Security News
The University of Michigan has taken all of its systems and services offline to deal with a cybersecurity incident, causing a widespread impact on online services the night before classes started. University of Michigan is one of the oldest and largest educational institutes in the United States, employing over 30,000 academic and administrative staff and having roughly 51,000 students.
To the importance of application security testing, we will also discuss the different areas of vulnerability testing and its various phases. Finally, we will provide details on how a long-term preventative solution such as PTaaS can protect e-commerce businesses and the differences between continuous testing and standard pen testing.
Believed to be one of the leaders of the group, Arion Kurtaj, from Oxford, England, was arrested twice in 2022, first in January and then again in March, in connection with Lapsus$ hacking activity. Kurtaj used more than a dozen online names, White and Breachbase among them, and is believed to have made more than 300 BTC from his hacking activity, SIM-swapping included.
In this Help Net Security interview, Dr. Omar Sangurima, Principal Technical Program Manager at Memorial Sloan Kettering Cancer Center, discusses the impact of cyberattacks on patient safety and care delivery, emphasizing how disruptions to critical healthcare services can harm patients and even lead to life-threatening situations. The consequences of a successful cyberattack on a healthcare organization can be severe, including the compromise of patient data and potential harm to patients.
Digital threat actors are adopting evolving tactical behaviors, opting for different types of malicious attacks compared to previous years, according to SonicWall. Overall intrusion attempts were...
The U.S. SEC has introduced new rules for publicly traded companies to disclose cyberattacks within four business days if they are considered significant to investors. Foreign private issuers are also required to provide equivalent disclosures. SEC Chair Gary Gensler stated that consistent and comparable disclosure would benefit both companies and investors.The rules demand listed companies to include cyberattack details in periodic report filings (8-K forms). These rules will be effective from December or 30 days after publication in the Federal Register. Smaller companies will have an additional 180 days to comply. Disclosure timelines may be delayed if immediate disclosure poses a risk to national security or public safety.
Norwegian mining and recycling giant TOMRA says it has isolated tech systems as it deals with an "Extensive cyberattack."TOMRA has multiple divisions that focus on areas including waste and recycling solutions, metal sorting systems, mining machine systems and food sorting equipment.
Microsoft patches four exploited zero-days, but lags with fixes for a fifthFor July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed at defense and government entities in Europe and North America. Apple pushes out emergency fix for actively exploited zero-dayApple has patched an actively exploited zero-day vulnerability by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems.
The extension enabled threat actors to monitor browser history, take screenshots, and inject malicious scripts that targeted cryptocurrency exchanges. Multiple malicious extensions target user installations, leading to a real danger of data exfiltration and system compromise.
In April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised. "The attacks emanated from two separate threat campaigns. One campaign attempted to infect law firm employees with the GootLoader malware. The other campaign hit law firm employees and other victims with the SocGholish malware," the company revealed.