#InformationSecurity

U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks

by

April 12, 2024 at 12:45AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued emergency directive 24-02, urging federal agencies to look for signs of compromise and take preventive measures after the recent Microsoft system compromise by the Russian group Midnight Blizzard. The directive emphasizes analyzing exfiltrated emails, resetting compromised credentials, and applying stringent security … Read more

Alethea Raises $20 Million for Disinformation Detection and Mitigation Solution

by

April 11, 2024 at 06:12AM Alethea, a company specializing in disinformation and threat detection, raised $20 million in a Series B funding round, bringing total investment to $34 million. The latest funding from GV, Ballistic Ventures, and Hakluyt Capital will enhance the Artemis product, leveraging AI to identify risks and provide early warning for cyberattacks, … Read more

Home Depot confirms data theft after crook threatens to dump inside info online

by

April 8, 2024 at 02:12PM Home Depot confirmed a third-party vendor inadvertently exposed some employees’ personal details, including names and email addresses. The retailer’s disclosure follows a data dump by a crook on BreachForums. While the intrusion didn’t affect business operations or customer data, the stolen info could be used for credential theft. The same … Read more

Puppies, kittens, data at risk after ‘cyber incident’ at veterinary giant

by

April 8, 2024 at 10:37AM Cyber attackers targeted CVS Group, which operates vet practices, resulting in a “cyber incident” with a potential data theft and clinical care disruption. The company’s response involved isolating the incident and engaging external security experts. The incident affected operations, prompting the company to accelerate its cloud migration. Integrity updates and … Read more

Change Healthcare faces second ransomware dilemma weeks after ALPHV attack

by

April 8, 2024 at 09:03AM Change Healthcare is reportedly facing a second ransomware attack by RansomHub, demanding a payment to avoid data exposure. This follows a previous attack by ALPHV, which the company allegedly paid $22 million to. Questions arise regarding why this has happened and theories suggest the initial payment may have led to … Read more

In Other News: 100,000 Affected by CISA Breach, Microsoft AI Copilot Ban, Nuclear Site Prosecution

by

April 5, 2024 at 09:06AM SecurityWeek’s cybersecurity news roundup offers a weekly compilation of noteworthy stories in the cybersecurity landscape, including the CISA breach affecting 100,000 people, the US House banning Microsoft AI Copilot, and the prosecution of a UK nuclear waste site for cybersecurity failures. Other stories include a report on the LockBit ransomware … Read more

New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware

by

April 4, 2024 at 12:15PM Rhadamanthys, an information-stealing malware, is being used in phishing campaigns targeting the oil and gas sector. The phishing emails use a unique lure, claiming to be from the Federal Bureau of Transportation. This campaign appears to be an evolution of the malware, possibly linked to the LockBit ransomware group. Additionally, … Read more

Security pioneer Ross Anderson dies at 67

by

April 3, 2024 at 08:55AM Computer scientist and security expert Ross Anderson, a revered professor at the University of Cambridge, has passed away at 67. He was celebrated for his extensive work in information security and cryptography, influencing real-world technologies and authoring the renowned book “Security Engineering.” Anderson’s legacy extends to advising tech policies and … Read more

NIST Wants Help Digging Out of Its NVD Backlog

by

April 2, 2024 at 04:59PM The National Vulnerability Database is struggling to keep pace, prompting the agency to seek a public-private partnership for future management. Based on the meeting notes, the key takeaway is that the National Vulnerability Database is struggling to keep up, and there is a proposal for a public-private partnership to take … Read more

OWASP discloses data breach caused by wiki misconfiguration

by

April 1, 2024 at 03:29PM The OWASP Foundation has reported a data breach involving the exposure of some members’ resumes due to misconfiguration of its old Wiki web server. Tens of thousands of members were affected, with personal information like names, emails, and addresses exposed. OWASP took steps to address the breach and will notify … Read more