Iranian state threat actor "Peach Sandstorm" is growing in sophistication, warns Microsoft in an alert about a campaign of password hacking targeting the satellite, defense and pharmaceutical sectors. The group's newfound polish is reflected in what the hackers did after establishing persistence.
In the latest weekly update, four editors at ISMG discuss important cybersecurity and privacy issues, including how to keep assets secure in the quantum era, when common usernames pose a cybersecurity threat, and how to strike the right balance between regulation and innovation in AI.
Mass cloud migration continues for enterprises of all industries and sizes. And they continue to trip up on complexity, governance and tool rationalization. Bob West of Palo Alto Networks and Wipro's Bhavesh Bhatt talk about how they are addressing these issues with their cloud security partnership.
Generative AI holds great potential for many amazing applications in healthcare, but it's critical to establish a strong framework before deploying it, said Barbee Mooneyhan, vice president of security, IT and privacy of Woebot Health, a provider of AI-driven online mental health services.
AI allows U.S. agencies to address hard problems like quickly writing secure code but comes with risks around nation-states generating attacks more efficiently. "The cybersecurity element is a great example of the bright and the dark side of AI technology," said White House Director Arati Prabhakar.
This week, exiled Russian journalist Galina Timchenko's iPhone was found to contain NSO Group's Pegasus spyware, a Russian businessman was sentenced for insider trading, more than 300,000 people were affected by an attack on See Tickets and period-tracking apps raised privacy concerns in the U.K.
The drumbeat for potential federal legislation to better protect sensitive health information - or at least new regulations - appears to be growing louder in Congress. One of the Senate's four lawmaker doctors is quizzing the healthcare industry on ways to safeguard health data.
China hasn't ordered any restrictions on the use of Apple iPhones by government agencies, according to a Chinese government spokesperson, but the official cited recent security flaws in the iPhone and warned that foreign mobile device manufacturers must abide by domestic information security laws.
This week, Vitalik Buterin was the victim of a SIM swapping attack, North Korea likely orchestrated the $55 million CoinEx hack, OneCoin co-founder Karl Sebastian Greenwood was sentenced to 20 years in prison and former FTX executive Ryan Salame will reportedly plead guilty to criminal charges.
In Norse mythology, Loki is a cowardly trickster god who can change age, shape and sex. The malware incarnation is more prosaic, tending to focus on stealing Microsoft users' data, at times by using an ancient vulnerability in Microsoft Office that continues to be widespread.
Hotel and casino giant Caesars Entertainment paid approximately half of an initial $30 million ransom demand to attackers who infected its systems with ransomware, according to news reports. The attackers appear to be with the same group that hit MGM Resorts.
The Defense Department's updated cyber strategy calls for disrupting malicious actors and boosting the cyber capabilities of U.S. allies to take on Chinese threats to critical infrastructure. Defense officials also plan to conduct defensive operations to protect the department's information network.
Cybersecurity researchers at Symantec said a cybercriminal entity with possible ties to the Chinese government used the ShadowPad Trojan to target an Asian country's national power grid earlier this year. The Redfly APT group focused on stealing credentials and compromising multiple computers.
Authorities are warning of threats posed by Akira, a ransomware group that surfaced in March and has been linked to dozens of attacks on small and midsized entities. The group is targeting many industries, including healthcare, and seems to favor entities that lack MFA on VPNs.
Microsoft's September dump of fixes addresses two actively exploited zero-day vulnerabilities, including one in Microsoft Word that has a proof-of-concept code available publicly. "Definitely put this one on the top of your test-and-deploy list," wrote Dustin Childs.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.