Chinese threat actors are turning security appliances into penetration pathways, forcing firewall maker Fortinet to again attempt to fend off hackers with a patch. Mandiant researchers say suspected Beijing hackers it tracks as UNC3886 has been targeting chip-based firewall and virtualization boxes.
The Federal Trade Commission's recent actions against two companies in separate health data privacy cases are significant developments signaling the FTC's "aggressive push" to enforce violations involving disclosures of consumer health data to third parties, said attorney Kirk Nahra of WilmerHale.
TikTok says the Biden administration has demanded that the company's Chinese owners divest their stake in the company or risk seeing the app get banned in America. The U.S., Canada, EU, U.K. and New Zealand have all banned the use of TikTok on government devices, citing national security concerns.
In the latest weekly update, ISMG editors discuss how the Silicon Valley Bank crash will affect innovation in the cybersecurity space, why the SEC fined cloud provider Blackbaud $3 million for its "erroneous" breach details, and why the feds fined a web hosting firm in a kids' insurance site hack.
The former parent company of Silicon Valley Bank filed for Chapter 11 bankruptcy protection Friday in an effort to streamline the sale of its assets. Silicon Valley Bank itself isn't included in the reorganization filing since the FDIC took over the commercial banking business on March 10.
A financially motivated hacking group has been exploiting a now-patched zero-day vulnerability in the Windows operating system to deliver ransomware. Google Threat Analysis Group attributed the campaign to Magniber ransomware group. Microsoft issued a patch in its March dump of fixes.
In this week's data breach roundup: medical device manufacturer Zoll, CHU University hospitals, Australian company Latitude Financial, Hawaiian death registry, Los Angeles Housing Authority, Indian Railway ticketing app, updates on U.S. Marshals Service and Congress, and a new ransomware decryptor!
Microsoft and CrowdStrike once again dominate Gartner's Magic Quadrant for Endpoint Protection. Cybereason has risen to the leaders quadrant and Trellix has fallen to a niche player. The endpoint protection market has rapidly matured in recent years - 50% of organizations have already adopted EDR.
Healthcare executives called on Congress to ensure minimum cybersecurity standards, saying a wholly voluntary approach is failing clinics and hospitals. Gaps are widest at small rural hospitals, testified a former hospital CISO before the Senate Homeland Security and Governmental Affairs Committee.
Federal regulators initiated a probe of social media after accusing firms such as Facebook of presiding over a surge in advertising fraud including ads for sham healthcare products. Sham ads "can pose real dangers," including by spreading health disinformation, said Commissioner Rebecca Slaughter.
The U.K. government recently embarked on a plan to create its own version of the EU's General Data Protection Regulation, but attorney Jonathan Armstrong says he is "pretty skeptical" that this second attempt at privacy reform will successfully make it through the country's Parliament.
What happens next in Russia's all-out invasion of Ukraine isn't clear, but experts have been tracking signs that Moscow may be preparing for intensified cyber operations ahead of a spring offensive, developing new wiper malware and getting ready to interfere in European elections and foreign policy.
Australian personal lending provider Latitude Financial Services disclosed to regulators on Thursday hacking incidents affecting more than 300,000 consumers. "Sophisticated" hackers made off with nearly 103,000 driver's licenses and an additional 225,000 "customer records," the company said.
Every week, ISMG rounds up cybersecurity incidents in the world of digital assets. In focus between March 10 and 16: a ChipMixer takedown, Euler Finance and Poolz Finance hacks, bugs on 280 blockchains, Dero coin, and a report from the Financial Action Task Force on ransomware financing.
Microsoft's March dump of patches fixes two actively exploited zero-day vulnerabilities, including a critical issue in Outlook that Russian threat actor APT28 has used to target European companies. The vulnerability can be exploited before a user views the email in the Preview Pane.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.