Social media giant Meta's attempt to navigate European data protection rules by offering a fee-based opt-out from behavioral advertising came under fire Wednesday by a trading bloc agency that said freedom from personalized marketing should typically be free.
Hackers who appear to be Chinese are exploiting vulnerabilities in the OpenMetadata platform running as workloads on Kubernetes clusters to download cryptomining software, warned Microsoft. "I want to buy a car," the hackers tell victims in a note and solicit monero donations.
San Francisco-based asset intelligence vendor Armis plans to embed AI and automation into the incident prioritization and remediation process through the $150 million acquisition of early-stage startup Silk Security to minimize manual intervention and maximize efficiency.
Rep. Cathy McMorris Rodgers, R-Wa., chair of the House Energy and Commerce Committee, suggested Wednesday that a draft national data privacy bill making its way through Congress could be the best shot in decades for lawmakers to pass a comprehensive federal privacy law.
What do a German healthcare network, a Russian security company and an American bridal clothing retailer have in common? All seem to have been compromised in recent months by attackers who wielded LockBit crypto-locking malware - but who weren't tied to the actual LockBit operation.
Half a dozen different botnets are prowling the internet for TP-Link-brand Wi-Fi routers unpatched since last summer with the goal of commandeering them into joining distributed denial-of-service attacks. Chinese router manufacture TP-Link in June patched a command injection vulnerability.
Likely Russian military intelligence hackers known as Sandworm have deployed a new and highly flexible backdoor against Eastern European targets since at least mid-2022, warned security researchers. Security firm WithSecure dubbed the backdoor Kapeka.
Russia's preeminent cyber sabotage unit presents "one of the widest and high severity cyber threats globally," warned Mandiant in a Wednesday report. Mandiant newly designated Sandworm as APT44 to differentiate it from another hacking unit it will still track as APT28.
Michigan's largest federally qualified health center, which treats homeless and underserved patients, is notifying more than 184,000 individuals of a December ransomware attack that compromised their data. The incident reflects the many challenges that under-resourced healthcare groups face.
Microsoft announced in December that support for Windows 10 will end when the OS reaches end of life in October 2025, yet enterprise adoption of Windows 11 is moving slowly. Enterprise leaders believe migrating to the new OS will lead to compatibility issues and increase costs to upgrade devices.
The aftershocks of the Change Healthcare cyberattack are still reverberating through the healthcare sector nearly 60 days into the recovery process. But on Tuesday, members of Congress and industry experts grappled with how to avoid a future replay - minus a key witness: UnitedHealth Group.
OpenSSF launched a new tool Tuesday in partnership with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency to help simplify for federal agencies and private organizations the process of reading and generating software bills of materials.
Financially motivated hackers are using the oldie-but-goodie technique of hiding malicious code in digital images to target businesses in Latin America, say security researchers. One image containing a PowerShell script results in Agent Tesla being loaded on the victim computer.
A new initiative in the U.S. is pairing college students with university researchers to strengthen cybersecurity defenses for resource-poor organizations and small businesses. The program serves as both an educational platform and a way for students to gain practical field experience.
Major open-source software projects are warning that more pieces of code than XZ Utils may have been backdoored by attackers, based on ongoing supply-chain attack attempts that have targeted "popular JavaScript projects," apparently seeking to trick them into sharing code maintainer rights.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.