A December cyberattack on Ukraine's top telecom operator, which authorities in Kyiv attribute to the Russian military, will cost the parent company nearly $100 million. Ukraine in mid-December accused the Russian General Staff Main Intelligence Directorate of perpetuating the incident.
Skateboarding shoe and outdoor apparel maker VF Corp. said data pertaining to 35.5 million customers appears to have been stolen in a data breach the company detected and disclosed last month. The breach disrupted e-commerce order fulfillment as well as inventory replenishment at retail stores.
The appearance of Naz.api - a massive collection of online credentials harvested by information-stealing malware that contains 71 million unique email addresses - illustrates the scale at which such data is being collected, shared and sold, security experts warn.
In the latest weekly update, ISMG editors discussed why crypto-seeking drainer scam-as-a-service operations are thriving, a novel legal move that recovered a hospital's stolen data, and a ground-breaking case involving bitcoin that could streamline recovery for victims.
Generative AI, once a buzzword, is now the subject of a focused approach, according to attorney Edward Machin of Ropes & Gray LLP. Organizations are prioritizing specific issues around gen AI and establishing governance frameworks from the outset, Machin said.
Researchers uncovered a critical vulnerability in graphic processing units of popular devices that could allow attackers to access data from large language models. They dubbed the vulnerability LeftoverLocals and said it affects the GPU frameworks of Apple, AMD and Qualcomm devices.
Arati Prabhakar, director of the White House's Office of Science and Technology Policy, said during an event at the 2024 World Economic Forum that generative artificial intelligence has the potential to "dramatically accelerate and amplify the erosion of information integrity."
A U.S. federal agency tasked with ensuring the secure transportation of energy and hazardous materials is launching a series of initiatives to address an increase in cyberattacks, a top official said. Watchdogs have warned for years that action is urgently needed to better protect U.S. pipelines.
Hackers aligned with the Iranian state are masquerading as journalists to target Middle East experts and deploy a new custom backdoor that supports the Iranian government's spying agenda. Tehran may be harvesting perspectives on the Israel-Hamas conflict, according to Microsoft.
The United States has no national ID - but mobile driver's licenses could offer a secure, user-centric and privacy-enhancing alternative for online identity verification and help organizations overcome deficiencies in digital identity infrastructure, said Jeremy Grant, managing director at Venable
The American Hospital Association is warning of increasingly sophisticated social engineering scams targeting hospital IT help desks with schemes involving the stolen credentials of revenue cycle and other finance employees to commit payment fraud against the institutions.
This week, Microsoft expanded plans to store EU citizens' data locally, shipping-themed phishing spam is a threat, the British Library overcame a ransomware setback, the FBI warned of Androxgh0st malware, Remcos RAT targeted South Korea, and eBay was fined $3 million for a cyberstalking campaign.
This week, the U.S. SEC assessed its X account hack, attackers stole $3.3M from Socket, Do Kwon got a new trial date, Alex Mashinsky sought to dismiss charges, Google Play Store removed crypto apps for India users, IRS clarified crypto asset reporting and South Korea mulled crypto mixer legislation.
Ireland - home to the European headquarters of a throng of multinational tech companies - is responsible for the greatest amount of aggregate data protection fines - 2.9 billion euros - since the European Union General Data Protection Regulation went into effect.
A Russian domestic intelligence agency hacking group known for long-lasting logon credential phishing campaigns against Western targets is now deploying malware embedded into PDFs, say security researchers from Google. "Coldriver" is using a family of backdoors Google dubs Spica.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.