Security experts told ISMG they were concerned Microsoft could suffer future cyberattacks and threats to its customers after a Russian state hacking group managed to evade detection for several weeks while targeting accounts associated with the company’s top executives.
As cyberthreats evolve, mobile network operators need offensive security to maintain resilience. Traditional security, such as firewalls and encryption, is not sufficient on its own. Offensive security is proactive; it mimics the strategies of real attackers to stay ahead of potential threats.
Russian state hackers obtained access to the inboxes of senior Microsoft executives for at least six weeks, the computing giant disclosed late Friday afternoon. "There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems."
Two tech advocacy groups are pushing the Federal Trade Commission to investigate Google, alleging the company has reneged on a promise it made after the Supreme Court's 2022 overturn of Roe v. Wade to promptly delete location data about users' visits to sensitive places, such as abortion clinics.
The U.S. Cybersecurity and Infrastructure Security Agency directed federal agencies to implement mitigation measures for two zero-day exploits that affect Ivanti’s popular VPN products while they await a patch, in what one official described as "a rapidly evolving situation."
The appearance of Naz.api - a massive collection of online credentials harvested by information-stealing malware that contains 71 million unique email addresses - illustrates the scale at which such data is being collected, shared and sold, security experts warn.
In the latest weekly update, ISMG editors discussed why crypto-seeking drainer scam-as-a-service operations are thriving, a novel legal move that recovered a hospital's stolen data, and a ground-breaking case involving bitcoin that could streamline recovery for victims.
Generative AI, once a buzzword, is now the subject of a focused approach, according to attorney Edward Machin of Ropes & Gray LLP. Organizations are prioritizing specific issues around gen AI and establishing governance frameworks from the outset, Machin said.
Switzerland's federal government reports that multiple federal agencies' public-facing sites were temporarily disrupted by distributed denial-of-service attacks perpetrated by a self-proclaimed Russian hacktivist group "as a means of gaining media attention for their cause."
A federal judge said he is inclined to let proceed a putative class action lawsuit against Meta over its gathering of data from medical center patient portals through a web activity tracking tool. U.S. District Judge William Orrick for the District of Northern California heard arguments.
IT infrastructure mainstays including NetScaler, Atlassian and VMware on Tuesday released fixes for vulnerabilities including some allowing malicious takeover of appliances. NetScaler warned customers Tuesday of two zero-day vulnerabilities that researchers say are being exploited in the wild.
Google released an urgent fix for the first zero-day vulnerability of the year in its Chrome web browser, warning the bug is under active exploitation. Google blamed an out-of-bounds memory access flaw in its V8 JavaScript rendering engine. It also affects Microsoft Edge browser.
The ubiquity and anonymity of cryptocurrencies are fueling economic, legal and ethical challenges that put healthcare entities in the crosshairs of cybercriminals, said David Hoffman, general counsel of Claxton-Hepburn Medical Center, which recently filed a lawsuit against ransomware gang LockBit.
The British data regulator is set to analyze the privacy implications of processing scraped data used for training generative artificial intelligence algorithms. The Information Commissioner's Office is soliciting comments from AI developers, legal experts and other industry stakeholders.
A North Carolina healthcare system has agreed to pay $6.6 million to settle a consolidated class action lawsuit involving its use of tracking tools in its websites and patient portals. The suit alleges the website trackers sent sensitive patient information to third parties without their consent.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.