments should be banned to prevent funding cybercriminals, but SMEs may struggle to recover from data loss. [ more ]

moreransomware

Coindesk

Information security

Crypto Now Has a 'Neighborhood Watch' to Guard Against Hacks

The cryptocurrency industry has established Crypto ISAC, led by cybersecurity veteran Justine Bone, to enhance cybersecurity measures and information sharing. [ more ]

#hackers

WIRED

Information security

A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities

The Cyber Army of Russia hyped its hacking for domestic audience, unlike other Russian hacker groups who tend to lay low after exposure. [ more ]

ReadWrite

23 hours ago

Information security

Hackers attack banks' computers with a spoofed version of Minesweeper game

Hackers use Minesweeper game to distribute malicious scripts and launch cyberattacks on financial organizations.

Ukraine's Cyber Security Center linked the attacks to a threat actor known as 'UAC-0188' or 'FRwL', spreading phishing emails with SuperOps RMM installation payload. [ more ]

morehackers

#biden-administration

Nextgov.com

Information security

White House in talks with industry to build legal framework for software liability

Biden administration engaging with software developers to shift liability for software flaws onto manufacturers, incentivizing secure development practices. [ more ]

CyberScoop

Information security

Chinese hacking threat puts focus on protecting critical infrastructure, Biden adviser says

The Biden administration is intensifying efforts to protect U.S. critical infrastructure from Chinese hacking groups. [ more ]

morebiden-administration

#geopolitical-threats

CyberScoop

Information security

The missed opportunities in White House's critical infrastructure directive

National security memorandum updates are necessary due to evolving threats.

Congressional action is needed to address gaps in critical infrastructure defense. [ more ]

CyberScoop

Information security

The missed opportunities in White House's critical infrastructure directive

The White House national security memorandum addressing critical infrastructure defense gaps requires Congress intervention for comprehensive protection. [ more ]

ABC7 San Francisco

Information security

US says cyberattacks against water supplies are rising, and utilities need to do more to stop them

Cyberattacks on water utilities are increasing, with 70% of utilities failing cybersecurity standards, urging immediate action to protect drinking water. [ more ]

moregeopolitical-threats

www.independent.co.uk

EU data protection

Malign actor' behind MoD cyber attack, Sunak says

The Prime Minister declined to identify the culprit behind the cyber attack on the MoD, emphasizing a robust policy towards Beijing and other potential risk-posing states. [ more ]

#privacy-concerns

ReadWrite

Information security

Scam warning from top cybersecurity CTO over ransomware criminal tactics

Criminals are using personal tactics in ransomware attacks, such as pretending to be executives' children for higher payouts. [ more ]

ITPro

Privacy professionals

New Microsoft Recall feature is a 'security nightmare' and could make Copilot+ PCs a top target for cyber criminals

Privacy concerns arise over Microsoft's AI 'Recall' feature for Copilot+ PCs. [ more ]

moreprivacy-concerns

Theregister

Information security

Implementation of Biden infosec EO still incomplete

Only 6 out of 55 objectives from the cybersecurity executive order remain unmet, with the definition of "critical software" being a crucial unresolved issue. [ more ]

New York Post

Artificial intelligence

AI voice scammers are posing as loved ones to steal your money - here's a foolproof trick to stop attacks

Request a safe word to thwart AI phone scams impersonating loved ones. [ more ]

#microsoft

ComputerWeekly.com

Information security

Microsoft beefs up cyber initiative after hard-hitting US report | Computer Weekly

Microsoft focuses on enhancing cybersecurity through the Secure Future Initiative (SFI) by integrating recommendations and lessons learned from recent cyber attacks. [ more ]

Theregister

Information security

Google takes shots at Microsoft for shoddy security record w

Google recommends moving from Microsoft software to Google's for enhanced security. [ more ]

The Verge

Information security

Google thinks the public sector can do better than Microsoft's 'security failures'

Google is positioning itself as a stronger option for enterprise security compared to Microsoft, leveraging recent reports on Microsoft's security vulnerabilities. [ more ]

moremicrosoft

CyberScoop

Information security

Krebs, Luber added to Cyber Safety Review Board

Chris Krebs and David Luber are among four new additions to the Cyber Safety Review Board, contributing their cybersecurity expertise. [ more ]

#rsa-conference

ITPro

Information security

RSAC Chairman urges collaboration to ensure collective defense in security

Collective defense is crucial for advancing cybersecurity against evolving threats. [ more ]

Theregister

Information security

'Four horsemen of cyber' recount building US Cyber Command

The creation of US Cyber Command was triggered by a malware-laced USB stick breach in 2008 leading to the worst military breach in US history. [ more ]

morersa-conference

Nextgov.com

Information security

Feds, military personnel compete in President's Cyber Cup Challenge

The President's Cyber Cup Challenge aims to foster cybersecurity talent within the federal government, promoting awareness and skills among the workforce. [ more ]

#api-security

ITPro

Information security

APIcalypse Now: Akamai CSO warns of surging attacks and backdoored open source components

Boaz Gelbord warned of the increasing trend of attacks targeting applications and APIs, emphasizing the challenges organizations face in inventorying and securing APIs. [ more ]

TechCrunch

Information security

Akamai confirms acquisition of Noname for $450M | TechCrunch

Akamai acquires Noname Security for $450 million, reflecting the consolidation trend in the cybersecurity market. [ more ]

moreapi-security

ComputerWeekly.com

Information security

Zero Trust: Unravelling the enigma and charting the future | Computer Weekly

Zero Trust concept is enigmatic yet crucial in cybersecurity, with ongoing discussions under a dedicated group ZTSIG led by influential figures. [ more ]

DevOps.com

Information security

Hunters Announces Full Adoption of OCSF and Introduces OCSF-Native Search - DevOps.com

Hunters adopts Open Cybersecurity Schema Framework (OCSF) and launches OCSF-native Search capability for improved cybersecurity operations. [ more ]

TechRepublic

Privacy professionals

How Can Businesses Defend Themselves Against Cyberthreats?

Businesses face growing cyberattack risks due to increased online data, accessible cyber tools, and evolving attack methods. [ more ]

ComputerWeekly.com

Information security

Wales gets UK's first national SOC | Computer Weekly

The establishment of Wales' national security operations center (CymruSOC) is crucial for safeguarding public sector entities and employees from cyber threats, emphasizing a collaborative approach and the importance of digital resilience. [ more ]

www.theguardian.com

Artificial intelligence

CEO of world's biggest ad firm targeted by deepfake scam

Corporate world targeted by deepfake scams using AI voice clones in phishing attempts. [ more ]

#malware

ITPro

3 hours ago

Information security

How identity theft makes a mockery of traditional antivirus - and exposes your business to unnecessary risk

The rise of identity-based attacks has made traditional antivirus software obsolete. [ more ]

TNW | Data-Security

Information security

Dutch police tracked a crypto theft to one of world's worst botnets

Ebury botnet resurfaces with new criminal activities after years of inactivity. [ more ]

Ars Technica

Information security

Researchers spot cryptojacking attack that disables endpoint protections

Malware disables antivirus protections, erases evidence, and installs cryptocurrency-mining software. [ more ]

moremalware

Above the Law

Privacy professionals

Biglaw Firms Fall Prey To Cyberattacks, With Data Breaches On The Rise

2024 projected to be a record year for data breaches in law firms. [ more ]

ITPro

3 hours ago

Information security

Why embracing Endpoint Security and Identity Protection could be the most important security decision you take in 2024 and beyond

Organizations struggle with disjointed endpoint and identity security, facing gaps exploited by attackers. Unifying these areas is crucial for robust cybersecurity strategies. [ more ]

#vulnerabilities

Theregister

Artificial intelligence

AI helped X-Force hackers break into tech firm in 8 hours

AI automation can drastically reduce time to breach a system, making it imperative for companies to enhance their cybersecurity measures. [ more ]

Theregister

Information security

Three-year-old Apache Flink flaw now under active attack

Apache Flink CVE-2020-17519 allows unauthorized reading of local files, exploited in the wild, prompting urgent patches and checks for compromises. [ more ]

time.com

Information security

EPA warns of increasing cyberattacks on water utilities

Water utilities are increasingly targeted by cyberattacks, urging immediate protective actions by addressing vulnerabilities and enhancing cybersecurity measures. [ more ]

morevulnerabilities

#epa

Nextgov.com

Information security

More than 70% of surveyed water systems failed to meet EPA cyber standards

Over 70% of water systems failed EPA security standards, leaving them vulnerable to cyberattacks and enforcement actions.

Water system owners urged to enhance security by taking steps such as updating default passwords and conducting cybersecurity training.

Incidents involving hackers infiltrating water systems highlight the urgent need for increased security measures and enforcement actions. [ more ]

www.mercurynews.com

Information security

US officials warn cyberattacks on water systems are increasing

Cyberattacks on water utilities are increasing in frequency and severity, with 70% of inspected utilities violating breach prevention standards. [ more ]

CyberScoop

Information security

EPA will step up inspections of water sector cybersecurity

The EPA is increasing security inspections for water utilities due to rising cybersecurity threats, citing non-compliance with security requirements. [ more ]

moreepa

ITPro

Information security

Healthcare cyber attacks have surged in 2024 - this new program aims to improve security

A $50 million project aims to enhance hospital IT system updates and security against ransomware risks through the ARPA-H Upgrade program. [ more ]

Exponential-e Ltd.

Information security

UK Government ponders major changes to ransomware response - what you need to know

The British Government is proposing significant changes to its approach to ransomware attacks, including mandatory reporting, licensing for extortion payments, and a ban on ransom payments for critical infrastructure. [ more ]

WIRED

Information security

'TunnelVision' Attack Leaves Nearly All VPNs Vulnerable to Spying

TunnelVision attack diverts VPN traffic, exposing it to attackers, potentially compromising user data and privacy. [ more ]

Aisi

Artificial intelligence

Grants | AISI

Systemic AI safety focuses on understanding and intervening in the systems and infrastructure AI operates in, requiring diverse expertise for research and development. [ more ]

Theregister

Information security

China-aligned cyber-crooks operating since 2018 unmasked

Bitdefender exposes Chinese cyber-espionage group Unfading Sea Haze, utilizing sophisticated methods for espionage, remaining elusive and targeting government and military entities. [ more ]

Nextgov.com

Information security

Google Cloud obtains FedRAMP High certification for more than 100 services

Google Cloud achieves FedRAMP High certification for over 100 services, ensuring robust security standards for commercial customers equal to government users. [ more ]

TechRepublic

Privacy professionals

CISOs in Australia Urged to Take a Closer Look at Data Breach Risks

Australian organizations need to shift their view of data risk and governance to avoid future cyber threats and regulatory scrutiny. [ more ]

ComputerWeekly.com

Information security

Rockwell urges users to disconnect ICS equipment | Computer Weekly

Disconnect industrial control systems from public internet due to increased threat activities and CVE vulnerabilities. [ more ]

ITPro

Information security

Enterprises are bogged down with disparate cyber tools - here's why a 'platform security' approach could tackle growing complexity

Enterprises need to shift towards a holistic security strategy rather than reacting to specific threats. [ more ]

CyberScoop

Information security

Chinese-linked hacking units increasingly use 'ORBs' to obfuscate espionage, researchers say

Chinese hackers hide behind obfuscation networks for espionage, using ORBs to complicate detection by routing traffic through compromised devices. [ more ]

Capital Brief - Business news and politics for the new economy

Artificial intelligence

Extortion attempt: WiseTech CEO says criminals tried to impersonate him using AI

AI's impact is described as 'unstoppable' by WiseTech Global CEO Richard White. [ more ]

MedCity News

Information security

5 Things to Know About the Sorry State of Healthcare Cybersecurity - MedCity News

Cybercriminals target healthcare organizations globally, necessitating increased cybersecurity efforts and third-party risk evaluation for resilience. [ more ]

Theregister

Information security

Veeam says critical flaw can't be abused to trash backups

Veeam's critical vulnerability in VBEM (CVE-2024-29849) cannot lead to deleting backups due to immutable backups and security measures. [ more ]

ITPro