The American Bankers Association and three other banking groups have voiced objections to provisions in a proposed federal cyber incident notification regulation. For example, they say the definition of a reportable "computer security incident" is too broad and would result in the reporting of insignificant events.
The SolarWinds supply chain attack that led to follow-on attacks on nine government agencies and 100 companies points to the need for a federal law requiring prompt breach notification, several senators said at a Wednesday hearing.
Interpol says Dutch and Nigerian suspects created a cloned version of a legitimate personal protective equipment provider's website to trick a German health authority seeking face masks. The case is a reminder that a "sophisticated" scheme need not require extreme technical sophistication to succeed.
Criminals love to amass and sell vast quantities of user data, but not all data leaks necessarily pose a risk to users. Even so, the ease with which would-be attackers can amass user data is a reminder to organizations to lock down inappropriate access as much as possible.
Facebook has been attempting to dismiss the appearance of a massive trove of user data by claiming it wasn't hacked, but scraped. No matter how the theft is characterized, 533 million users have just learned that their nonpublic profile details were stolen and sold to fraudsters.
Crisis communications: If your organization suffers a ransomware outbreak - despite its best cybersecurity efforts - is it ready to respond quickly and transparently? Experts have lauded the Scottish Environment Protection Agency for its response, saying it's a model for other victims to emulate.
At least 14 lawsuits seeking class-action status have been filed against Accellion in the wake of breaches of the vendor's 20-year-old File Transfer Appliance. A motion to consolidate the cases has also been filed.
How much does it cost to recover from a ransomware attack? For the Scottish Environment Protection Agency, which was hit by the Conti ransomware-wielding gang on Christmas Eve, reported cleanup costs have reached $1.1 million. SEPA is still restoring systems and has refused to pay any ransom.
When a breached organization such as Ubiquiti says it is "not currently aware of evidence" that attackers stole customer data, it too often means: "We don't know, because we failed to have in place the robust logging and monitoring capabilities that might have provided us all with real answers."
New York state officials are warning insurance and financial firms that fraudsters continue to probe for security weaknesses in websites offering instant quotes, as a way to target consumers' data. Attackers are now using credential stuffing techniques and targeting unprotected data in transition.
Synthetic identity fraud is a pervasive yet ill-defined crime – hard to define as well as to detect. Greg Woolf of FiVerity discusses a recent initiative by the Federal Reserve in Boston to better define and therefore better manage SIF.
Customers of Indian payments platform MobiKwik appear to have gotten a lucky break: A listing for 8.2TB of stolen data pertaining to 99 million customers was withdrawn by a cybercrime forum seller, supposedly because of the public risk posed. MobiKwik continues to deny that it was breached. Who's to be believed?
Projects with potential cybersecurity components included in the Biden administration's $2 trillion infrastructure spending proposal include upgrading the aging and insecure electrical grid, addressing supply chain vulnerabilities and supporting research on artificial intelligence and quantum computing.
Security practitioners often tread a fine and not entirely well-defined legal line in collecting current and meaningful research. This research can also pose ethical questions when commercial sources for stolen data fall into a gray area.
NIST has drafted guidelines for how to use its cybersecurity framework to address cyberthreats and other security issues that can target state and local election infrastructure and disrupt voting.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.