Suspected nation-state hackers are using that malware researchers say straddles between the line between off-the-shelf and advanced tactics in order to target the U.S. aerospace industry. Researchers from Adlumin in May found the malware on a defense contractor's network.
Dragos has axed 50 workers after longer sales cycles and smaller initial deployment sizes caused the industrial cybersecurity vendor to miss its first quarter revenue target. Dragos revealed plans to reduce its staff by 9% to ensure the company can stay independent through an IPO or Series E round.
A former employee of an Arizona hospital has been sentenced to federal prison and ordered to pay restitution to victims after pleading guilty to criminal HIPAA violations and his participation in an identity theft scam that compromised the data of nearly 500 patients.
The Biden administration stepped up regulatory enforcement against cryptocurrency trading platforms in consecutive lawsuits targeting Binance and Coinbase for alleged violations of securities laws. "We already have digital currency. It's called the U.S. dollar," said U.S. SEC Chairman Gary Gensler.
With the federal government's software bill of materials regulations looming, many organizations are not ready to respond, warned CISO Sean Atkinson of the Center for Internet Security. He provided tips for ensuring transparency in the software supply chain and preparing for SBOM regulations.
Snyk plans to purchase an Israeli startup founded by members of Wix's application security team and backed by CyberArk to help organizations govern developer security. The developer security vendor said its proposed buy of Enso Security will give clients a view of their application security posture.
The Clop ransomware-as-a-service gang said it is behind a spate of hacks taking advantage of a vulnerability in Progress Software's MOVEit managed file transfer application. "We download alot of your data as part of exceptional exploit," the gang says in a misspelled post on its dark web leak site.
Ukrainian cyber defenders say they've identified a cyberespionage campaign active since mid-2022 that gained unauthorized access to "several dozen" computers. A government spokesperson said Tuesday the campaign targets government agencies and media organizations.
The Federal Trade Commission has filed an amended complaint against Kochava, as allowed by a federal judge who last month dismissed the agency's first shot at a lawsuit seeking to permanently stop the data analytics firm from selling geolocation data collected from mobile devices.
Pretexting incidents, a social engineering technique that manipulates victims into divulging information, have nearly doubled, representing 50% of all social engineering attacks, according to Verizon's 2023 Data Breach Investigations Report, which analyzed more than 16,312 security incidents.
Criminals are continuing to wield stolen credentials, compromise attacks, ransomware and social engineering to earn an illicit payday, according to Verizon's latest annual analysis of data breaches and how they happened, which finds that post-ransomware cleanup costs are rising.
Microsoft will pay $20 million to settle a U.S. federal investigation into whether the computing giant violated children's privacy protections during the Xbox Live registration process. The Federal Trade Commission accused the company of a slew of infractions.
Federal regulators have once again smacked a healthcare provider with a HIPAA settlement involving patient protected health information that was disclosed in response to a negative online review. Manasa Health Center will pay $30,000 and implement a corrective action plan, HHS said.
The Iowa Department of Health and Human Services has reported to federal regulators its third major health data breach involving a vendor since April. This time, Iowa HHS/Medicaid says the data of nearly 234,000 individuals was compromised in a mega hack recently reported by MCNA Insurance Co.