Here's one reason why Iranian state hackers may have been able to target Israeli-made pressure-monitoring controllers used by American water systems: Nearly 150 of the controllers are exposed to the internet - and some still use the default password 1111.
In the latest weekly update, Joe Sullivan, CEO of Ukraine Friends, joins three editors at ISMG to discuss the challenges of being a CISO in 2024, growing threats from disinformation, vulnerabilities in MFA, AI's role in cybersecurity, and the obstacles to public-private information sharing.
Fortinet warned Thursday that hackers have exploited a vulnerability in the operating system powering its virtual private network and urged customers to apply a patch or disable the appliance. State threat actors, including hackers from China, are targeting gateway devices in increasing numbers.
Fifty data breach lawsuits tied to the Clop ransomware group's supply chain attack against GoAnywhere file transfer software from Fortra have been consolidated by the U.S. Judicial Panel on Multidistrict Litigation into a single case in the Southern District of Florida.
The Dominican Republic earlier this month extradited to France a suspected administrator of now-defunct encrypted messaging service EncroChat. The extradition is the latest in a series of actions European authorities have been taking against EncroChat users since authorities penetrated its network.
National Cyber Director Harry Coker said the administration is introducing a new set of "liability regimes" to hold software providers accountable for deploying unsafe systems, but experts say processes to prove that manufacturers are invested in security already exist.
Data security vendor Cohesity will acquire the data protection business of Veritas in a stock and debt transaction resulting in a combined firm by the end of this year, the companies announced Thursday. The deal values the combined company at approximately $7 billion.
U.S. federal authorities are again warning the healthcare sector about threats from the Akira ransomware group. The latest alert comes on the heels of several recent attacks by the gang, including one last month on Bucks County, Pennsylvania, which affected an IT system used by emergency responders.
This week, the U.S. banned AI robocalls, researchers discovered a Linux bootloader flaw, France investigated health sector hackings, the feds offered money for Hive information, Verizon disclosed an insider breach, Germany opened a cybersecurity center, and cyberattack victims reported high costs.
Venture capital investor Pramod Gosavi discussed the drawbacks of relying on network-centric cybersecurity solutions that are driving up costs. He recommended proactive strategies, such as zero trust, that emphasize minimal access and continuous verification and investments in AI-based technologies.
This week, SIM swappers were linked to the FTX hack, AI-generated fake IDs likely bypassed crypto KYC checks, the Treasury addressed the illicit use of crypto, the SEC increased crypto oversight, Quantstamp released January's crypto hack statistics, and South Korea introduced a crypto crime law.
Meta-owned online marketplaces are swarming with scammers who use deceptive ads to defraud banking customers, fraud prevention heads at leading British banks testified before a U.K. Parliament committee. They called on the social media giant to roll out stronger fraud prevention measures.
Entrust, a pioneer payment, identity and data security software and services provider, is in talks to acquire Onfido, a pioneer in cloud-based, AI-powered identity verification technology, for a reported $400 million. The combined solution will help customers fight identity fraud.
Software developers are in a race against time to patch a flaw that could result in supply chain attacks, warned the integrated development environment maker JetBrains, which on Monday released an urgent patch for an authentication bypass flaw in its CI/CD TeamCity product.
Silicon Valley giant Google agreed to settle for $350 million a shareholder lawsuit alleging it mislead investors by attempting to cover up a privacy flaw in now-defunct social network Google+ that resulted in outside applications having access to private profile information.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.