Credential harvesting attackers are taking advantage of a distributed file protocol to distribute customized phishing links. Because the system, the InterPlanetary File System, is designed to be resilient against content takedowns, scammers are using it to deliver phishing emails at scale.
A U.S. federal judge sentenced a Nigerian national to four years in prison for running several cyber-enabled schemes aimed at defrauding U.S. citizens out of more than $1 million. The men were arrested four years ago and extradited to Arizona in 2022 from Malaysia and the United Kingdom.
Lawmakers urged Director Jen Easterly to devise metrics that quantify how effectively the Cybersecurity and Infrastructure Security Agency uses federal money to cut cyber risk. Rep. Dave Joyce wants CISA to more precisely measure the return on taxpayer spending given the agency's rising budget.
Blue Shield of California is notifying more than 63,000 customers that their data was potentially exfiltrated in a compromise involving Fortra's GoAnywhere secure file transfer software and one of the health plan's covered mental health providers for minors.
Facebook is asking Ireland's High Court to quash a 265-million-euro fine levied by the country's data watchdog after the phone numbers of more than half a billion users appeared online. A user of the now-shuttered BreachForums in April 2021 posted data scraped from 533 million profiles.
"Stronger Together" is the theme of RSA Conference 2023. In an exclusive preview of the event, Linda Gray Martin and Britta Glade explain why that theme was selected - and what attendees can expect to see from sessions, speakers and sponsors when they attend the annual gathering in San Francisco.
North Korean hackers are stealing cryptocurrency to fund operations under an apparent mandate from Pyongyang to be self-sufficient, threat intel firm Mandiant says. The regime probably expected its hackers to pay their own way before 2020, but the novel coronavirus pandemic exacerbated its demands.
Recent high-profile breaches resulting from API attacks are "just the tip of the iceberg," said Gartner analyst Dionisio Zumerle. "What we have is a new way of exchanging information which is increasingly popular, and almost no organization has the recipe to secure that new way of communicating."
A hacking incident at Australian non-bank lender Latitude Financial affected a far greater number of individuals than initially disclosed, the company said Monday. It now estimates that its mid-March cybersecurity incident affected 14 million people although it has just over 2.8 million customers.
Online counseling provider BetterHelp is facing at least three proposed class action lawsuits following its recent enforcement action by the FTC. Plaintiffs allege a variety of claims against the company, including invasion of privacy, violations of federal and state laws, and "outrageous conduct."
The French government imposed a ban on TikTok and other social media apps after concluding that "recreational apps" lack sufficient "levels of cybersecurity and protection of data to be deployed on administrative equipment," said Stanislas Guerini, the minister of transformation and public service.
A New York medical malpractice law firm will pay $200,000 and implement data security improvements to settle a HIPAA enforcement action by the state attorney general's office following a 2021 ransomware attack by LockBit. Law firm Heidell, Pittoni, Murphy & Bach paid the hackers $100,000 in 2021.
Twitter says its source code was leaked by an unknown user on the popular open-source code collaboration platform GitHub. The social media giant requested a subpoena from a federal court Monday to force GitHub to provide details about the person behind the partial code leak.
Silicon Valley Bank's new owner plans to double down on business with venture capital and private equity firms and the portfolio companies they serve. VC and PE-focused business accounts form the largest segment of the combined $143 billion loan portfolio of First Citizens and Silicon Valley Bank.
The U.S. government limited its use of advanced surveillance software such as Pegasus through an executive order prohibiting agencies from buying licenses for spyware used by foreign governments to spy on dissidents. The order does not outright stop the government from purchasing spyware.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.
