Major open-source software projects are warning that more pieces of code than XZ Utils may have been backdoored by attackers, based on ongoing supply-chain attack attempts that have targeted "popular JavaScript projects," apparently seeking to trick them into sharing code maintainer rights.
North Korean hackers with an affinity for establishing rapport with targets via social engineering and email are getting smarter about bypassing anti-spam protections and using tracking pixels, say researchers. The group, codenamed Kimsuky, has been operational since 2012.
The FTC has proposed restricting a mental telehealth service firm from sharing consumer data and requiring it to pay a $7 million penalty to settle allegations that the firm used online tracking tools to unlawfully disclose sensitive health information to third-party advertisers without consent.
A global law firm that provides data breach legal services has agreed to an $8 million settlement to resolve a proposed class action lawsuit filed against the firm in the aftermath of its cyberattack last year, which affected some health sector clients and nearly 638,000 individuals.
As the Sam Bankman-Fried courtroom saga continues, crypto policy expert Ari Redbord discusses the sentencing's impact of the FTX founder on the ecosystem and regulations, what lies ahead for the industry and approaches to curbing illicit finance threats in the space.
Israel Defense Forces reported the launch of rockets by Iran from Lebanon into Israel on Saturday. Hezbollah militants claim responsibility, citing retaliation for recent Israeli actions and solidarity with Palestinians in Gaza, according to reports.
Air Force Gen. Timothy Haugh told the Senate Armed Services Committee the U.S. Cyber Command carried out nearly two dozen defensive cyber operations across the globe in 2023, expanding in size and scope since the "hunt forward" teams were first launched in 2014.
At many financial institutions, your voice is your password. Tiny variations in pitch, tone and timbre make human voices an ideal method for authenticating customers - as long as computers can't be trained to synthesize those pitch, tone and timbre characteristics in real time. They can.
In the latest weekly update, four ISMG editors discussed the unending twists and turns in the Change Healthcare cyberattack, positive signs of economic recovery in the cybersecurity tech market, and how artificial intelligence is shaking up supply chain security.
The IT services disruptions resulting from the Change Healthcare cyberattack is continuing to have a "devastating" effect on physician practices, threatening the financial viability of many and posing serious implications to patient care, said the American Medical Association in a new study.
This week, Sisense supply chain attack, a likely Romanian botnet, Patch Tuesday, an Apple spyware warning and AT&T notifies customers of breach. Alcohol counselor Monument shared data with Meta, a breach of Home Depot employee data, a breach at Targus and a threat actor targeted Moroccan activists.
The U.S. Cybersecurity and Infrastructure Security Agency publicly released an emergency directive Thursday requiring impacted federal agencies to take immediate remediation measures amid continued fallout from the Russian state-sponsored hacking of Microsoft that began in late November.
This week, Google sued alleged crypto fraudsters, Mango Markets exploiter's trial began, Do Kwon and Terraform Labs are liable for civil fraud, Taiwanese prosecutors indicted ACE Exchange's co-founder, Wormhole nearly gave $40,000 to hackers and a Binance executive pleaded not guilty in Nigeria.
Threat actors behind malware distribution platform Raspberry Robin worm have shifted tactics to make the malware harder to detect and for researchers to analyze. Hackers deploying Raspberry Robin - often a precursor to a ransomware attack - now use Windows Script Files.
Cybercriminals launched 7.78 million attacks against U.K. businesses and nearly 1 million against charity organizations, according to the latest U.K. government survey report. But fewer than half of those firms reported the incidents to authorities, something researchers say is a concerning trend.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.