Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.
Ride-hailing app maker Uber says a data breach at a third party is responsible for the appearance on a hacking forum of internal data. The data is unrelated to the September incident Uber experienced after a hacker affiliated with Lapsus$ penetrated the company network, an Uber spokesperson says.
A human resources outsourcing firm reportedly underwent a data breach from its own outsourced cloud computing storage provider. The company, San Francisco-based Sequoia One, did not respond to multiple requests for comment from Information Security Media Group.
Smartphone giant Apple says that starting later this year, users can enable end-to-end encryption of iPhone backups stored in the company's commercial cloud. Apple took pains to frame its announcement in the context of cloud computing data breaches.
The Conservative U.K. government said it will propose updates to the country's main cybersecurity regulation, including a requirement for the private sector to reimburse the public sector for enforcement activities. The government downplayed concerns that it could create perverse incentives.
The oil pipeline and rail sectors could be required to implement cyber risk management following the Transportation Security Administration's initiation of a rule-making process. The Biden administration is pressuring critical infrastructure operators through voluntary measures and new regulation.
Twitter accounts that use SMS for two-factor authentication are at a heightened risk of account takeover with the disclosure that texting "STOP" to the verification service results in it being turned off. The vulnerability opens the door to a password reset attack or a password stuffing attack.
Embattled social media platform Twitter lost its chiefs of security, privacy and compliance, and the resignations put the company and its new owner, Elon Musk, at greater risk of regulatory enforcement. The company signed a binding two-decade agreement with the U.S. Federal Trade Commission in May.
Microsoft released patches fixing a pair of Exchange vulnerabilities revealed publicly in late September and collectively known as ProxyNotShell. The computing giant assesses with "medium confidence" that state-sponsored hackers have exploited the now-squashed bugs.
Federal agents seized more than 50,000 in bitcoin stolen from Silk Road a decade ago by a man who until recently owned a Tennessee real estate development firm. James Zhong, 32, pleaded guilty Friday to one count of wire fraud while prosecutors seek to formally claim the cryptocurrency.
SolarWinds, maker of network management software famously hacked by the Russian government, may be the subject of an investigation by the U.S. Securities and Exchange Commission after staff made a preliminary determination in its favor. The company says it will contest the staff recommendation.
DropBox is the latest company to have employees fall for phishing emails tricking them into supplying login credentials and a one time password to threat actors. Hackers got away with copies of 130 code repositories. The company says it's speeding up an internal transition to Web Authentication.
Cookie and cracker giant Mondelez International settled litigation launched in 2018 against Zurich Insurance after the underwriter denied a claim for property damages stemming from the NotPetya malware wave. Similar litigation initiated by pharmaceutical giant Merck against its insurers continues.
The Biden administration-led International Counter Ransomware Initiative that includes three dozen countries and the European Union ended a two-day huddle at the White House, emerging to vow more data-sharing and anti-money laundering measures from cryptocurrency trading platforms.
The OpenSSL Project downgraded the urgency of a patch issued Tuesday after determining that the vulnerability is unlikely to be exploited in common situations. "It appears to be there would be an almost zero quantity of servers at risk," said a Sophos cybersecurity executive.
A Ukrainian man is fighting extradition to the United States, where he faces a four-count criminal indictment for his role in operating the Raccoon malware-as-a-service infostealer malware. Dutch authorities arrested Mark Sokolovsky, 26, in March, shows an unsealed indictment.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.
