Skip to content

Risk

Security and Technology news from various third party sources. All attribution remains the property of the original authors

203 Topics 203 Posts
  • 0 Votes
    1 Posts
    46 Views
    CerberusC

    Bipartisan Bill Would Require 24-Hour Ransom Notice, 72-Hour Incident Report
    A bipartisan effort to implement cybersecurity incident reporting and the tracking of ransomware payments has been introduced by leaders of the Senate Homeland Security and Governmental Affairs Committee. While it differs from legislation introduced in July, lawmakers hope to reconcile the bills.

    https://www.inforisktoday.co.uk/new-legislation-eyes-both-ransom-incident-reporting-a-17650

  • 0 Votes
    1 Posts
    34 Views
    CerberusC

    Neither Firm Has Fixed Issue, Researchers Say
    Researchers at the University of Birmingham and University of Surrey say they have uncovered a vulnerability in the Apple Pay-Visa setup that could allow hackers to bypass iPhone’s Apple Pay lock screen, perform contactless payments and skirt transaction limits.

    https://www.inforisktoday.co.uk/apple-pay-visa-vulnerability-may-enable-payment-fraud-a-17648

  • 0 Votes
    1 Posts
    43 Views
    CerberusC

    Microsoft Sparred with SecureWorks Over Impact But Relents
    Microsoft has indicated it will make changes to reduce the risk around what a security vendor says is a vulnerability that lets attackers run brute-force credential attacks against Azure Active Directory. The issue was reported to Microsoft in June by SecureWorks’ Counter Threat Unit.

    https://www.inforisktoday.co.uk/microsoft-will-mitigate-brute-force-bug-in-azure-ad-a-17646

  • 0 Votes
    1 Posts
    38 Views
    CerberusC

    CISA Warns of ‘Widespread Exploitation’ for 1 Critical Bug
    Cybersecurity vendor VMware has published a security advisory detailing 19 vulnerabilities affecting its vCenter server and Cloud Foundation products and has released fixes for all of them. One of the flaws has a high CVSS of 9.8, and CISA is warning of its “widespread exploitation.”

    https://www.inforisktoday.co.uk/vmware-discloses-releases-fixes-for-19-bugs-in-products-a-17645

  • 0 Votes
    1 Posts
    39 Views
    CerberusC

    PII, PHI for 35,000 Individuals Potentially Stolen in Incident
    A Philadelphia-based mental health services provider has begun to notify tens of thousands of individuals that their health and personal information was potentially viewed or stolen by hackers in a data security incident discovered more than six months ago.

    https://www.inforisktoday.co.uk/mental-health-clinic-notifies-patients-6-months-after-hack-a-17642

  • 0 Votes
    1 Posts
    37 Views
    CerberusC

    Group-IB’s Ilya Sachkov Arrested on Treason Charges; Cybersecurity Leaders Speak Out
    The founder of Group-IB, one of Russia’s largest cybersecurity companies, has been detained on state treason charges and will be held in custody for two months, with alleged crimes punishable by up to 20 years in prison, according to wire reports.

    https://www.inforisktoday.co.uk/top-russian-cybersecurity-ceo-charged-treason-a-17644

  • NSA, CISA Release VPN Security Guidance

    1
    0 Votes
    1 Posts
    55 Views
    CerberusC

    Agencies Offer Advice on Minimizing Attack Surface
    In a bid to address security risks associated with the use of virtual private network solutions, the National Security Agency and the Cybersecurity and Infrastructure Security Agency on Tuesday offered government leaders guidance on selecting remote access VPNs and strengthening their security.

    https://www.inforisktoday.co.uk/nsa-cisa-release-vpn-security-guidance-a-17640

  • 0 Votes
    1 Posts
    39 Views
    CerberusC

    Hearing: Researchers Liken Major Platforms to a ‘Disinformation Black Box’
    Cybersecurity and computer science experts testifying before Congress on Tuesday expressed concerns about their inability to access key social media data sets that could allow them to analyze and potentially counter the spread of misinformation.

    https://www.inforisktoday.co.uk/experts-slam-social-media-platforms-data-policies-a-17635

  • 0 Votes
    1 Posts
    38 Views
    CerberusC

    Senators Introduce Bill to Task Treasury Department with Mining Assessment
    A bipartisan bill has been introduced in the U.S. Senate which, if passed, would find the Treasury Department actively monitoring cryptocurrency mining abroad, as well as its ultimate impact on U.S. supply chains for critical resources, including semiconductors.

    https://www.inforisktoday.co.uk/bipartisan-us-senate-bill-eyes-cryptomining-oversight-a-17636

  • 0 Votes
    1 Posts
    42 Views
    CerberusC

    ShapeShift’s Systems Reduced Privacy for Monero, Researcher Says
    Weaknesses in the systems of ShapeShift, a U.K.-based cryptocurrency exchange, reveal how a North Korean-linked group laundered cryptocurrency that came from the WannaCry 2.0 attack four years ago. The issues undermined some protections in Monero, a cryptocurrency designed to provide a high degree of privacy.

    https://www.inforisktoday.co.uk/crypto-exchange-bug-reveals-north-korean-monero-laundering-a-17629

  • 0 Votes
    1 Posts
    35 Views
    CerberusC

    Microsoft: Malware Creates Backdoor to Exfiltrate Sensitive ADFS Server Data
    The Russia-linked cyberespionage group Nobelium, which was responsible for the SolarWinds supply chain attack, has developed and deployed a new malware, dubbed FoggyWeb, according to a Microsoft Threat Intelligence Center security blog. Microsoft says FoggyWeb creates a backdoor to exfiltrate data.

    https://www.inforisktoday.co.uk/russia-linked-nobelium-deploying-new-foggyweb-malware-a-17632

  • 0 Votes
    1 Posts
    46 Views
    CerberusC

    Analysis of Latest Major Health Data Breaches Posted to HHS OCR Website
    Hacking incidents - especially those involving ransomware attacks and vendors - continue to rack up some of the largest victim counts in major health data breaches being reported to federal regulators in 2021. Will the trend continue?

    https://www.inforisktoday.co.uk/ransomware-vendor-breaches-spike-on-federal-tally-a-17634

  • 0 Votes
    1 Posts
    47 Views
    CerberusC

    Researchers Say Trojan Steals Data from Steam, Epic Games Stores, EA Origin
    Researchers at cybersecurity firm Kaspersky have discovered an advanced Trojan, dubbed BloodyStealer, stealing gamer accounts and data from platforms such as Steam, Epic Games Stores and EA Origin. They say there is a demand for this type of data among cybercriminals.

    https://www.inforisktoday.co.uk/new-malware-bloodystealer-targets-gaming-accounts-a-17631

  • 0 Votes
    1 Posts
    39 Views
    CerberusC

    Video Security Tech Firm Releases Firmware Update to Fix Vulnerability
    A security researcher who goes by the alias Watchful_IP has discovered a command injection vulnerability that could potentially affect millions of Hikvision’s IoT devices. The video security solutions provider says it has fixed the flaw and rolled out a firmware update for its end users.

    https://www.inforisktoday.co.uk/critical-flaw-may-affect-millions-hikvision-devices-a-17625

  • 0 Votes
    1 Posts
    46 Views
    CerberusC

    Trump-Era Mandate Calls for Verifying IDs of Foreign IaaS Account Holders
    The U.S. Department of Commerce is soliciting input on a Trump administration cybersecurity executive order that requires cloud providers to verify the identities of certain users - particularly cyber actors potentially operating abroad and leveraging U.S. cloud technologies.

    https://www.inforisktoday.co.uk/us-commerce-officials-seek-comment-on-iaas-executive-order-a-17626

  • 0 Votes
    1 Posts
    40 Views
    CerberusC

    Lisa J. Pino Served at DHS During OPM’s Mega-Breach Mitigation
    The Department of Health and Human Services has named Lisa J. Pino - a former Department of Homeland Security official charged with mitigating the massive 2015 cyberattack on Office of Personnel Management - as the new director of its HIPAA enforcement agency.

    https://www.inforisktoday.co.uk/former-dhs-official-to-lead-hhs-hipaa-enforcement-agency-a-17627

  • 0 Votes
    1 Posts
    40 Views
    CerberusC

    Canal de Isabel II Suspends Its Telephone Services
    GSS, the Spanish and Latin America division of Europe’s largest call center provider Covisian, has informed that it has been subjected to a ransomware attack, which froze its IT systems and crippled call centers across its Spanish-speaking customer base.

    https://www.inforisktoday.co.uk/ransomware-attack-reportedly-cripples-european-call-center-a-17619

  • 0 Votes
    1 Posts
    46 Views
    CerberusC

    2 Proposed Class Actions Filed in Incident Affecting Nearly 496,000 Individuals
    Two proposed class action lawsuits filed this week in a California federal court allege negligence and a variety of other claims against UC San Diego Health in the wake of a phishing incident that affected nearly 496,000 individuals.

    https://www.inforisktoday.co.uk/lawsuits-negligence-led-to-uc-san-diego-health-incident-a-17618

  • 0 Votes
    1 Posts
    48 Views
    CerberusC

    Discussion Also Tackles Kaseya Ransomware Decryption Key, Raising Enterprise Security Posture
    Four editors at Information Security Media Group discuss important cybersecurity issues, including the rise of quadruple extortion attacks employed by ransomware gangs, the FBI reportedly withholding the Kaseya ransomware decryption key for weeks, and raising security posture during a pandemic.

    https://www.inforisktoday.co.uk/ismg-editors-panel-rise-quadruple-extortion-attacks-a-17612

  • 0 Votes
    1 Posts
    50 Views
    CerberusC

    Jen Easterly Offered Details of Investigation That Led to Joint Security Alert
    During testimony before a U.S. Senate committee hearing Thursday, CISA Director Jen Easterly told lawmakers that a recent joint alert issued by her agency, the FBI and the Coast Guard Cyber Command stemmed from an attempted attack against the Port of Houston in August.

    https://www.inforisktoday.co.uk/cisa-director-attackers-targeted-port-houston-a-17614