Security News

The North Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a joint advisory published by Germany's Federal...

Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements."Without an FCC rule requiring breach notifications for the above categories of PII, there would be no requirement in Federal law that telecommunications carriers report non-CPNI breaches to their customers," the FCC said.

Faction is an open-source solution that enables pentesting report generation and assessment collaboration. Josh Summitt, the creator of Faction, has always disliked the process of writing reports, preferring to focus on uncovering bugs.

Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27. The credentials used by the attackers to breach the customers' accounts were stolen in other data breaches or used on previously compromised online platforms.

Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK spyware. In the second half of 2023, ESET has blocked 650,000 attempts to access malicious domains whose names include "Chatgpt" or similar string in an apparent reference to the ChatGPT chatbot.

Ubisoft is investigating whether it suffered a breach after images of the company's internal software and developer tools were leaked online. Ubisoft is a French video game publisher known for well-known titles, including Assassin's Creed, FarCry, Tom Clancy's Rainbow Six Siege, and the new Avatar: Frontiers of Pandora.

John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 What is the IBM Cost of a Data Breach Report? The IBM Cost of a Data Breach...

Since yesterday, users of Ubiquiti networking devices, ranging from routers to security cameras, have reported seeing other people's devices and notifications through the company's UniFi cloud services. Ubiquiti is a popular networking device manufacturer offering a cloud-based UniFi platform where admins can manage all their devices from a single cloud portal.

Cybercrime gangs like the notorious Lazarus group and spyware vendors like Israel's NSO should be considered cyber mercenaries - and become the subject of a concerted international response - according to a Monday report from Delhi-based think tank Observer Research Foundation. Author Fitri Bintang Timur argued the term mercenary applies because, as amendments to the Geneva Convention put it, mercenaries are "An entity having the motivation to gain financial or material compensation in return for their willingness to fight for the recruiter's country."

We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader malware. More ransomware actors switched to extortion rather than encryption, while commodity loaders evolved to be stealthier and highly effective, although new major security improvements have seen the day in 2023, such as Microsoft Office disabling macros by default.