Victims Sue Financial Firms Over MOVEit Data Breaches
Financial services firms affected by the mass attack on MOVEit file-sharing software are among the latest to face lawsuits from affected individuals. One such lawsuit, filed against Prudential, wants the firm to pay for 10 years of identity theft monitoring service since stolen Social Security numbers cannot be replaced. So far 998 organizations are known…
White House Pushes Cybersecurity Defense for K-12 Schools
The Biden administration says it want to get ahead of ransomware attacks against schools before tens of millions of pupils resume studies later this month. Typically understaffed and underfunded when it comes to cybersecurity, American K-12 schools have experienced a ramp-up in ransomware attacks, particularly after the novel coronavirus pandemic forced hasty adoption of remote…
TSA Updates Pipeline Cybersecurity Requirements
The security directive for pipeline owners and operators — released following the disruptive cyberattack that hit Colonial Pipeline in 2021 — requires them to implement measures to improve their defenses against cyberattacks. The TSA updated the requirements in July 2022 to offer more flexibility in achieving the outlined goals. Exactly one year later, the agency…
Ivanti Zero-Day Exploit Disrupts Norway’s Government Services
A zero-day authentication bypass vulnerability in Ivanti software was exploited to carry out an attack on the Norwegian Ministries Security and Service Organization. The attack affected communications networks at 12 Norwegian government ministries, according to the original statement, preventing employees in those departments from accessing mobile services and email. The government noted that the Prime…
Orgs Face Record $4.5M Per Data Breach Incident
The average cost per data breach for business in 2023 jumped to $4.45 million, a 15% increase over three years. But instead of investing in cybersecurity, 57% of breached organizations told IBM they were inclined to just pass those costs onto consumers. The final total for the year could be even higher: With organizations struggling…
Ukrainian Police Shutter Propaganda-Spreading Bot Farm
Ukrainian law enforcement dismantled yet another bot farm spreading Russian propaganda over social media. The Ukrainian Cyber Police raided 21 locations across the country and seized computer equipment, mobile phones and more than 250 GSM gateways, including 150,000 SIM cards of different mobile operators used in the illicit activities to create fake social media profiles….
How the EU AI Act Will Affect Businesses, Cybersecurity
Experts are ringing the alarm bells over the risks unfettered development of artificial intelligence (AI) technology could pose to humanity. Enter the European Union (EU), already a leader in data protection and privacy rights, where the EU Parliament has agreed on a law governing AI technology. Jonathan Dambrot, CEO of Cranium, says it’s not surprising…
Security LeadHER Wraps Groundbreaking Inaugural Conference for Women in Security
ASIS International and the Security Industry Association (SIA) closed out the inaugural Security LeadHER conference this week, celebrating a successful and groundbreaking first event held June 12-13 in Nashville, Tennessee. The event was dedicated to advancing, connecting and empowering women in the security profession. Approximately 300 current and future “LeadHERs” and attendees of all backgrounds…
Gozi banking malware “IT chief” finally jailed after more than 10 years
Yesterday, we wrote about cybercrime charges that were finally unsealed for a massive cryptocurrency heist that was allegedly conducted over a three-year period starting back in 2011. Today’s long-term cybercrime justice story concerns the last member of the so-called Gozi Troika, three men who were originally charged in January 2013 for malware-related crimes that apparently…
Iranian Hackers Deploy New Ransomware Against Israeli Firms
Security researchers have discovered an Iran-linked APT group carrying out a new chain of ransomware attacks using a new strain of malware against Israeli organizations. Researchers at Check Point found a ransomware strain called Moneybird that is reminiscent of the Iranian Agrius group’s previous campaigns. Agrius gained notoriety for targeting Israel-based entities with wiper variants,…
