The European Central Bank will conduct cyber stress tests to determine banks' resilience against cyberattacks. The tests, which will receive a "significant amount of time and resources," are set to be completed by mid-2024, said Andrea Enria, ECB's top official for oversight.
Fundraising and customer relationship management software provider Blackbaud has reached a $3 million settlement agreement with the Securities and Exchange Commission over allegations it made "misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 customers."
In the latest weekly update, ISMG editors discuss important cybersecurity and privacy issues, including how the new U.S. cybersecurity strategy doubles down on hitting ransomware, how the strategy shifts liability issues to vendors, and why check fraud is on the rise and what can be done about it.
An overview of the White House's spending blueprint for the coming federal fiscal year shows big proposed increases for cybersecurity. CISA would receive $145 million more that current amounts. Ukraine would receive hundreds of millions to counter "Russian malign influence" including in cyberspace.
Community Health Systems will soon begin notifying up to 1 million individuals estimated to have been affected by data compromise when attackers exploited a zero-day vulnerability in vendor Fortra's GoAnywhere MFT, which is secure managed file transfer software.
A healthcare revenue cycle management software vendor is facing a proposed class action lawsuit in the aftermath of a December data exfiltration attack affecting nearly 251,000 patients. Ransomware group Royal took credit for the attack, allegedly leaking samples of the stolen data on its leak site.
A top Australian official demanded that Russia crack down on hackers operating inside country borders, another sign of deepening Western frustration with Moscow's permissive attitude toward cybercriminals. The Kremlin has access to skilled hackers it can mobilize into proxy actors at will.
Hackers disrupted medical care at a major Barcelona hospital, found out the wireless plans of 9 million AT&T users and stole data of almost 140,000 Hatch Bank customers. Patrons of Chick-fil-A got a nasty surprise. Plus, a breach hit Acer and another one affected members of the U.S. Congress.
The Chinese government's geopolitical ambitions and willingness to use cyber operations to achieve them pose one of the biggest threats to U.S. national security, the U.S. intelligence community warns. Russia, Iran and North Korea also pose major threats, as do cybercrime and especially ransomware.
Every week, ISMG rounds up cybersecurity incidents in the world of digital assets. Between March 3 and March 9, Tender.fi paid a white hat reward to a thief, a Uranium Finance hacker began to launder stolen funds, Algodex revealed security breaches and BitKeep was working to reimburse hack victims.
Hackers have been selling data stolen from an online health insurance marketplace used by members of Congress and residents of Washington, D.C. The cause, size and scope of the breach are still unknown. The data pertains to "numerous" lawmakers as well as their spouses, dependents and employees.
A cyberespionage campaign using Trojanized apps implanted with a backdoor to exfiltrate sensitive data is making the rounds in India and Pakistan. Researchers at cybersecurity firm Eset identify the threat actor as Transparent Tribe, a group aligned with the Pakistani government.
The British government is proposing modifications to the European privacy law adopted as British law before the U.K. left the EU. Civil society groups warn that changes to the U.K. GDPR could lead to more surveillance. Some tech firms say the government is poised to increase its regulatory burden.
The Department of Health and Human Services and the Health Sector Coordinating Council on Wednesday published an updated toolkit that aims to help healthcare entities align security programs with the National Institute of Standards and Technology's Cybersecurity Framework.
A French law requiring companies to report cyber incidents to authorities within 72 hours or lose their eligibility for cyber insurance reimbursement has practitioners scratching their heads. Global companies with headquarters in France will have the most uncertainty, experts say.