Security News

New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack. Days later, Equilend said that all client-facing services were back online and had yet to find evidence that "Client transaction data was accessed or exfiltrated" during the cyberattack.

Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. On Friday, Roku first disclosed the data breach, warning that 15,363 customer accounts were hacked in a credential stuffing attack.

OneLogin and Okta are enterprise-grade IAM platforms offering security products that customers can mix-and-match to create a customized solution. Feature comparison: OneLogin vs. Okta Single Sign-On. Both OneLogin and Okta offer SSO for on-premises and cloud-based applications, as well as endpoint devices like laptops and mobile phones.

The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets. Last week, the genuine Leather wallet warned its community about a fake version of its wallet on the Apple App Store, making it clear that the company does not yet offer an iOS app.

Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP...

The British Library says legacy IT is the overwhelming factor delaying efforts to recover from the Rhysida ransomware attack in late 2023. Rhysida broke into the British Library in October last year, making off with 600GB worth of data and, crucially, destroying many of its servers which are now in the process of being replaced.

Midnight Blizzard, a group of Russian hackers tied to the country's Foreign Intelligence Service, has leveraged information stolen from Microsoft corporate email systems to burrow into the company's source code repositories and internal systems."It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures," the company's Security Response Center shared on Friday.

As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete....

The UK's Information Commissioner's Office has opened a consultation on "Consent or pay" business models. While the ICO studiously avoided naming any companies or organizations in particular, one of the most famous examples of the practice comes from Meta, which asked EU subscribers to choose between either paying to lose ads and allow data processing for advertising.

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.