CampusCoin Student Feed Aggregator

+ Alleged LockBit Coder Faces 41-Count Indictment in US—US Seeks Extradition of Dual Russian and Israeli Citizen Rostislav Panev from Israel A newly unsealed U.S. federal indictment against Rostislav Panev...

+ Editors' Panel: Cybersecurity 2024 - Thanks for the Memories—Looking Back on the Ransomware Attacks, Resilience Lessons and Tech Trends In the latest weekly update, ISMG editors discussed defining cybersecurity...

+ Federal Cyber Operations Would Downgrade Under Shutdown—Government Shutdown Could See Thousands of Federal Cyber Workers Furloughed A looming shutdown could sharply reduce the Cybersecurity and Infrastruct...

+ Siemens Warns of a Critical Vulnerability in UMC—Heap Overflow Flaw Threatens Industrial Control Systems Globally Siemens issued a security advisory for a vulnerability affecting industrial control ...

+ Atos Completes Financial Restructuring—Paris IT Services Giant Reduces Debt by 2.1 Billion Euros French IT services giant Atos announced Thursday the completion of a financial restructurin...

+ Romanian Sentenced to 20 Years for NetWalker Ransomware—Daniel Hulea Orchestrated Attacks Targeting Businesses During the COVID-19 Pandemic A U.S. federal court sentenced a Romanian man to 20 years in a U....

+ Managed XDR, AI and SMB Defense: Barracuda CEO Shares Vision—Barracuda CEO Hatem Naguib Shares Strategies for Email Protection, Managed Services With cyberthreats becoming more sophisticated, Barracuda CEO Hate...

+ Live Webinar | Supercharge Your ServiceNow CMDB with Complete and Real-Time Data

+ CISA: 2035 Quantum Encryption Deadline Still Achievable—CISA Says 2035 Quantum Deadline Remains Achievable Despite Recent Breakthroughs The federal government’s 2035 mandate to adopt quantum-resistant encr...

+ HHS Urges Health Sector to Beef Up OT, IoMT Security—Feds Warn That Connected Devices Are Prey for Cyberattackers The security of medical devices has been getting most of the attention from regulators i...

+ How Infoblox Streamlines Operations Across Hybrid Settings—Infoblox CEO Scott Harrell Pushes Unified Strategy Amid Hybrid Cloud Convergence Scott Harrell, CEO of Infoblox, explores the convergence of network ...

+ Crypto Roundup: LastPass Breach Linked to $5.4M Crypto Theft—Also, CoinLurker Malware Steals Data via Fake Updates Every week, Information Security Media Group rounds up cybersecurity incidents in digital asset...

+ UK ICO Criticizes Google Advertising Policy Update—Data Protection Authority Says Change Isn't Green Light for Device Fingerprinting The U.K. data regulator blasted Google Thursday for a changes to po...

+ SailPoint Buys Imprivata IGA Assets to Boost Healthcare—Identity Governance Acquisition Expands SailPoint's Healthcare Portfolio Globally The acquisition of Imprivata’s identity governance portfolio marks ...

+ Breach Roundup: US Seeks Extradition of Alleged LockBit Coder—Also: Interpol Says 'Pig Butchering' Shames Victims, A Data Leak Scandal in Mexico This week, U.S. asks Israel to extradite an alleged LockBit coder,...

+ Critical Flaws Expose 25,000 SonicWall Devices to Hackers—Many SonicWall Firewalls Are Unsupported or Lack Patches for Known Vulnerabilities Thousands of SonicWall network security devices remain exposed wit...

+ Proposed UK White Hat Legal Shield Fails in House of Lords—Amendment to Computer Misuse Act Fails During Bloc Vote A proposed amendment to British anti-hacking law that would have provided a legal shield to w...

+ Opswat Expands Critical Infrastructure Defense With Fend Buy—Data Diodes Enhance Air-Gapped Network Security, Deliver Advanced Network Isolation Opswat's acquisition of Fend integrates advanced hardware-based s...

+ US CISA Endorses Encrypted Apps Amid Chinese Telecom Hack—CISA Recommends Strict Mobile Security Measures Following Salt Typhoon Telecom Hack The Cybersecurity and Infrastructure Security Agency's latest gui...

+ Key Raccoon Figure Receives 60-Month U.S. Prison Sentence—Ukrainian Mark Sokolovsky Pleaded Guilty in October A Ukrainian national who was a key figure in the Raccoon malware-as-a-service criminal operation ...

+ Live Webinar | Get Ahead and Stay Ahead of Threats with Tanium and Microsoft

+ Streamlining Retail IT Operations: Protecting Your Brand While Reducing Costs

+ Live Webinar | Transforming SOCs with Speed, Scaling and Security Innovation

+ Attack Exposure: Unpatched Cleo Managed File-Transfer Software—At Least 200 Servers Still Vulnerable as Ransomware Group Claims Mass Exploits More than 200 Cleo managed file-transfer servers remain internet-expos...

+ Live Webinar | From Risky to Resilient: Proactive Strategies for Program De-Risking and Audit Readiness

+ Australia to Phase Out Weak Encryption Algorithms by 2030—Regulators Say NIST's 2035 Deadline for Insecure Encryption Could Be Too Late Australia has rolled out an ambitious roadmap to prepare for future qua...

+ CISA Orders Secure Cloud Configurations for Federal Agencies—Federal Agencies Tasked with Adopting New Cloud Security Policies Beginning in 2025 The Cybersecurity and Infrastructure Security Agency is requiring...

+ Sonar Expands to Third-Party Code Security with Tidelift Buy—Deal Targets Open Source Library Risks in Software Supply Chain, Boosts DevSecOps The integration of Tidelift into Sonar's ecosystem will enhance sof...

+ Espionage Campaign Targets Turkish Defense Industry—APT Group Uses Sophisticated Attack Chain to Deploy WmRAT and MiyaRAT A suspected South Asian threat actor targeted a Turkish defense organization, ...

+ Meta Fined 251 Million Euros by Irish DPC for 'View As' Flaw—Meta Vows to Appeal The Irish data regulator fined social media platform Meta 251 million euros over a 2018 hack that exposed sensitive data of milli...

+ Nebraska AG Files 1st State Lawsuit in Change Health Breach—More States Likely To Push Similar Legal Claims Against Change Healthcare and UHG UnitedHealth Group is facing scores of proposed class action lawsui...

+ FBI Warns of HiatusRAT Targeting Vulnerable IoT Devices—Malware Targets Vulnerable Web Cameras and DVRs Worldwide Hackers are deploying brute force attacks and using unpatched vulnerabilities to target Chi...

+ Webinar | AI-Driven Security: Building a Platform-Based Defense Against Evolving Cyber Threats

+ Ransomware Defender Risk: 'Overconfidence' in Security Tools—CISOs at Organizations That Fell Victim Have a Different Story, 451 Research Finds Are your defenses against ransomware good enough to survive contac...

+ Arctic Wolf to Buy Cylance for $160M to Boost AI-Driven XDR—Deal With BlackBerry Integrates EDR for Hybrid XDR Platform for Midmarket Customers Arctic Wolf is acquiring Cylance from BlackBerry for $160 million...

+ Winnti-Like Glutton Backdoor Targets Cybercriminals—Malware Exploits Cybercrime Ecosystem for Profit Hackers are using a variant of a backdoor that's the hallmark of a Chinese threat actor suspected of...

+ CISA Urges Enhanced Coordination in Incident Response Plan—Draft National Response Plan Offers Flexible Coordination Strategies Across Sectors A draft update to the National Cyber Incident Response Plan aims ...

+ European Union Sanctions Russian Malicious Cyber Actors—Trading Bloc Includes Doppelganger Actors and GRU Unit 29155 in Sanctions List The European Union sanctioned Russian intelligence hackers and two Kre...

+ Why AI Adoption Stalls: Data, Talent and Strategy Gaps—Brett Barton of Unisys on Bridging the AI Readiness Gap for Competitive Advantage More than 93% of organizations believe AI will be a permanent part ...

+ Live Webinar Tomorrow | Unlocking the Power of Automation in Modern Cyber Defense

+ German BSI Disrupts Android Malware Infecting IoT Devices—Around 30,000 German IoT Infected from Backdroored Android Applications The German federal information security agency disrupted a botnet that infect...

+ ISMG Editors: CEO Shooting Sparks AI Accountability Debate—Also: How Leading Cybersecurity Firms are Gearing up for 2025 In the latest weekly update, ISMG editors discussed the shooting death of the UnitedHea...

+ Hackers Steal 17M Patient Records in Attack on 3 Hospitals—IT Outage, Downtime Procedures Affecting Services at California Healthcare Provider Cybercriminals claim they stole 17 million patient records from a...

+ Researchers: Iranian Custom Malware Targets Fuel Systems—An Iranian state hacking group is using custom malware to compromise IoT and OT infrastructure in Israel and the United States. An attack wave from Is...

+ Live Webinar | Active Directory Under Attack: How to Build a Resilient Enterprise

+ Artificial Intelligence Looms Large at Black Hat Europe—Open Questions: What's Next Killer Use Case? Can Output Be Better Validated? The topic of AI reality versus hype, as well as what the next killer use...

+ Crypto Roundup: Crypto Pros Targeted With Fake Meeting Apps—Also: Australia Fines Kraken AU$8 Million Over Breaches This week, scammers targeted crypto workers with fake meeting apps, Australia fined Kraken cr...

+ Crypto Roundup: Crypto Pros Targeted with Fake Meeting Apps—Also, Australian Fines Kraken AU$8 million Over Breaches This week, scammers targeted crypto workers with fake meeting apps, Australia fined Kraken c...

+ Russia Used Borrowed Spyware to Target Ukrainian Troops—Secret Blizzard Used Third-party Amadey Bots to Hack Ukrainian Military Devices A Russian state-backed hacker group used third-party data-stealing bo...

+ US Indicts 14 North Koreans in IT Scam Funding WMD Programs—DOJ Indicts North Korean IT Workers for Using Remote Jobs to Fund Weapons Programs U.S. federal prosecutors indicted 14 North Koreans for a long-runn...

+ Unlocking Compliance: The Role of SBOMs in Modern Software Development

+ New Malware Framework Targets Cleo File Systems—Possible Long-Term Attack by Unknown Hackers Thwarted Hackers exploiting flaws in Cleo Communications software instances had intimate knowledge of th...

+ Experts Call for Overhaul of National Cyber Director Role—Cybersecurity Experts Push for Clearer Mission, Expanded Authority, More Resources Cybersecurity experts are urging a revamp of the Office of the Nat...

+ NY Health Group Fined $550K in Unpatched Vulnerability Hack—AG Says HealthAlliance Tried But Failed to Fix Zero-Day Flaw That Led to Exploit New York State has levied a $550,000 fine against a healthcare group...

+ Checkmarx CEO: Evolving Supply Chain Threats Demand Action—Checkmarx's Sandeep Johri Details Malicious Code, AI Risks in Application Security As software complexities grow, supply chain security is now essent...

+ Hackers Exploiting Cleo Software Zero-Day—Attackers Target Managed File Transfer Software Vulnerabilities File transfer software made by Cleo Communications is under active attack and a patch...

+ Google Gemini 2.0 Introduced With Advanced AI for Developers—Multimodal Agentic AI Delivers Speed, Tools and Research Prototypes Google's latest AI model can natively process and output text, images and audio i...

+ Ransomware Hackers Exploiting Cleo Software Zero-Day—Attackers Target Managed File Transfer Software Vulnerabilities File transfer software made by Cleo Communications is under active attack and a patch...

+ AI Meets Fraud Prevention in LexisNexis-IDVerse Acquisition—LexisNexis Combines AI-Driven Document Authentication With Its Fraud Solutions To counter AI-driven fraud, LexisNexis acquired IDVerse, a London-base...

+ Clearinghouse Pays $250K Settlement in Web Exposure Breach—Inmediata Health Group Has Paid $2.7M in Fines, Civil Claims for 2019 HIPAA Breach A breach that exposed the personal information of nearly 1.6 milli...

+ Chinese APT Groups Targets European IT Companies—Evidence Mounts for Chinese Hacking 'Quartermaster' A probable Chinese nation-state threat actor compromised Visual Studio Code and Microsoft Azure c...

+ Cybersecurity Gadgets to Hack Your Holiday Gift List—Tech and Training Ideas to Help Cyber Professionals Advance Their Skills If you're a cybersecurity professional trying to come up with ideas for your...

+ Krispy Kreme Discovers Cybersecurity Hole—Publicly Traded Firm Discloses 'Material' Incident to US Federal Regulators Fried dough lovers beware: doughnut juggernaut Krispy Kreme told U.S. fed...

+ Black Hat Europe: Chaos Puts Cybersecurity in the Hot Seat—Accelerationism Drives Questions of Control for Cybersecurity and the Internet With everything in the world lately seeming to reach end states faster...

+ Predictive AI and the Future of Fleet Maintenance—Sarvant Singh of Penske Transportation Solutions on AI-Powered Fleet Optimization Predictive AI solutions can now anticipate maintenance needs before...

+ From Silos to Synergy: Gen AI Aligns IT and Security Teams—Druva CTO Stephen Manley on AI's Role in Modern Data Security Historically, IT and security teams have operated in silos, creating gaps in knowledge ...

+ Financial Sector Turning to Multi-Cloud Strategies—Report: Financial Orgs Shift to Multi-Cloud to Address Cyberthreats and Regulation Financial institutions are increasingly adopting multi-cloud strat...

+ Citrix Acquisitions Boost Zero Trust Defense for Hybrid Work—deviceTRUST, Strong Network Acquisitions Improve Zero Trust, Developer Protections Citrix enhances its security for hybrid work by acquiring deviceTR...

+ Financial Sector Turning to Multi-Vendor Cloud Strategies—Report: Financial Orgs Shift to Multi-Cloud to Address Cyber Threats and Regulation Financial institutions are increasingly adopting multi-cloud stra...

+ Citrix Acquisitions Boost Zero-Trust Defense for Hybrid Work—deviceTrust, Strong Network Acquisitions Improve Zero Trust, Developer Protections Citrix enhances its security for hybrid work by acquiring deviceTr...

+ Hospital Notifies 316,000 of Breach in Christmas 2023 Hack—Cybercriminal Gang Money Message Claims Credit, Publishes Stolen Records A Massachusetts hospital is notifying 316,000 people that their information ...

+ OpenWrt Update Flaw Exposed Devices to Malicious Firmware—Embedded Device Operating Sytem Had Flaw Allowing Hacers to Bypass Integrity Check A critical flaw in the updating service of a popular Linux operati...

+ US Indicts, Sanctions Alleged Chinese Sophos Firewall Hacker—Tianfeng Guan Allegedly Developed Zero-Day Exploit of Sophos XG Firewall The U.S. federal government rolled out its heavy guns Tuesday against a Chin...

+ Satya Nadella's Vision for Microsoft: AI, AI and AI—Copilot Enhancements and Other Key Announcements From Microsoft Ignite 2024 Advanced AI took the center stage at Microsoft Ignite 2024. Reflecting on...

+ Astrix's $45M Series B Targets Non-Human Identity Security—Startup Aims to Secure AI Agents, Expand Global Reach, Do User Access Management Astrix raises $45 million to advance AI agent security and expand it...

+ Astrix's $45B Series B Targets Non-Human Identity Security—Startup Aims to Secure AI Agents, Expand Global Reach, Do User Access Management Astrix raises $45 million to advance AI agent security and expand it...

+ Shaping the Future: How Gen AI Is Transforming 3D Design—Autodesk and AWS Are Driving the Next Generation of AI-Powered Design Innovation At AWS re:Invent 2024, Autodesk unveiled its innovative vision for g...

+ Moody's: Hackers Aim for Big Payouts, Supply Chain Attacks—Big Game Hunting Will Intensify in 2025, Says Credit Rating Agency Improved cybersecurity will result in ransomware hackers targeting larger organiza...

+ Rhode Island Schools Deploy DNS Service to Tackle Ransomware—Rhode Island Becomes First State to Shield Students from Cyber Risks with New Tool Rhode Island will become the first state in the nation to launch a...

+ FDA Urges Blood Suppliers to Beef Up Cyber—Bulletin Comes In Wake of Recent Attacks Disrupting Blood Collection, Supplies The Food and Drug Administration is urging blood suppliers - a recent ...

+ Are We Winning Against Cybercriminals or Losing?—InfoSec Officer Shervin Evans on the State of Cyberdefense, Meeting the Challenges Cybercriminals are launching relentless attacks. The potential for...

+ Previewing Black Hat Europe 2024 in London: 20 Hot Sessions—From Automotive Exploits and Bootloader Bugs to Cybercrime and 'LLMbotomy' Trojans Black Hat Europe returns to London with more than 45 keynotes and ...

+ Live Webinar | The New Data Landscape: Navigating the Shift to AI-Ready Data

+ Spyware Campaign Targets Sino Minority Groups Via WeChat—Possible Chinese State-Sponsored Exploit Kit Using Browser Flaws to Deploy Spyware A possible Chinese state threat group is targeting vulnerabilities...

+ Here's Where Top Cybersecurity Vendors Stand as 2025 Nears—Palo Alto, CrowdStrike, Zscaler Eye Firewall, SIEM Replacement, Incident Recovery Three of the world's largest pure-play cybersecurity vendors recent...

+ Spyware Campaign Targets Sino Minority Groups via WeChat—Possible Chinese-state sponsored Exploit Kit Using Browser Flaws to Deploy Spyware A possible Chinese-state threat group is targeting vulnerabilities...

+ Insider Breach, Email Attacks Net $1.7M in HIPAA Fines—Incidents at Pain Management Firm, Pediatric Hospital Affect 50,000 People An insider breach at a Florida pain management firm and an email breach at...

+ Trump's AI, Crypto Czar David Sacks Faces Conflict Scrutiny—David Sacks Appointed as Trump's AI and Crypto Czar Amid Growing Industry Concerns President-elect Donald Trump's appointment of former PayPal execut...

+ Dutch Counter-Ransomware Initiative Led to Global Takedowns—Project Mellissa Contributed Toward Disruptive Actions A Dutch public and private sector anti-ransomware initiative has contributed to ransomware dis...

+ Protecting the C-Suite in the Wake of UHC CEO's Murder—The torrents of public hostility directed at health insurers in the aftermath of UnitedHealthCare CEO Brian Thompson's murder are serious signs of int...

+ Weaponized AI: Hot for Fraud, Not for Election Interference—FBI Sees Rising AI-Enabled Fraud; Meta Reports Scant Election Interference Use Artificial intelligence: What's it good for? Per the old song about wa...

+ Cryptohack Roundup: Solana npm Package Attack's Wallet Risks—Also, Man Who Stole $3.5M of Cloud Computing to Mine $1M in Crypto Pleads Guilty This week, Solana npm package attack, a Brazilian banking giant ente...

+ Cryptohack Roundup: Solana npm Package Attack Risks Wallets—Also, Man Who Stole $3.5M of Cloud Computing to Mine $1M in Crypto Pleads Guilty This week, Solana npm package attack, a Brazilian banking giant ente...

+ CEO's Murder Sparks Outcry Over UHC's Coverage Denials—Shell Casing Inscription 'Deny' Points to Potential Motive in CEO's Killing Law enforcement investigating murder of Brian Thompson, CEO of UnitedHeal...

+ Veeam Closes $2B Offering to Boost Data Resilience, Eyes IPO—CEO Anand Eswaran Talks Investors, Innovation and Data Resilience Leadership CEO Anand Eswaran explains how Veeam's $2 billion secondary offering str...

+ Russian Forces Accused of Secretly Planting Spyware on Phone—Russian Activist for Ukraine Claims Spyware Was Installed While in Custody by FSB A Russian activist says security forces covertly installed spyware ...

+ Breach Roundup: Vodka Maker Bankrupt After Cyberattack—Also: Trinity Didn't Really Hack the Spanish Tax Agency, Law Firm KYL Reports Breach This week, a vodka maker in bankruptcy cited its ransomware atta...

+ Russian APT Hackers Co-Opt Pakistani Infrastructure—FSB Hackers Have Hijacked Others' Command and Control Before A Russian state hacking group hijacked the command and control infrastructure of a Pakis...

+ Mitel MiCollab VoIP Software: Zero-Day Vulnerability Alert—No Patch Yet Available for Second Zero Day to Be Recently Found in VoIP Software Security researchers warn of a newly discovered zero-day vulnerabili...

+ Webinar | The State of Observability in Financial Services

+ Tenable's Amit Yoran Takes Medical Leave; Interim CEOs Named—CFO Stephen Vintz, COO Mark Thurmond to Run Tenable as CEO Yoran Receives Treatment Longtime Tenable CEO Amit Yoran is temporarily stepping aside for...

+ AI and 'Customer Zero' Practices for Enhanced Usability—Barracuda's Siroui Mushegian on Building Resilient Solutions Through Collaboration Barracuda's CIO Siroui Mushegian discusses how Barracuda uses AI a...

+ How to Take the Complexity Out of Cybersecurity—It goes without saying: Business ecosystems are increasingly complex, and so are the cybersecurity systems and strategies deployed to protect them. Bu...

+ Russian Money Laundering Services Busted in UK-Led Operation—French Police Reportedly Detain Accused Ryuk Money Launder Ekaterina Zhdanova An international investigation led by the United Kingdom busted Russian...

+ Experts Warn DHS Surveillance Tech Lacks Privacy Protections—Privacy Advocates Warn of Risks from Expanding DHS Use of AI and Facial Recognition The U.S. Department of Homeland Security is reportedly expanding ...

+ US FTC Cracks Down Geolocation Data Brokers—Gravy Analytics and Mobilewalla Ordered to Implement Stronger Consent Measures Two data brokers pledged to stop using geolocation data gleaned from s...

+ Live Webinar | Cyber Incident Response: Recovery and Review

+ How Hackers Can Manipulate AI to Affect Health App Accuracy—Hackers can potentially use AI to manipulate data that's generated and shared by some health apps, diminishing the data's accuracy and integrity, said...

+ World Wide Work: Landing a Cybersecurity Career Overseas—Tips for Finding and Getting Security Jobs in a Global Market Organizations ranging from multinational corporations to government agencies and intern...

+ AI in Cybersecurity: Insights from Palo Alto Networks Unit 42®—AI is reshaping the fight against digital threats. Learn how attackers are using AI to supercharge malware and social engineering—and how organization...

+ Police Shutter Largest German-Speaking Criminal Marketplace—Crimenetwork Served as a Platform for Illegal Goods and Services German police arrested the suspected administrator of the largest German-speaking un...

+ Bug Bounties: Bringing Hackers and Manufacturers Together—Researcher Lennert Wouters on Benefits of Device Hacking Contests, Collaboration Lennert Wouters, a researcher at KU Leuven University in Belgium, ha...

+ Regulator Accuses AI Video Firm of Deceptive Marketing—IntelliVision Settles With Federal Trade Commission Over Facial Recognition Claims Facial recognition software maker IntelliVision has reached a sett...

+ OnDemand | How to Build Cyber Resilience with Proactive Incident Response Strategies

+ 'Horns&Hooves' Malware Campaign Hits Over 1,000 Victims—Russian Threat Actor Delivers NetSupport RAT, BurnsRAT via Fake Requests A malware campaign targeting Russian retailers and service businesses aims t...

+ Sixgen's Kyrus Acquisition Boosts National Cybersecurity—Buy of Washington D.C.-Area Firm Adds Reverse Engineering, Data Analytics Expertise Sixgen will enhance its cybersecurity operations through the purc...

+ 16 Zero-Days Uncovered in Fuji Electric Monitoring Software—Flaws in Fuji's Tellus and V-Server Software Pose Risks to Critical Infrastructure Security researchers have uncovered 16 zero-day vulnerabilities in...

+ European Police Disrupts Matrix Encrypted Service—Platform Used for Drugs, Arms trafficking, and Money Laundering French and Dutch police led the takedown of an encrypted messaging platform used in i...

+ New Section 1033 Push Banks to Provide Customers with “Financial SIM Card”—Authored by: Matt Kunkel, CEO, LogicGate The Consumer Financial Protection Bureau (CFPB) recently finalized a set of rules that would bring a similar...

+ China Is Outpacing US in Critical Tech Research Investments—Experts Warn China's Tech Rise Could Reshape Global Cybersecurity and Warfare China has surged past the United States in critical technology research...

+ Feds Propose AI 'Guardrails' for Medicare Advantage Plans—Provision Emphasizes Existing Medicare Regs for Equitable Access to Health Services The Centers for Medicare and Medicaid Services has issued propose...

+ Upwind Raises $100M to Thwart Cloud Security Vulnerabilities—Firm Focuses on Runtime Context, AI Enhancements to Counter Evolving Cloud Threats With $100 million in Series A funding, Upwind plans to strengthen ...

+ China Beating US in Critical Technology Research Investments—Experts Warn China's Tech Rise Could Reshape Global Cybersecurity and Warfare China has surged past the United States in critical technology research...

+ Feds Propose AI 'Guard Rails' for Medicare Advantage Plans—Provision Emphasizes Existing Medicare Regs for Equitable Access to Health Services The Centers for Medicare and Medicaid Services has issued propose...

+ SmokeLoader Campaign Targets Taiwanese Companies—Theat Actor Uses Trojan as Infostealer A threat actor is targeting Taiwanese companies using phishing emails and long-standing vulnerabilities to del...

+ Cyber Incidents Hit 3 NHS Hospitals in U.K.—Inc Ransom is Leaking Stolen Data in At Least 2 Attacks, Including Pediatric Info At least three United Kingdom National Health Service hospitals are...

+ Russia Indicts Ransomware Hacker Wanted by the FBI—Suspected LockBit, Babuk Operator Mikhail Matveev Arrested in Russia A prolific ransomware affiliate hacker and developer is facing criminal charges ...

+ Just Like Windows: Linux Targeted by First-Ever UEFI Bootkit - UPDATED—Linux-Targeting Bootkitty Appears More Proof-of-Concept Than Threat, Researchers Say Cybersecurity researchers have discovered the first-ever UEFI bo...

+ Warning: Patch Advantech Industrial Wireless Access Points—Researchers Discover 20 Critical Flaws Attackers Could Exploit in a Variety of Ways Researchers identified 20 critical vulnerabilities in a type of A...

+ EU Nations That Missed NIS2 Deadline Put On Notice—European Commission Opens Infringement Procedures Against 23 EU Member States The European Commission on Thursday opened infringement procedures agai...

+ Just Like Windows: Linux Targeted by First-Ever UEFI Bootkit—Linux-Targeting Bootkitty Appears More Proof-of-Concept Than Threat, Researchers Say Cybersecurity researchers have discovered the first-ever UEFI bo...

+ Privacy Vendor Market Moves From Point to Platform Solutions—PwC's Anirban Sengupta Details Privacy Landscape, Growing Awareness in India Market The privacy vendor market in India is evolving rapidly, as many v...

+ Overcoming Identity and Access Challenges in Healthcare—Third-party access management poses significant cybersecurity risks in healthcare, but continuous identity management and monitoring can help mitigate...

+ The Growing Quantum Threat to Enterprise Data: What Next?—Key Steps for Navigating the Cybersecurity Transition to Quantum-Safe Cryptography As quantum computing continues to evolve, cybersecurity profession...

+ Just Like Windows: Linux Targeted by First-Ever Bootkit—Linux-Targeting Bootkitty Appears More Proof-of-Concept Than Threat, Researcher Say Cybersecurity researchers have discovered the first-ever bootkit ...

+ Breach Roundup: Microsoft Tries Again With Windows Recall—Also: Africa Busts Cybercrime Suspects; Many Smart Devices Lack Update Transparency This week, Microsoft previews its latest attempt to introduce AI-...

+ Cryptohack Roundup: Judge Strikes Down 'Dealer Rule' Change—Also: Python Library Update Steals Credentials; Drug Cartels Launder With Tether This week's cryptohack roundup includes a U.S. federal judge strikin...

+ Trump's Crypto Plans Raise Alarms Over Conflicts of Interest—President-Elect's Crypto Push Fuels Concerns Over Market Stability and Conflicts President-elect Donald Trump's strong cryptocurrency support amid ma...

+ Exposed on the Web: Thousands of Devices, Medical Records—Thousands of unique IP addresses are potentially exposing medical devices, electronic medical records systems and other sensitive healthcare informati...

+ New EU Tech Commissioner to Focus on Tech Sovereignty—Henna Virkkunen Vows to Boost European innovation, Cut Regulations Newly-designed European Union tech commissioner Henna Virkkunen will lead efforts ...

+ T-Mobile Disputes Claims of Chinese Hack on Customer Data—T-Mobile Blocks Hackers But Warns Other U.S. Networks May Be Compromised T-Mobile disputed claims Wednesday that Chinese state-sponsored hackers brea...

+ Script Kiddie 'Matrix' Builds Massive Botnet—Likely Russian Hacker Exploits IoT Vulnerabilities, Many Known for Years An apparent Russian script kiddie is converting widespread security gaps int...

+ US Appeals Court Reverses Tornado Cash Sanctions—Department of Treasury Overstepped its Authority, Fifth Circuit Rules A U.S. federal appeals court ruled U.S. Department of Treasury exceeded its aut...

+ A Hacker’s Take on Automated Threats for Code Chaos

+ When Hackers Meet Tractors: Surprising Roles in IoT Security—How to Find a Career in Industrial IoT - on the Factory Floor or in the Cornfield Cybersecurity once conjured images of IT departments, server rooms ...

+ Victims Must Disclose Ransom Payments Under Australian Law—New Law Calls for Better Reporting, Securing Devices and Critical Infrastructure The Australian government's proposed cybersecurity legislation passe...

+ New Sysdig CEO: Focus on Falco, AI and Fast Threat Response—New Sysdig CEO Bill Welch Aims to Expand Real-Time Response and GSI Partnerships New CEO Bill Welch discusses Sysdig's cloud security strategy, empha...

+ Russian Hackers Target Mozilla, Windows in New Exploit Chain—ESET Discovers Two Major Vulnerabilities Exploited by Russian RomCom Hacking Group Two vulnerabilities in Mozilla products and Windows are actively e...

+ UK NHS Hospital Reports 'Major' Cyberincident—Outpatient Appointments Cancelled at Wirral University Teaching Hospital A U.K. National Heath Service teaching hospital in northwest England reporte...

+ Webinar | The CISO's Guide to a Strong Security Culture

+ Protecting AI Competitive Advantage: From Development to Deployment

+ New York Fines Geico, Travelers $11.3M for Data Breaches—Fines Tied to Wave of 2021 Driver's License Number Theft New York state authorities fined auto insurance giant Geico $9.75 million for failing to pro...

+ OnDemand | The CISO's Guide to a Strong Security Culture

+ Road Blocks in Sustainability Data Management | Live Webinar

+ US National Security Officials Brief Telecom Executives—National Security Officials Share Intelligence on a Cyberespionage Campaign The White House on Friday hosted U.S. telecommunications executives to re...

+ ISMG Editors: China-Linked Espionage Targets US Telecoms—Also: Highlights from ISMG's Financial Services Summit and Key Insights on AI Adoption On the 200th episode of the ISMG Editors' Panel, the team disc...

+ Haveli Purchases AppViewX to Strengthen Identity Automation—PE Firm Takes Majority Stake to Drive Certificate Lifecycle Management Innovation Private equity firm Haveli has purchased a majority stake in AppVie...

+ ISMG Editors: China-Linked Espionage Targets U.S. Telecoms—Also: Highlights from ISMG's Financial Services Summit and Key Insights on AI Adoption On the 200th episode of the ISMG Editors' Panel, the team disc...

+ North Korean IT Workers Using Fake Sites to Evade Detection—Researches Find Deep Ties to North Korea Among Fake IT Services Firms Websites North Korean state actors are using fake websites of foreign technolog...

+ US Cyber Force Surges Global Operations Amid Rising Threats—US Cyber Command Says National Mission Force was Deployed Over 85 Times in 2024 A secretive U.S. military unit has surged its support to partner nati...

+ FDIC Issues Guidance to Areas in Illinois Impacted by Severe Storms—The FDIC has announced a series of steps intended to provide regulatory relief to financial institutions and facilitate recovery in areas of Illinois ...

+ FDIC: Institutions Encouraged to Work with Borrowers Impacted by Shutdown—Five federal regulatory agencies encourage financial institutions to work with customers affected by the federal government shutdown.

+ FFIEC: Statement on End of Microsoft Support for Windows XP—The FFIEC on Oct. 7 issued a joint statement concerning Microsoft's discontinuation of support for its Windows XP operating system as of April 8, 2014...

+ FDIC: Supervisory Approach to Payment Processing Relationships with Merchant Customers—The FDIC is clarifying its policy and supervisory approach related to facilitating payment processing services directly, or indirectly through a third...

+ Why Shoring Up Cyber at Rural and Small Hospitals Is Urgent—When a large hospital in an urban area is shut down by ransomware, the disruption can be significant, but when a rural hospital faces a similar cyber ...

+ Unforeseen Risks to Medical Devices in Ransomware Attacks—While ransomware attacks against medical devices don't happen often, disruptive cyber incidents that affect the availability of the IT systems that me...

+ Study: 92% of Healthcare Firms Hit by Cyberattacks This Year—Healthcare organizations should rethink some of their approach to security, enhancing focus on insider threats, improving cyber awareness training and...

+ How Mega Attacks Are Spotlighting Critical 3rd-Party Risks—Recent mega data breaches involving third-party vendors - such as the Change Healthcare cyberattack - are intensifying the spotlight on critical secur...

+ NIST IoT Device Security Framework to Get an Update—Revised Framework to Address Emerging IoT Risks and Technologies The U.S. National Institute of Standards and Technology plans to revise its Interne...

+ Google AI Tool Finds 26 Bugs in Open-Source Projects—One Vulnerability Had Been Undiscovered for Two Decades, Researchers Said Google researchers used an AI-powered fuzzing tool to identify 26 vulnerabi...

+ Zero Days Top Cybersecurity Agencies' Most-Exploited List—Cybersecurity Officials Urge to Prioritize Fixing These 15 Most-Exploited Flaws Which vulnerabilities need fixing first to best block nation-state an...

+ China's DeepSeek Aims to Rival OpenAI's 'Reasoning' Model—DeepSeek-R1 Struggles with Logic Tests and Is Vulnerable to Jailbreaks Chinese artificial intelligence research company DeepSeek, funded by quantitat...

+ AI-nt Nothing Gonna Break My Defense: Securing Against Automated Attacks

+ Live Webinar | How to Build Cyber Resilience with Proactive Incident Response Strategies

+ Navigating the Unstructured Data Maze: Your Journey Starts Here

+ Will Arrests Squash Scattered Spider's Cybercrime Assault?—Members of Loosely Organized Group Recently Tied to Partnership With RansomHub Will the indictment of five alleged members of the loosely affiliated ...

+ Let's Give Thanks for How Far We've Come - and Forge Ahead!—Cybersecurity Training and Education Must Evolve to Keep Pace With the Profession Over the past few decades, cybersecurity has evolved from a niche c...

+ US Agencies Urged to Combat Growing Chinese Cyberthreat—Experts Call on Feds to Step Up Defense Against Escalating Chinese Threats A panel of cybersecurity experts and top industry officials pushed lawmake...

+ Data Protection Startup Cyera Raises $300M on $3B Valuation—Cyera's Valuation Doubles Amid Expansion From DSPM to DLP, Identity Protection Cyera secures $300M in funding from Accel and Sapphire Ventures, doubl...

+ India Fines WhatsApp $25M, Bans Data Sharing for 5 Years—Competition Regulator Says WhatsApp Users Could Not Opt Out of Data Sharing India's Competition Commission has fined social media conglomerate Meta o...

+ Oklahoma Hospital Says Ransomware Hack Hits 133,000 People—Incident Is Among Growing List of Attacks on Small, Rural Hospitals An Oklahoma hospital quickly restored its IT systems after a ransomware attack in...

+ One Brooklyn Agrees to $1.5M Settlement in 2022 Hack Lawsuit—Health System's Cyberattack Affected More Than 235,000 Patients, Employees, Others A New York state court has approved a preliminary $1.5 million set...

+ CISA Faces Uncertain Future Under Trump—Trump Administration Picks May Test Bipartisan Support for Cybersecurity Agency Newly empowered Republicans in U.S. president-elect Donald Trump's or...

+ Cloud Platform Bugs Threaten Smart Home Security—Researchers Find Exploitable Flaws in the OvrC Platform Security flaws in a cloud platform for remotely configuring and monitoring Internet of Things...

+ ISMG Editors: Ransomware - The Growing Public Health Crisis—Also: Anticipating Donald Trump's Second Term; a Surprising Cybersecurity Merger In the latest weekly update, ISMG editors explored the growing threa...

+ Live Webinar | Phishing Lessons Learned: Candid Conversation with NCA and CISOs

+ How Advances in Cloud Security Help Future-Proof Resilience—Embracing Zero Trust and AI in Cloud Security Zero trust, artificial-intelligence-driven security and automation tools are reshaping how organization...

+ Cyberstarts Program Sparks Debate Over Ethical Boundaries—Scrutiny Over Ethics of Profit-Sharing Prompts End to Cyberstarts CISO Compensation Allegations of conflicts of interest in Cyberstarts’ Sunrise prog...

As of 12/21/24 12:59pm. Last new 12/20/24 6:06pm.  Score: 425