Australian consumer lender Latitude Financial Services anticipates its spring cybersecurity incident will cost it up to AU$105 million, which includes a five-week period during which debt collection systems were severely affected by the attack. Hackers demanded extortion from the non-bank creditor after stealing data pertaining to 14 million customers, including nearly 8 million Australian and…

Not all ransomware groups wield crypto-locking malware. In their continuing quest for extortionate profits, some have moved away from encryption and pressure victims purely by threatening to leak stolen data unless they receive a ransom payment. This seems to have been the case for BianLian, a prolific ransomware group that emerged in the summer of…

Last year was another bonanza in zero-days for Chinese state hackers, say security researchers in a report predicting a permanent uptick in nation-state exploitation of yet-unpatched vulnerabilities. Data taken from original research by cybersecurity firm Mandiant and from open-source reporting suggests zero-day exploitation is generally trending upward despite fluctuation from year to year in the…

Hackers earlier this month maliciously encrypted a system belonging to the U.S. Marshals Service, compromising and exfiltrating sensitive data law enforcement data. Department of Justice officials classify the attack as a “major incident,” said NBC, which broke news of the attack. Exposed data include returns from legal process, administrative information and personal identifiable information pertaining…

A leader of an international crime network that attempted to launder more than $25 million in fraudulently obtained funds, including through business email compromise, received a sentence of more than a decade in prison. Valentine Iro, 34, pleaded guilty in October 2020 to one count of conspiracy to engage in money laundering. He was sentenced…

A Russian national accused by U.S. federal prosecutors of developing an application for decrypting login credentials pleaded not guilty during a first appearance in Tampa federal court. The man, Dariy Pankov – also known as “dpxaker” – faces seven criminal counts including conspiracy, access device fraud and computer fraud. On Wednesday in the courthouse for…

Attackers this week locked up the business of London-based ION Cleared Derivatives, a software firm that supports derivatives trading, forcing major European banks to process trades manually and prompting a major futures exchange to delay the settlement of trades for two hours. ION Cleared Derivatives, part of ION Group which offers software designed to automate…

U.S. government and industry authorities are warning the healthcare sector of a surge in distributed-denial-of-service attacks in recent days against hospitals and other medical entities instigated by Russian nuisance hacking group KillNet. The American Hospital Association on Monday issued an alert for its members based on a warning also issued Monday by the Department of…

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity and privacy issues, including why being a CISO is like being the first family doctor in a small village, why you can’t trust ransomware gangs such as LockBit, and why cloud security vendor Netskope took on $401 million in debt…

Ransomware continues to be the United Kingdom’s most prominent cybersecurity threat, and the country can expect to see a surge in destructive attacks in 2023, warns the former head of the U.K.’s national cybersecurity agency. Oxford University professor Ciaran Martin says that while overall ransomware activities across the world slumped in 2022, attacks are likely…