A new bipartisan Senate bill would require the U.S. Department of Health and Human Services to biennially conduct cybersecurity reviews and tests on its IT systems and report to Congress on how it is updating its cybersecurity strategy to keep up with evolving cyberthreats.
A still-active phishing campaign using individualized phishing lures is targeting senior corporate accounts in Microsoft Azure environments, said researchers from Proofpoint. They said the hackers have compromised hundreds of user accounts spread across dozens of Microsoft Azure environments.
Synthetic IDs remain a problem not because of a lack of data but because of failure to identify the right data and establish correlations, said Steve Lenderman, co-chair of the Industry Working Groups for the International Association of Financial Crimes Investigators.
Bugcrowd received a $102 million venture capital investment to fuel strategic growth, the company announced Monday. "Our customers are outgunned and outmatched. They need to tap into all this creativity that exists within the hacker community," said company CEO Dave Gerry.
A federal government IT modernization funding program is looking to invest in projects that will help hasten the implementation of artificial intelligence to improve efficiencies and service delivery among government agencies. It will favor proposals with budgets under $6 million.
Federal authorities have seized internet domains and arrested two men in Malta and Nigeria who they say served as sales and customer service reps for a dark web business that sold RAT malware to cybercriminals over a 12-year period, leading to the "takeover and infection of computers worldwide."
Large language models may boost the capabilities of novice hackers but are of little use to threat actors past their salad days, concludes a British governmental evaluation. "There may be a limited number of tasks in which use of currently deployed LLMs could increase the capability of a novice."
The Department of Health and Human Services has finalized regulations to better align federal requirements for the confidentiality of substance use disorder records with privacy protections afforded under HIPAA. The aim is to improve care coordination while enhancing sensitive data protections.
Officials said the Artificial Intelligence Safety Institute Consortium will provide a "critical forum" for the public and private sectors as the federal government aims to use input from more than 200 stakeholders across public society to develop AI safety and security standards.
With over 1 billion people across more than 50 countries - including the U.S., the U.K. and India - due to hold elections this year, one open question remains: How can nations combat adversaries who attempt to influence elections or otherwise interfere via physical, cyber or operational means?
Here's one reason why Iranian state hackers may have been able to target Israeli-made pressure-monitoring controllers used by American water systems: Nearly 150 of the controllers are exposed to the internet - and some still use the default password 1111.
In the latest weekly update, Joe Sullivan, CEO of Ukraine Friends, joins three editors at ISMG to discuss the challenges of being a CISO in 2024, growing threats from disinformation, vulnerabilities in MFA, AI's role in cybersecurity, and the obstacles to public-private information sharing.
Fortinet warned Thursday that hackers have exploited a vulnerability in the operating system powering its virtual private network and urged customers to apply a patch or disable the appliance. State threat actors, including hackers from China, are targeting gateway devices in increasing numbers.
Fifty data breach lawsuits tied to the Clop ransomware group's supply chain attack against GoAnywhere file transfer software from Fortra have been consolidated by the U.S. Judicial Panel on Multidistrict Litigation into a single case in the Southern District of Florida.
The Dominican Republic earlier this month extradited to France a suspected administrator of now-defunct encrypted messaging service EncroChat. The extradition is the latest in a series of actions European authorities have been taking against EncroChat users since authorities penetrated its network.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.