Hackers have been selling data stolen from an online health insurance marketplace used by members of Congress and residents of Washington, D.C. The cause, size and scope of the breach are still unknown. The data pertains to "numerous" lawmakers as well as their spouses, dependents and employees.
A dozen U.S. senators on Tuesday introduced legislation backed by the White House charging the federal government with initiating a process to systematically block foreign technology from reaching the domestic market when the tech poses a national security threat.
Cybersecurity will take its place alongside chemical contaminant removal as an element the U.S. Environmental Protection Agency says public water systems must mitigate. "Cyberattacks that are targeting water systems are real and a significant threat," said an EPA official.
Internet domain registrar GoDaddy says it is the victim of a yearslong hacking campaign that installed malware on internal systems and obtained source code. The hackers' "apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution," the company says.
The FBI is investigating a hack of its computer network. “This is an isolated incident that has been contained. As this is an ongoing investigation the FBI does not have further comment to provide at this time," the bureau said in a statement provided to Information Security Media Group.
Chris Inglis, head of the Office of the National Cyber Director in the White House, stepped down from the position. The widely anticipated move comes as the Biden administration finalizes a national cyberspace strategy expected to call for more regulation and the disruption of malicious actors.
The California city of Oakland is in a state of emergency as its response to a ransomware attack enters its second week. The attack did not affect emergency systems, including 911 dispatch and fire services, or the city's financial systems, the city says.
Russian operators of the TrickBot banking Trojan that later evolved into a ransomware dropper felt trans-Atlantic pressure Thursday through sanctions imposed by the United States and the United Kingdom and an indictment against a senior figure unsealed by U.S. federal prosecutors in New Jersey.
The German government selected a new president for the Federal Office for Information Security, better known as BSI. Claudia Plattner, currently serving as the European Central Bank's director general of information systems, is set to lead the agency starting on July 1.
Denis Mihaqlovic Dubnikov, 30, pleaded guilty in U.S. federal court to conspiracy to commit money laundering. Federal prosecutors say the Russian national laundered more than $400,000 for the Ryuk ransomware-as-a-service gang. He faces up to 20 years in prison and a potential fine of $500,000.
The insider threat hacker who attempted to extort $1.9 million out of Ubiquiti Networks faces sentencing in May after pleading guilty to three crimes in federal court. The hacker, Nickolas Sharp, was the company's cloud lead and was on the team remediating the security incident he caused.
The FTC has for the first time enforced its almost 14-year-old health data breach notification rule. It hit a telehealth and prescription drug discount provider with a $1.5 million civil penalty for failing to inform consumers that it shares their data with advertisers and other third parties.
Premiums for cyber insurance have climbed sharply along with global rates of ransomware. But signs of increased competition and capital inflows suggest the cyber insurance market may be softening, Marsh executive Sarah Stephens told a U.K. parliamentary committee.
A periodic stress test assessment of U.K. insurers by the Bank of England found underwriters mostly withstood extreme cyber events. Still, underwriters may not be operating from the same set of assumptions when it comes to the likelihood of having to manage an actual extreme cyber event.
The FBI penetrated the network of the Hive ransomware group, which has a history of attacking hospitals. A multinational operation seized the ransomware-as-a-service group's leak site and two servers located in Los Angeles. U.S. law enforcement said an investigation is ongoing.