Russian hacking group Armageddon has upgraded its skills to simultaneously target several thousand Ukrainian government information systems. CERT-UA said the hackers infected Microsoft Office Word to generate 80 to 120 malicious documents within a compromised system to multiply the infection.
Based on the 1,862 U.S. data breach notifications issued in the first half of this year, 2023 looks set to break multiple records, especially as more breaches come to light due to the Clop ransomware group exploiting a zero-day flaw in widely used MOVEit file transfer software.
As U.S. government agencies migrate operations and apps to multi-cloud environments, there are lessons learned to be gained from their private sector counterparts. John Sellers of Cisco shares some of these lessons, as well as questions government security leaders need to be asking about the cloud.
This week, an IT security worker was sentenced for impersonating a ransomware gang, Deutsche Bank and other financial institutes were hit by Clop ransomware, USB drive malware attacks are on the rise in 2023, and a gaming company is investigating data breach claims and resetting users' sessions.
The Biden administration has released an implementation plan for the long-awaited national cybersecurity strategy it published in March, assigning deadlines and responsibilities for federal agencies across 65 different federal initiatives. Parts of the plan face an uphill battle.
Russia is mulling a ban on iPhone use by government employees after a suspected American intelligence campaign exploited vulnerabilities in the device to spy on Russian staff. The ban is the latest in a slew of similar measures taken by Moscow against Western tech devices.
Security experts say China-based hackers are "leading their peers in the deployment of zero-days" in the wake of another wide-ranging attack that abused a flaw in Microsoft Outlook and used forged authentication tokens to access email accounts of governments in the United States and Western Europe.
Configuration management - especially vulnerability patching - is a significant challenge for many healthcare entities, including some Veterans Affairs medical facilities. A recent watchdog agency security inspection found configuration to be a top weakness at a VA healthcare system in Arizona.
Diplomats in Ukraine shopping for used cars have been targeted with a listing for a "very good condition, low-fuel consumption" 2011 BMW 5 Series. In reality, the listing was designed to push Russian-built malware onto diplomats' systems, security researchers warned.
The threat actor behind the remote access Trojan called RomCom and other pro-Russian groups are targeting Ukrainian agencies and allies ahead of the NATO Summit this week in Vilnius, Lithuania, using weaponized Microsoft documents and typosquatting techniques to deliver the malware.
The European Commission has officially adopted the EU-U.S. Trans-Atlantic Data Privacy Framework, which will enable the free flow of commercial data between Europe and the United States. The framework will go into effect in December and will be subject to yearly review by the European Commission.
A security researcher discovered a Bangladesh government web portal that exposed the personal information of about 50 million citizens, including their birth registration records, phone numbers and national identity numbers. His efforts to notify the government of the security flaw went unanswered.
Francisco Partners plans to split Forcepoint's government and commercial security practices, selling the former to TPG for $2.45 billion. The deal represents an impressive return on investment for Francisco Partners, which bought all of Forcepoint from Raytheon in January 2021 for just $1.1 billion.
The French government is pursuing a new law that will grant the country's law enforcement agencies sweeping power to snoop on suspected cybercriminals and other online miscreants by remotely accessing their phones and computers. The measure is now headed to the French National Assembly.
The personal information of nearly 35 million Indonesian passport holders is up for sale on the dark web for $10,000 by notorious hacktivist Bjorka, who routinely criticizes the Indonesian government, publishing damaging information about lawmakers on social media. The government is investigating.