Latest

Cyberwarfare / Nation-State Attacks

US Sanctions North Korean Cyber Unit After Satellite Launch

Chris Riotta  •  November 30, 2023

The United States on Thursday sanctioned North Korean cyberespionage threat actor Kimsuky, known for its social engineering campaigns against targets it suspects of holding intelligence on geopolitical events and negotiations affecting the Hermit Kingdom.

Fraud Management & Cybercrime

Capital Health in NJ Is Responding to a Cyberattack

Marianne Kolbasuk McGee  •  November 30, 2023

New Jersey-based hospital group Capital Health is dealing with a network outage, caused by a cyberattack earlier this week, which is affecting some patient services. Capital Health is at least the second healthcare provider in the Garden State responding to a cyberattack this week.

Fraud Management & Cybercrime

NY AG Warns of ID Theft Risk in Medical Transcription Hack

Marianne Kolbasuk McGee  •  November 30, 2023

New York regulators are warning millions of individuals of identity theft risks involving a data theft at a medical transcriber that has now affected patients of at least two major healthcare groups, including Crouse Health and Northwell Health in the state. Lawsuits in the case are also piling up.

Governance & Risk Management

NIST Says Federal Agencies Struggling to Achieve Zero Trust

Chris Riotta  •  November 30, 2023

A National Institute of Standards and Technology official said agencies are facing a variety of challenges in implementing enterprisewide zero trust architectures, from a lack of insight into their network components to difficult decisions around legacy systems and costly procurement initiatives.

Cybercrime

Breach Roundup: Ukraine Hacks Russian Aviation Agency

Anviksha More  •  November 30, 2023

This week, Ukraine's intelligence service hacked Russian aviation agency, a cyberattack targeted Japan's space agency, Google addressed another zero-day, a French-led operation dismantled a Ukrainian ransomware group, and spyware targeted Serbian civil society.

Blockchain & Cryptocurrency

Cryptohack Roundup: KyberSwap Hacker Demands Control

Mihir Bagwe  •  November 30, 2023

This week, a KyberSwap hacker demanded total control, the U.S. Treasury called for additional tools to sanction crypto baddies, the Aerodrome and Velodrome DeFi platforms' front ends were hacked, a scam-as-a-service wallet drainer shut down, Indexed Finance thwarted hijacking attempts, and more.

Government

Experts Urge Congress to Establish Clear SBOM Guidance

Chris Riotta  •  November 29, 2023

Procurement experts testified to the House Subcommittee on Cybersecurity, Information Technology, and Government Innovation on Wednesday that government requirements leave too many unanswered questions and ambiguities for federal agencies when it comes to implementing SBOMs.

Artificial Intelligence & Machine Learning

US House Members Eye Potential Regulations in Healthcare AI

Marianne Kolbasuk McGee  •  November 29, 2023

As Congress weighs potential legislative and regulatory guardrails for the use of AI in healthcare, issues such as human oversight, privacy and security risk need close attention, said healthcare industry experts who testified during a House Energy and Commerce subcommittee hearing on Wednesday.

Cybercrime

Japanese Space Agency Investigates Active Directory Hack

Jayant Chakravarti  •  November 29, 2023

The Japanese space exploration agency is investigating a cyberattack this summer that reportedly targeted an Active Directory server. Police detected the attack and alerted the space agency, which claims hackers did not access any personal information.

Blockchain & Cryptocurrency

US Sanctions, Seizes Sinbad Cryptomixer

David Perera  •  November 29, 2023

The U.S. federal government Wednesday added cryptocurrency mixer Sinbad.io to a growing blacklist of virtual asset platforms under sanctions that prevent Americans from doing business with them. The FBI seized the Sinbad website in an international operation.

Cloud Security

Attackers Actively Target Critical ownCloud Vulnerability

Mathew J. Schwartz  •  November 29, 2023

Security researchers say attackers are actively attempting to exploit a critical vulnerability in unpatched ownCloud implementations, which they can use to steal credentials and other secret information. Last month, ownCloud said it had sent all users a security alert and updates to fix the flaws.

Artificial Intelligence & Machine Learning

Generative AI Technology Leads AWS Agenda at re:Invent 2023

Rahul Neel Mani  •  November 28, 2023

In an effort to upstage Microsoft in the AI space, AWS CEO Adam Selipsky invited NVIDIA CEO Jensen Huang and Dario Amodei, co-founder of Anthropic, to share the stage at AWS re:Invent 2023. Selipsky committed to integrating generative AI across AWS solutions and guardrails to secure customer data.