A fertility testing laboratory has agreed to improve its data security practices and pay up to $1.25 million to settle a consolidated class action lawsuit filed in the wake of a 2021 ransomware attack that compromised sensitive health information of about 350,000 patients.
A U.S. federal watchdog said government agencies could better synchronize efforts to improve water and wastewater sector cybersecurity efforts and faulted the Cybersecurity and Infrastructure Security Agency for not coordinating well with the Environmental Protection Agency.
In the latest weekly update, ISMG editors discussed how the surge in API usage poses challenges for organizations, why good governance is so crucial to solving API issues and how The New York Times' legal action against OpenAI and Microsoft highlights copyright concerns.
In a year in which the financial impact of cyberattacks has more than doubled to $1.4 million, organizations are exploring generative artificial intelligence but so far mostly sticking to machine learning, Dell reported on Tuesday after surveying 1,500 IT and security decision-makers.
Ransomware-wielding attackers show no signs of stopping, and experts report December 2023 was the second-worst month on record for known victims. Lately, Akira-wielding attackers have been hitting Finland hard, and Medusa has been behind a rising number of attacks.
Financially motivated Turkish hackers are targeting Microsoft SQL servers in the United States, Europe and Latin America in hacking that ultimately ends with deployment of Mimic ransomware or the sale of access to infected hosts on criminal online markets.
The SASE marketplace has evolved significantly since it first emerged in 2019, and enterprises today can see the stark differences between piecemeal and integrated solutions. Kumar Ramachandran of Palo Alto Networks and Ganesh Devarajan of Accenture talk about the power of platform and services.
Fraudsters have long relied on mule accounts to deposit proceeds from a variety of scams, but financial crimes investigators are seeing a shift to dropped accounts, which can be opened and quickly discarded to evade detection by law enforcement, said M&T Bank's Karen Boyer.
This week: Microsoft addressed 48 security flaws, AsyncRAT targeted critical infrastructure operators, the Supreme Court rejected X Corp.'s bid to disclose national security requests, hackers hit Beirut airport flight displays, the FTC banned Outlogic from sharing sensitive location data, and more.
While cybercriminals and advanced persistent threat groups have long abused legitimate internet services both to scale and disguise various types of attacks, a new report warns of a growing challenge posed by the illegitimate use of GitHub and offers essential defenses for users.
Hackers possibly connected to the Chinese government since December have exploited two zero-days in a VPN from software developer Ivanti that is widely used by governments and corporations, and a patch won't be available until later this month.
This week, hackers ran crypto phishing scams on X accounts, the SEC approved bitcoin ETP, hackers stole $3.4 million from Gamma, dYdX detailed post-hack steps, CertiK published 2023 hack stats, TRM Labs discussed North Korean hacking and Apple India blocked users from offshore crypto exchanges.
The European Union adopted regulations on cyber hygiene intended to beef up cybersecurity at EU government agencies amid concerns that trading bloc institutions have failed to keep pace with mounting digital threats. European agencies lack "cyber preparedness commensurate with the threat."
The European Commission took preliminary steps toward investigating Microsoft's financial interest in ChatGPT maker OpenAI under the trading bloc's antitrust regulation. The Tuesday announcement marks the second instance of official interest in Microsoft's investments in the generative AI firm.
Cybercriminals are extorting some patients and threatening them with swatting in the wake of a recent cyberattack on a Seattle cancer center. The incident, stemming from a Citrix Bleed exploit, has triggered multiple lawsuits and affected the personal data of at least 1 million people.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.