SSNDOB, a darknet marketplace selling stolen Social Security numbers and birthdates, has been shut down, says the U.S. Department of Justice. The takedown was the result of a multiagency effort involving the IRS-CI, the FBI, the DOJ, and law enforcement agencies of Cyprus and Latvia.
In the wake of digital transformation and President Biden's 2021 cybersecurity executive order, an entire industry has sprung up around the concept of Zero Trust. John Kindervag, the researcher who created the architecture, weighs in on how the discussion has evolved.
The U.S. is on "borrowed time" for a major cyberattack that could potentially seriously disrupt critical infrastructure, but the nation can secure its systems and resources to avoid such cybersecurity disasters, says Rep. Eric Swalwell, D-California.
The U.S. Department of Justice and FBI announced the seizure of three domains after an investigation that found these domains selling stolen personal information and providing access to conduct distributed denial-of-service attacks. The domain includes weleakinfo.to, ipstress.in and ovh-booter.com.
Memo to IT administrators: Don't store data in cloud in an unsecure manner. Security researchers at Secureworks have found more than 1,200 cloud-based, unsecured Elasticsearch databases that attackers wiped, leaving only a ransom note demanding Bitcoin in return for their restoration.
A $150 million penalty has been slapped on Twitter for deceptively using account security data of millions of users for targeted advertising, the U.S. Justice Department and the Federal Trade Commission say. Twitter says it has paid the fine and ensured that personal user data is secure and private.
In the latest update, four ISMG editors discuss the alarming, bizarre case of a cardiologist in Venezuela charged with developing malware and recruiting affiliates, recent ransomware and data leak incidents in healthcare and how the economy is causing mature cybersecurity startups to slow hiring.
The Russian-language criminal syndicate behind the notorious Conti ransomware has retired that brand name, after having already launched multiple spinoffs to make future operations more difficult to track or disrupt, threat intelligence firm Advanced Intelligence reports.
U.S. authorities have charged a cardiologist based in Venezuela with developing and selling multiple strains of ransomware, including Jigsaw and Thanos, as well as recruiting affiliates to use the crypto-locking malware against victims in return for a cut of any ransoms paid.
In the latest "Proof of Concept," Lisa Sotto, Jeremy Grant and ISMG editors discuss the significance of Apple, Google and Microsoft supporting the FIDO protocol's passwordless sign-in standard, progress made on Biden's cybersecurity executive order and updates on U.S. cybersecurity and privacy laws.
The European Parliament and the Council of the European Union on Friday reached a provisional agreement to set a "baseline for cybersecurity risk management measures and reporting obligations." Called NIS2, it is a modernized framework based on the EU Network and Information Security Directive.
The United Kingdom has announced two proposed pieces of legislation - the Financial Services and Markets Bill and the Economic Crime and Corporate Transparency Bill - to regulate the digital assets industry and curb the use of virtual currency in illicit activity.
Virtual currency mixer Blender.io has been sanctioned by the U.S. for enabling North Korea to conduct "malicious cyber activities and money laundering of stolen virtual currency," the U.S. Treasury Department’s Office of Foreign Assets Control says in its first sanctioning of a currency mixer.
The European Parliament has granted Europol permission to receive and process datasets from private parties and pursue research projects for better handling of security-related cases. Use of these powers will be overseen by the European Data Protection Supervisor and the Fundamental Rights Officer.
U.S. President Joe Biden on Thursday signed into the law the Better Cybercrime Metrics Act, which aims to improve data collection on cybercrimes. The law requires the DOJ and the FBI to compile detailed statistics about cybercrime and develop a taxonomy to help contextualize and sort this data.