Iranian hackers rambled across the Albanian government's network for 14 months before launching a ransomware and disk wiper attack in July, says the U.S. government. Iran exploited a Microsoft SharePoint vulnerability to gain access and then harvested credentials and exfiltrated data.
Australian telecommunications giant Optus is warning that current and former customers' personal details were exposed, including some driver's license and passport details, but no passwords or financial details, after it suffered a major data breach.
The latest edition of the ISMG Security Report discusses financial giant Morgan Stanley's failure to invest in proper hard drive destruction oversight, the future of ransomware and the gangs that have attacked organizations in recent years, and the methods required to secure new payments systems.
Cyberattacks against universities have forced academia to implement new rules and processes to safeguard sensitive research from adversaries such as China, Russia and Iran. Texas A&M set up an office in 2016 to oversee security around scholarship, and the office works to prevent foreign influence.
Whoever stole $160 million from Wintermute, the cryptocurrency trading firm's CEO, Evgeny Gaevoy, would like the money back, minus 10% that's on the house. A hack of the London-based crypto market maker rocked the company, which supplies liquidity to cryptocurrency trading.
School is out for more than 3,000 students of a suburban Detroit district undergoing its second day of forensics analysis following an online attack. Students have been told not to use district-issued Chromebooks. Federal authorities have warned that school districts are targets of ransomware gangs.
Deep Instinct has tasked the former CEO of Palo Alto Networks and COO of Zscaler with reworking the company's go-to-market strategy to better serve large enterprises. The company has moved longtime executive Lane Bess from the executive chair to the CEO's seat to recruit experienced sales leaders.
A newly uncovered vulnerability in a wallet addressing tool may be the reason a hacker stole $160 million in digital assets from market maker Wintermute. The company's CEO tweeted that the company is solvent and will honor requests to repay lenders.
Uber is fingering adolescent extortion hacking group Lapsus$ for the disruption to its internal systems. A self-proclaimed 18-year-old last week spammed the company with vulgar messages and shared online screenshots of the company's cloud storage and code repositories. The FBI is investigating.
In the latest "Proof of Concept," David Pollino, former CISO of PNC Bank, and Ari Redbord, head of legal and government affairs at TRM Labs, join ISMG editors to discuss ethical concerns for CISOs, cryptocurrency regulations, and potential foreign interference in the U.S. midterm elections.
Cybercriminals are netting multimillion-dollar hauls by targeting healthcare industry payment processing, the FBI warns. The criminals use publicly available personally identifiable information and deploy social engineering techniques to impersonate care providers.
Vista Equity Partners has joined Thoma Bravo in the take-private cybersecurity spree, offering to buy security awareness training behemoth KnowBe4 at a $4.22 billion valuation. KnowBe4 says it has received a nonbinding offer from Vista of $24 per share for the shares not currently owned by Vista.
Palo Alto Networks has been in a 19-month dry spell when it comes to major acquisitions, but it looks like that's about to change. Israeli business publication Calcalist reported Monday the firm is closing in on a deal to buy New York-based code risk platform provider Apiiro for around $600 million.
The LockBit group has paid the first payment of $50,000 as part of its bug bounty program for researchers willing to aid in cybercriminality. The group had announced that it will pay individuals who find exploitable vulnerabilities in the software it uses to maliciously encrypt files.
Password manager LastPass says the attackers behind the August security incident had access to its systems for four days. LastPass CEO Karim Toubba, sharing details about last month's breach, confirms that there is no evidence of any threat actor activity beyond the established timeline.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.