The ICO has imposed a penalty of 7.5 million pounds on Clearview AI Inc. for using scraped U.K. citizen facial images for its facial recognition database. The agency has directed the firm to delete images of all U.K. citizens and to stop scraping data from the open internet.
The healthcare services in the island country of Greenland, an autonomous Danish dependent territory, have been crippled by a cyberattack that began on May 9, 2022. Healthcare executives continue to face IT challenges to date, including lack of access to patient records and email services.
The U.S. Department of Justice has revised its policy on who it charges with violations under the Computer Fraud and Abuse Act. The DOJ now specifies that good-faith security research and researchers cannot be charged under the CFAA because they help improve cybersecurity standards.
An emergency directive from the U.S. Cybersecurity and Infrastructure Security Agency advises all federal agencies in the country to immediately patch and address two vulnerabilities - one with a critical CVSS score and the other with a high score - that affect at least five VMware products.
Poor security configurations, weak controls and gaps in authentication protocols are among the common initial access vectors "routinely exploited" by threat actors, the Five Eyes cybersecurity alliance says. Firms offering cybersecurity services weigh in on the gaps and implementation challenges.
Hundreds of thousands of Konica Minolta printers used in businesses have reportedly been vulnerable to three critical flaws since 2019. Although a patch was available, deployment was delayed as the firmware update required physical access to the printers and COVID-19 made that difficult.
The Five Eyes alliance of cybersecurity authorities from the U.S., U.K., Australia, New Zealand and Canada issued a warning to managed service providers about targeted attacks, advising MSP customers on how to protect sensitive data and reassess their security posture and contractual agreements.
The "financial burden" of a December 2021 cyberattack and the aftereffects of the COVID-19 pandemic forced 157-year-old Lincoln College in Illinois to cease operations on Friday, its president, David Gerlach, says. The school underwent a three-month-long recovery period during enrollment season.
The European Parliament has granted Europol permission to receive and process datasets from private parties and pursue research projects for better handling of security-related cases. Use of these powers will be overseen by the European Data Protection Supervisor and the Fundamental Rights Officer.
As Ukraine continues to be hit by cyberattacks from Russia, the State Service of Special Communication and Information Protection of Ukraine has sought to combat this offensive against the country's critical national infrastructure by going passwordless and using Yubico's security keys.
New cyber incident reporting rules are set to come into effect in the U.S. on May 1. Banks in the country will be required to notify regulators within 36 hours after an organization suffers a qualifying "computer-security incident." What does this mean for banks, and what are the likely challenges?
The Five Eyes intelligence alliance has released a set of the 15 most routinely exploited vulnerabilities in the past year. Nine of the 15 vulnerabilities allow remote code execution, and the rest include privilege escalation, security bypass and path traversal, among other flaws.
Australian software firm Atlassian has issued fixes for a critically rated vulnerability in its Jira software that could allow an unauthenticated attacker to remotely bypass authentication protections in place. Both Jira and Jira Service Management are vulnerable to this bug.
The Conti ransomware group has been targeting the U.S. and its allies since the beginning of the Russia-Ukraine war. But in the latest large-scale attack on a single country, Conti has reportedly targeted at least five Costa Rican government agencies and leaked nearly 40GB of exfiltrated data.
A week after the Spring4shell vulnerability was first detected, security companies Microsoft, Check Point and Akamai have identified exploitation attempts, and Trend Micro has confirmed the first successful attempt - the Mirai botnet leveraging CVE-2022-22965 for its malicious operations.