Security News

The payment services giant advises that some users may continue to experience issues online or over the phone. The issues reported by users included being unable to log in to their Amex accounts, make payments, or get to an Amex customer service representative over the phone.

An independent security researcher has shared what's a detailed timeline of events that transpired as the notorious LAPSUS$ extortion gang broke into a third-party provider linked to the cyber incident at Okta in late January 2022. Sitel, through its acquisition of Sykes Enterprises in September 2021, is the third-party service provider that provides customer support on behalf of Okta.

Specops Software's first annual Weak Password Report has yielded some interesting results that may cause you to rethink the way that your organization manages passwords. The problem with this however, is that leaked password databases have allowed cyber criminals to create lookup tables that can be used to reveal a password based on its hash, without actually having to crack the password, thereby making password length far less of a problem for cyber criminals.

The Lapsus$ extortion crew has turned its attention to identity platform Okta and published screenshots purportedly showing the group gaining access to the company's internals. Oliver Pinson-Roxburgh, CEO of security outfit Bulletproof, warned: "As the gatekeeper to the networks and data of thousands of organizations, a breach at Okta would have significant consequences."

Companies critical to U.S. national interests will now have to report when they're hacked or they pay ransomware, according to new rules approved by Congress. The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President Joe Biden soon.

Between October and December 2021, an independent research company surveyed over 3,000 IT decision makers and IT professionals about their IT and data protection strategies, challenges and drivers. Almost all the respondents were from organizations with more than 1,000 employees - from 28 different countries.

Between October and December 2021, an independent research company surveyed over 3,000 IT decision makers and IT professionals about their IT and data protection strategies, challenges and drivers. Almost all the respondents were from organizations with more than 1,000 employees - from 28 different countries.

The US Securities and Exchange Commission has proposed rule amendments to require publicly traded companies to report data breaches and other cybersecurity incidents within four days after they're discovered. According to newly proposed amendments to current rules, listed companies would have to provide information in periodic report filings on policies, implemented procedures, and the measures taken to identify and manage cybersecurity risks on Form 8-K. The amended rules would also instruct companies to provide updates regarding previously reported security breaches.

A new rule proposed by the US Securities and Exchange Commission would force public companies to disclose cyberattacks within four days along with periodic reports about their cyber-risk management plans. Specifically, the proposed rule would amend the Form 8-K reporting requirements to include cybersecurity incident disclosure "Within four business days after the registrant determines that it has experienced a material cybersecurity incident." The 8-K is the form that the SEC requires public companies file to publicly announce corporate changes or big events that may be material to shareholders.

An analysis of data crowdsourced from more than 200,000 network-connected infusion pumps used in hospitals and healthcare entities has revealed that 75% of those medical devices contain security weaknesses that could put them at risk of potential exploitation. "These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or more of some 70 other types of known security shortcomings for IoT devices," Unit 42 security researcher Aveek Das said in a report published Wednesday.