Canadian Sebastien Vachon-Desjardins received a 20 year prison sentence from a U.S. judge based in Florida after copping to four felonies stemming from a stint as an affiliate of the NetWalker ransomware-as-a-service gang. "This is Jesse James meets the 21st century," said Judge William F. Jung.
A U.S. federal jury found Joe Sullivan, former chief security officer of Uber, guilty of covering up a 2016 data breach that exposed the personal information of tens of millions of account holders. The trial was a landmark, likely marking the first time a chief security officer has faced criminal charges over an...
Paige Thompson, the Capital One hacker known as "erratic," was sentenced to time served and five years of probation following her June conviction in U.S. federal court. The five-time felon exploited a weakness in web application firewalls on AWS accounts to steal data of 100 million individuals.
The Department of Treasury and the Cybersecurity and Infrastructure Security Agency are soliciting comments on whether risks to critical infrastructure from a catastrophic cyberattack - and the concurrent potential for ruinous financial exposure by insurers - should lead to a new federal approach.
Credit card giant Capital One is moving past its 2019 hacking incident as federal regulators stop requiring quarterly updates on efforts to improve cybersecurity and a federal judge signs off on a $190 million settlement in a proposed class action lawsuit.
Public water systems in the United States will continue connecting control systems to the internet despite the risks, members of the House Homeland Security Committee heard today. Water systems need network connectivity for remote repairs, said an official with the National Rural Water Association.
Foreign investment into the U.S. will undergo added scrutiny for its implications to cybersecurity and data protection under an executive order signed by President Joe Biden. The order focuses on potential security risks of direct investors as well as their ties to third parties that may pose risks.
A White House agency today told U.S. federal government IT vendors they must attest to using secure software development techniques. Self-attestation "is a bit of a compliance activity, but it's a pretty light compliance activity," says former federal CISO Grant Schneider.
The U.S. government accused Iran of turning a blind eye to ransomware hackers after indicting three men affiliated with the Islamic Revolutionary Guard Corps. Authorities say their attacks affected critical infrastructure including healthcare centers, transportation services and utility providers.
Security researchers revealed yet another method for stealing a Tesla although the brand is one of the least-stolen cars and among the most recovered once pilfered. The newest example comes from internet of things security company IOActive in an attack involving two people and customized gear.
The United States hit Iran with a new round of sanctions after linking Tehran with the July cyberattack against Albania. The sanctions are more symbolic than material in effect but send a message that hacking U.S. allies has consequences.
Albania cut diplomatic ties with Iran following a July cyberattack that disrupted the country's online governmental services portal. Prime Minister Edi Rama today said he gave Iranian diplomats 24 hours to depart the country after establishing Iranian responsibility for the cyberattack.
The NFL's San Francisco 49ers will notify more than 20,000 Americans that online attackers likely stole their name and Social Security number from the sports franchise's corporate network in a February network security incident. Ransomware-as-a-service group BlackByte took credit for the attack.
Cyber criminals are running scripting attacks on e-commerce sites that attempt to complete small payments by automatically inputting payment card numbers based on the Ally Bank identification number. There are no indications of a data breach at Ally Bank, says a source close to the fraud detection.
The U.S. Consumer Financial Protection Bureau is warning lenders they can be liable for data breaches for causing consumers "substantial injury." To avoid liability, the bureau recommends that banks implement multifactor authentication and especially Web Authentication.