Enterprise software firm JumpCloud says a sophisticated nation-state threat actor is behind a security incident that targeted a small and specific set of customers last week. JumpCloud reset all of its API keys, potentially affecting thousands of customers including Cars.com and GoFundMe.
In the latest weekly update, ISMG editors discuss the complex task of phasing out magnetic stripe payment cards and why the United States lags behind, the great debate over best of breed vs. a single platform vendor approach, and AI insights from Palo Alto CIO Meerah Rajavel.
To rethink security strategies, enterprises should tap into edge computing, adopt technologies such as generative AI and ensure "secure by default" practices, said Fastly Vice President Sean Leach. He discussed the evolving risk landscape and third-party providers' role in managing security.
This week, an IT security worker was sentenced for impersonating a ransomware gang, Deutsche Bank and other financial institutes were hit by Clop ransomware, USB drive malware attacks are on the rise in 2023, and a gaming company is investigating data breach claims and resetting users' sessions.
Threat actors are using dedicated mobile Android OS device spoofing tools to defraud customers of online banking, payment systems, advertising networks and online marketplaces globally. Resecurity observed cybercriminals using spoofing tools to exploit stolen cookies and access victims' systems.
Plaintiffs filed the first of what will likely be many more proposed class action lawsuits against HCA Healthcare just two days after the hospital chain publicly disclosed a hacking incident involving the posting of information for potentially 11 million patients on a dark web forum.
Between July 6 and 13, Multichain saw unauthorized outflow of $125 million, the DOJ announced its first DeFi smart contract-focused indictment, Silk Road boss Ross Ulbricht's aide and two others were sentenced, and the FTC and SEC turned up the heat on Celsius.
Cryptocurrency is the lifeblood of ransomware gangs, and their illicit use of crypto could hit record numbers this year. While overall crypto proceeds, including from crimes such as scams, fell dramatically over the past year, ransomware funds are expected to hit $899 million in 2023.
British prosecutors have accused two teenagers of several high-profile hacks while being part of the now-inactive, teenager-dominated Lapsus$ hacking group, clearing the way for their legal prosecution. The two suspects face charges related to blackmail, fraud and Computer Misuse Act violations.
Microsoft released the largest set of patches of the year - software updates for 132 vulnerabilities, including six zero-days. Microsoft rated nine of the flaws as having critical severity, 121 as being important and eight as being linked to critical remote code execution vulnerabilities.
The growing list of MOVEit cyberattack victims has grown. Sixty-two clients of Big Four accounting firm Ernst & Young now appear on the Clop ransomware group's data leak site. A spokesperson for Ernst & Young confirmed that a "limited" attack on the company's systems had occurred.
A new malware campaign powered with multistage attack methodology is targeting businesses in the LATAM region using specially crafted modules. The newly identified Trojan, dubbed Toitoin, follows a six-stage attack plan in which each stage is custom-designed to carry out malicious activities.
Spanish law enforcement authorities said they have brought down a cybercriminal ring that deployed a range of hacking techniques to target banking customers. The group operators extorted 100,000 euros and offered crime as a service to other criminals, the police said.
Information on up to 11 million patients of hospital chain HCA Healthcare is up for sale on a dark web forum. HCA Healthcare on Monday confirmed an incident involving data theft from an external location used to automate the formatting of email messages but said it is still investigating.
A security researcher discovered a Bangladesh government web portal that exposed the personal information of about 50 million citizens, including their birth registration records, phone numbers and national identity numbers. His efforts to notify the government of the security flaw went unanswered.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.