Security News

Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise
2024-04-07 08:00

How Google plans to make stolen session cookies worthless for attackersGoogle is working on a new security feature for Chrome called Device Bound Session Credentials, meant to prevent attackers from using stolen session cookies to gain access user accounts. A "Cascade" of errors let Chinese hackers into US government inboxesMicrosoft still doesn't known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials.

US Health Dept warns hospitals of hackers targeting IT help desks
2024-04-06 15:09

The U.S. Department of Health and Human Services warns that hackers are now using social engineering tactics to target IT help desks across the Healthcare and Public Health sector. The sector alert issued by the Health Sector Cybersecurity Coordination Center this week says these tactics have allowed attackers to gain access to targeted organizations' systems by enrolling their own multi-factor authentication devices.

US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products
2024-04-05 14:30

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Feds probe alleged classified US govt data theft and leak
2024-04-04 18:20

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

US cancer center data breach exposes info of 827,000 patients
2024-04-04 16:57

Cancer treatment and research center City of Hope is warning that a data breach exposed the sensitive information of over 820,000 patients. City of Hope is a National Cancer Institute-designated comprehensive cancer center providing treatment for cancer, diabetes, and other life-threatening diseases.

US State Department investigates alleged theft of government data
2024-04-03 18:55

The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor. "The Department is aware of claims that a cyber incident has occurred and is currently investigating," a State Department spokesperson told BleepingComputer.

#US
A “cascade” of errors let Chinese hackers into US government inboxes
2024-04-03 13:37

Microsoft still doesn't known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. "The stolen 2016 MSA key in combination with [a] flaw in the token validation system permitted the threat actor to gain full access to essentially any Exchange Online account," CISA's Cyber Safety Review Board noted in a recently released Review of the Summer 2023 Microsoft Exchange Online Intrusion.

US House of Reps tells staff: No Microsoft Copilot for you!
2024-04-01 22:34

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

US critical infrastructure cyberattack reporting rules inch closer to reality
2024-03-28 13:30

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

New Zealand to world: China attacked us, too!
2024-03-26 03:30

The government of South Pacific island nation New Zealand has revealed that it, too, has been attacked by China. A Tuesday announcement penned by attorney-general and minister of defence Judith Collins reveals that in 2021 the nation's Government Communications Security Bureau and National Cyber Security Center "Completed a robust technical assessment following a compromise of the Parliamentary Counsel Office and the Parliamentary Service in 2021, and has attributed this activity to a PRC state-sponsored group known as APT40."