Biden’s Executive Order covers personal and sensitive information such as biometric, financial, genomic, geolocation, and personal health data, as well as specific types of personally identifiable information. “Bad actors can use this data to track Americans (including military service members), pry into their personal lives, and pass that data on to other data brokers and…
A campaign by Russian military intelligence to convert Ubiquiti routers into a platform for a global cyberespionage operation began as early as 2022, U.S. and foreign intelligence agencies said. The U.S. federal government earlier this month disrupted a botnet built from hundreds of Ubiquiti routers by a hacking unit of Russian military’s Main Intelligence Directorate,…
A group of attackers targeting Ukraine-affiliated organizations has been delivering malicious payloads hidden within the pixels of image files. Known as steganography, it is just one of many advanced techniques the group uses to evade detection as part of a malware loader known as IDAT. Tracked as UAC-0184 by several security firms, as well as…
A dangerous vulnerability in Apple Shortcuts has surfaced, which could give attackers access to sensitive data across the device without the user being asked to grant permissions. Apple’s Shortcuts application, designed for macOS and iOS, is aimed at automating tasks. For businesses, it allows users to create macros for executing specific tasks on their devices,…
New Biden administration cybersecurity standards for U.S. maritime ports mark a crucial step toward addressing long-ignored vulnerabilities in IT and OT systems across the critical infrastructure sector, experts told Information Security Media Group. An executive order released Wednesday institutes mandatory requirements to report cyber incidents that could endanger “any vessel, harbor, port or waterfront facility.”…
Global law-enforcement authorities including the FBI have disrupted the activities of the formidable LockBit ransomware gang, taking control of its platform and seizing data associated with its global ransomware-as-a-service (RaaS) operation. Information obtained by the operation — called Operation Cronos — includes source code, details of ransomware victims, stolen data, decryption keys, and the amount…
In November 2023, researchers from ThreatFabric observed a resurgence of the Anatsa banking Trojan, aka TeaBot and Toddler. Between November and February, the experts observed five distinct waves of attacks, each focusing on different regions. The malware previously focused its activities on the UK, Germany, and Spain, but the latest campaigns targeted Slovakia, Slovenia, and…
Microsoft released its batch of monthly security updates this month covering 73 vulnerabilities, including two zero-day flaws exploited in the wild. While organizations should prioritize all critical and high-risk issues, there is one critical vulnerability in Outlook that researchers claim could open the door to trivial attacks that result in remote code execution. Dubbed MonikerLink…
Advanced persistent threats (APTs) aligned with China, Iran, North Korea, and Russia are all using large language models (LLMs) to enhance their operations. New blog posts from OpenAI and Microsoft reveal that five major threat actors have been using OpenAI software for research, fraud, and other malicious purposes. After identifying them, OpenAI shuttered all their…
Yoon’s office said the cyberattack only affected the personal account of the unidentified employee, who violated security protocols by partially using commercial email services to handle official duties. Officials did not specify what type of information was stolen from the staff member’s personal emails but stressed that the office’s overall security system was not affected….
White House Issues Executive Order on International Data Protection
