Open sourcerers say suspected xz-style attacks continue to target maintainers: Social engineering patterns spotted across range of popular projects
theregister.com/2024/04/16/xz_style_attacks_continue/
Why the US government’s overreliance on Microsoft is a big problem: Microsoft continues to get a free pass after series of cybersecurity failures.
wired.com/story/the-us-government-has-a-microsoft-problem/
US House approves FISA renewal – warrantless surveillance and all: PLUS: Chinese chipmaker Nexperia attacked; A Microsoft-signed backdoor; CISA starts scanning ...
theregister.com/2024/04/15/security_in_brief/
Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online
theregister.com/2024/04/03/cisa_microsoft_exchange_attack_report/
Quick Glance: Microsoft splits up Teams and Office worldwide
- Microsoft is beginning to sell Teams and the other Microsoft 365 apps as separate products with separate prices for new commercial customers worldwide.
- The unbundling is a win for other team communication and video conferencing apps like Slack and Zoom, which have not benefited from the huge established user base of the Office apps.
- The separation follows an EU regulatory investigation that started in July 2023, and Microsoft may yet be fined.
- Currently, the changes only affect the Microsoft 365 plans for the Business, Enterprise, and Frontline versions of Microsoft 365.
Sisense hit by data compromise, US cybersecurity agency says: Sisense has been hit by a data compromise, the U.S. cybersecurity watchdog agency said in an alert ...
reuters.com/technology/cybersecurity/sisense-hit-by-data-compromise-us-cybersecurity-agency-says-2024-04-11/
Chinese, Russian hackers keep getting past Microsoft's security : The US Cybersecurity and Infrastructure Security Agency issued an emergency directive this week ...
businessinsider.com/chinese-russian-hackers-keep-getting-past-microsofts-security-2024-4
China's attacks on U.S. infrastructure aren't going anywhere: China's Volt Typhoon group has displayed a persistence that's rare among nation-state hackers.
axios.com/2024/04/14/china-volt-typhoon-hacking-threats
Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online
theregister.com/2024/04/03/cisa_microsoft_exchange_attack_report/
Quick Glance: US government faults Microsoft for errors in Chinese hacker attack
- A US government review found that Microsoft committed a series of avoidable errors that allowed Chinese hackers to access the tech giant's network last year and later breach the email accounts of senior US officials.
- Microsoft was specifically criticized for not adequately protecting a sensitive cryptographic key, enabling hackers to remotely log into their targets' Outlook accounts by forging credentials.
- The hack resulted in Chinese operatives gaining access to the unclassified email accounts of senior US diplomats, including US Ambassador to China Nicholas Burns and US Secretary of Commerce Gina Raimondo.
- Microsoft announced plans to enhance its security practices for software development and user protection following the alleged Chinese hacking incident and scrutiny of its security practices by US lawmakers.
FBI says Chinese hackers are inside US infrastructure to cause ‘devastating blow’
independent.co.uk/news/world/americas/china-hackers-fbi-wray-infrastructure-b2531182.html
Local election officials say the Biden administration needs to do more to keep them safe
nbcnews.com/politics/2024-election/keep-us-safe-local-election-officials-tell-biden-administration-rcna146430
US Cybersecurity Agency Will Review Malware Samples Sent by the Public: Previously reserved for government employees, Malware Next-Gen now allows submissions ...
extremetech.com/internet/us-cybersecurity-agency-will-review-malware-samples-sent-by-the-public
Open-source developers prepare for a possible social-engineering crisis: A wave of social-engineering attacks targeting open-source projects is raising serious ...
axios.com/2024/04/19/open-source-software-social-engineering-hacks
Near-miss Linux cyberattack puts US officials, tech industry on edge: German software developer Andres Freund was running some detailed performance tests last ...
timeslive.co.za/news/sci-tech/2024-04-05-near-miss-linux-cyberattack-puts-us-officials-tech-industry-on-edge/
Government board pins China hack on Microsoft’s 'inadequate' cybersecurity strategies
axios.com/2024/04/03/microsoft-security-practices-government-review
Microsoft has been criticized for stealing a master key for the Azure cloud last summer. 👆
About the article: www.heise.de/news/Klatsche-fuer-Microsoft-US-Behoerde-wirft-MS-Sicherheitsversagen-vor-9674431.html
US House of Representatives Bans Employees From Using Microsoft Copilot: House employees using Windows devices can no longer run its AI assistant over security ...
extremetech.com/internet/us-house-of-representatives-bans-employees-from-using-microsoft-copilot
Pa. election 2024: A primer on requesting, filling out, and returning your mail ballot
pennlive.com/elections/2024/04/pa-election-2024-a-primer-on-requesting-filling-out-and-returning-your-mail-ballot.html
Rural Texas towns report cyberattacks that caused one water system to overflow: By KEN MILLER (Associated Press) A hack that caused a small Texas town’s water ...
orlandosentinel.com/2024/04/18/rural-texas-towns-report-cyberattacks-that-caused-one-water-system-to-overflow/
FBI: Akira ransomware raked in $42 million from 250+ victims: The Akira ransomware operation has breached the networks of over 250 organizations and raked in ...
bleepingcomputer.com/news/security/fbi-akira-ransomware-raked-in-42-million-from-250-plus-victims/
Microsoft's Poor Cloud Security Exposed Internal Company Data, Researchers Find: A cybersecurity firm reports that it was easily able to access Microsoft data on ...
pcmag.com/news/microsofts-poor-cloud-security-exposed-internal-company-data-researchers
Defending against IoT ransomware attacks in a zero-trust world: Attacks on IoT and ICS networks are becoming so pervasive that it's common for the ...
venturebeat.com/security/defending-against-iot-ransomware-attacks-in-a-zero-trust-world/
Russian Hack of Microsoft Corporate Emails Ensnares US Federal Agencies: US cyber officials are requiring affected federal agencies to act, since their login ...
pcmag.com/news/russian-hack-of-microsoft-corporate-emails-ensnares-us-federal-agencies
CISA in a flap as Chirp smart door locks can be trivially unlocked remotely: Hard-coded credentials last thing you want in home security app
theregister.com/2024/04/15/critical_vulnerability_chirp_lock/
Russian Hack of Microsoft Corporate Emails Ensnares US Federal Agencies: US cyber officials are requiring affected federal agencies to act, since their login ...
pcmag.com/news/russian-hack-of-microsoft-corporate-emails-ensnares-us-federal-agencies
This tech IPO revival does not come with a blockbuster pipeline: Transition, as in Rubrik’s case, complicates the financial picture and could weigh on valuations
ft.com/content/cecc9186-a56c-4f73-a833-0a19c7a8cca5
Conservative Think Tank The Heritage Foundation Hit by Cyberattack: Investigation Ongoing
techtimes.com/articles/303541/20240412/conservative-think-tank-heritage-foundation-hit-cyberattack-investigation-ongoing.htm
US Issues Emergency Directive Amid Fears Agencies Were Breached in Hack: US federal agencies were ordered to analyze emails, reset compromised credentials and ...
bloomberg.com/news/articles/2024-04-11/us-issues-emergency-directive-amid-fears-agencies-were-breached
Paid articlePaid
US Cyber Agency Says Russian Hackers Used Microsoft Access to Steal Government Emails
india.com/news/world/us-cyber-agency-says-russian-hackers-used-microsoft-access-to-steal-government-emails-6853442/
Roku Breach Hits 567,000 Users: Plus: Apple warns iPhone users about spyware attacks, CISA issues an emergency directive about a Microsoft breach ...
wired.com/story/roku-breach-hits-567000-users/
CISA makes its "Malware Next-Gen" analysis system publicly available: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a ...
bleepingcomputer.com/news/security/cisa-makes-its-malware-next-gen-analysis-system-publicly-available/
How to secure AI system development: How can data scientists, AI engineers and cybersecurity professionals ensure their AI system is secure during development ...
venturebeat.com/ai/how-to-secure-ai-system-development/
US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products
theregister.com/2024/04/05/microsoft_government_contracts/
Government review criticizes Microsoft for security lapses in "preventable" Exchange Online hack
techspot.com/news/102500-government-review-criticizes-microsoft-security-lapses-preventable-exchange.html
Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks: IT security software company Ivanti has released patches to fix multiple security ...
bleepingcomputer.com/news/security/ivanti-fixes-vpn-gateway-vulnerability-allowing-rce-dos-attacks/
Feds Blame Microsoft's Corporate Culture for China-Backed Email Hack: US federal agencies are asking Microsoft to overhaul its approach to security after hackers ...
uk.pcmag.com/security/151706/feds-blame-microsofts-corporate-culture-for-china-backed-email-hack
Linux could have been brought down by backdoor found in widely used utility: Andres Freund, a PostgreSQL developer at Microsoft, was doing some routine ...
techspot.com/news/102456-linux-could-have-brought-down-backdoor-found-widely.html
How did a cargo ship take out the Baltimore bridge: experts: Much remains unknown about why the Dali collided with the Francis Scott Key Bridge ...
businessinsider.com/how-did-modern-cargo-ship-take-out-baltimore-bridge-experts-2024-3
Paid articlePaid
Quick Glance: Survivors of Baltimore Bridge Collapse: Workers in Their Cars
- Julio Cervantes survived bridge collapse, others missing or dead
- Construction workers were in their cars when ship hit bridge
- Two bodies found, four missing, presumed dead
- President Biden promises bridge reconstruction
Truck-to-truck worm could infect – and disrupt – entire US commercial fleet: The device that makes it possible is required in all American big rigs ...
theregister.com/2024/03/22/boffins_tucktotruck_worm/
Five Eyes tell critical infra orgs: Take these actions now to protect against China's Volt Typhoon
theregister.com/2024/03/20/five_eyes_volt_typhoon/
More than 133,000 Fortinet appliances still vulnerable to month-old critical bug: A huge attack surface for a vulnerability with various PoCs available
theregister.com/2024/03/18/more_than_133000_fortinet_appliances/
Top critical infrastructure operators put their skills to the test: The two-day tabletop exercise was the first known event involving these companies and the ...
axios.com/2024/03/29/cyberattack-critical-infrastructure-simulation
Critical Fortinet flaw may impact 150,000 exposed devices: Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web ...
bleepingcomputer.com/news/security/critical-fortinet-flaw-may-impact-150-000-exposed-devices/
Top US cybersecurity agency hacked and forced to take some systems offline: A federal agency in charge of cybersecurity discovered it was hacked last month and ...
cnn.com/2024/03/08/politics/top-us-cybersecurity-agency-cisa-hacked/
Exclusive: Biden administration kicks its open-source software security work up a notch
axios.com/2024/03/07/biden-admin-open-source-security-promises
Threats to 'high-profile' officials at their homes are on the rise: DHS: "We are now faced with a threat dynamic like never before," one expert said.
abcnews.go.com/Politics/threats-high-profile-officials-homes-rise-dhs/story
After years of ransomware attacks, health-care defenses still fail: The danger was obvious in 2021, when ransomware gangs struck hospitals already overwhelmed by ...
washingtonpost.com/technology/2024/03/19/cybersecurity-healthcare-hack-solutions/
LockBit's contested claim of fresh ransom payment suggests it's been well hobbled
theregister.com/2024/03/04/in_brief/
Exclusive: Biden administration kicks its open-source software security work up a notch
axios.com/2024/03/07/biden-admin-open-source-security-promises
Four big questions for DC following massive health care hack: The cyberattack that forced offline insurance clearinghouse Change Healthcare raises bigger ...
politico.com/news/2024/03/18/health-care-hack-questions-00147199
Facebook, Instagram, Messenger and Threads logins restored after widespread outage
seattletimes.com/business/facebook-instagram-messenger-and-threads-down-in-widespread-outage/
Quick Glance: Facebook, Instagram in UAE Offline? Thousands Report Outage
- Over 300,000 Facebook outages reported worldwide
- After about an hour, Facebook and Instagram are back up for most users in the UAE.
- Many users complained about outages on Meta-owned platforms like Facebook, Instagram, and Messenger.
- Discord users also experienced issues with outages.
Top cyber research agency slows work on crucial security database without warning
axios.com/2024/03/26/nist-cyber-vulnerabilities-database
Twelve-year-old Moroccan wunderkind Rayan Ait Taher on Tuesday won the President’s Cup Cybersecurity Competition, an event organized every five years by the US ... Show more shorturl.at/dEU79 #morocco #world #news #cybersecurity #US #moroccoworldnews
UnitedHealth hack could take months for full recovery: UnitedHealth Group , the largest U.S. health insurer, is likely to need several months to make a full ...
reuters.com/technology/cybersecurity/unitedhealth-hack-could-take-months-full-recovery-2024-03-08/
How a Right-Wing Controversy Could Sabotage US Election Security: Republicans who run elections are split over whether to keep working with the Cybersecurity and ...
wired.com/story/gop-secretaries-of-state-cisa-controversy/
Microsoft warns Russia has escalated its hacking campaign: The campaign’s success to date has shocked intelligence officials on multiple continents ...
washingtonpost.com/technology/2024/03/08/microsoft-hack-email-russia/
Health care organizations last year reported the most ransomware attacks of the 16 industries identified as critical U.S. infrastructure. www.axios.com/2024/03/11/health-care-ransomware-attacks
AT&T outage caused by software update, company says : AT&T says they have "restored wireless service to all our affected customers."
abcnews.go.com/US/att-outage-impacting-us-customers-company/story
Quick Glance: Disruptions at US Telecom Firms Impact Users
- A widespread cellular outage hit large parts of the United States early Thursday, resulting in disruptions to the services provided by telecom companies like AT&T.
- At the break of dawn, more than 32,000 outage incidents were recorded in AT&T's service, based on data from the outage tracking website Downdetector.com. Impacted cities included San Francisco, Houston, and Chicago.
- Users of Verizon, T-Mobile, and UScellular also raised concerns about issues with the telecom companies' services according to Downdetector.
- The companies did not immediately address Reuters inquiries regarding the causes of the outages.
Microsoft struggling to fight off Russian cyberspies: Microsoft is still struggling to keep out the Russian cyberspies that gained high-level access to the ...
nbcnews.com/tech/security/microsoft-struggling-fight-russian-cyberspies-rcna142558
AI could pose ‘extinction-level’ threat to humans and the US must intervene, report warns
omaha.com/life-entertainment/nation-world/technology/artificial-intelligence-extinction-level-human-threat/article_c59d1914-c375-5b67-ad9c-d069ec4f4317.html
Quick Glance: EU AI Act Approved by European Parliament
- The European Parliament overwhelmingly voted in favor of the AI Act, positioning the EU as a global leader in regulating AI software.
- The legislation establishes a risk-based framework for AI, applying rules and requirements based on the level of risk associated with the use case.
- Penalties for non-compliance under the Act can reach up to 7% of global annual turnover or €35M.
- The AI Act, shaped through extensive negotiations, is expected to be fully implemented by mid-2027.
Secretary Mayorkas is ready to hold U.S. companies accountable for poor cybersecurity
axios.com/2024/02/23/mayorkas-cybersecurity-regulations-munich
Biden Hardens Protection Against Cybersecurity Threats to Ports: An executive order expands powers to the Department of Homeland Security amid increased fears of ...
nytimes.com/2024/02/21/us/politics/cybersecurity-ports.html
Senator demands telecom cybersecurity standards overhaul to curb abuses: Sen. Ron Wyden (D-Ore.) sent a letter to President Biden and his Cabinet demanding that ...
thehill.com/policy/technology/4499261-senator-demands-telecom-cybersecurity-standards-overhaul-to-curb-abuses/
The U.S. Health System’s Single Point of Failure: Cybercriminals see the nation’s vulnerabilities far more clearly than regulators do.
theatlantic.com/ideas/archive/2024/03/change-healthcare-alphv-blackcat-hackers/677650/
North Korea Cyber Hack Hits US Ally: Kim Jong Un's regime appears to have lifted sensitive data from one of South Korea's strategic industries.
newsweek.com/north-korea-cyberattack-hack-semiconductor-industry-data-south-korea-1875484
Quick Glance: North Korea's Response to U.S.-South Korean Drills
- North Korea labels ongoing drills as an invasion plot, threatening military action.
- This year's drills include 48 field exercises, double the previous year's amount, lasting 11 days.
- North Korea's Defense Ministry denounces the drills as reckless and plans responsible military activities to enhance security on the Korean Peninsula.
- Experts predict increased tensions with more missile tests and aggressive rhetoric from North Korea this year, particularly with upcoming elections in the U.S. and South Korea.
CISA Systems Hacked: Ivanti Vulnerabilities Exploited, Urgent Security Measures Advised
techtimes.com/articles/302438/20240310/cisa-systems-hacked-ivanti-vulnerabilities-exploited-urgent-security-measures-advised.htm
CISA, NSA share best practices for securing cloud services: The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint ...
bleepingcomputer.com/news/security/cisa-nsa-share-best-practices-for-securing-cloud-services/
Apple rolls out iMessage upgrade to withstand decryption by quantum computers: Apple is rolling out an upgrade to its iMessage texting platform to defend against ...
reuters.com/technology/cybersecurity/apple-rolls-out-imessage-upgrade-withstand-decryption-by-quantum-computers-2024-02-21/
‘World’s most harmful’ cybercriminal group disrupted in 11-nation operation: LockBit’s ransomware has been used to extort over $120 million in ransom payments ...
washingtonpost.com/business/2024/02/20/lockbit-ransomware-cronos-nca-fbi/
Quick Glance: Police Arrest LockBit Ransomware Members
- Arrest of two LockBit ransomware operators in Poland and Ukraine
- Development of free decryption tool for encrypted files
- Seizure of over 200 crypto-wallets after hacking servers
- Global operation involving French and U.S. authorities
A federal agency has told rural counties and small towns how to safeguard their elections, but not all can afford the fixes
nbcnews.com/politics/2024-election/rural-counties-small-towns-need-money-protect-elections-november-2024-rcna141918
GOP criticism of CISA could hinder election security, experts argue: The U.S. Cybersecurity and Infrastructure Security Agency faces rising criticism from the ...
axios.com/2024/02/20/cisa-election-security-deepfakes
Biden signs order aimed at protecting U.S. ports from cyberattacks: President Joe Biden signed an executive order Wednesday aimed at boosting the Department of ...
nbcnews.com/politics/national-security/biden-sign-order-aimed-protecting-us-ports-cyberattacks-rcna139735
A major Baltimore bridge collapsed after a cargo ship crashed into it: Search and rescue efforts were underway looking for "upwards of seven people" following ...
qz.com/baltimore-francis-scott-key-bridge-collapse-cargo-ship-1851365607
Paid articlePaid
Congressional Dems warn of grim future for US cyber agency under Trump: But the Democratic lawmakers said there’s little they can do to protect the agency ...
politico.com/news/2024/02/12/dems-warn-of-grim-future-cisa-00140787
Chinese-Made Surveillance Cameras At Romanian Military Sites Raise Security Concerns
rferl.org/a/romania-china-cameras-security-concerns/32853039.html
Why health care has become a top target for cybercriminals: Cyberattacks of all sorts have plagued large corporations, small businesses and individuals for ...
bostonherald.com/2024/03/01/why-health-care-has-become-a-top-target-for-cybercriminals/
How China’s Volt Typhoon hackers target US infrastructure: The US government and its primary global intelligence partners, known as the Five Eyes ...
asiatimes.com/2024/03/how-chinas-volt-typhoon-hackers-target-us-infrastructure/
Explainer: what is Volt Typhoon and why is it the ‘defining threat of our generation’?
theguardian.com/technology/2024/feb/13/volt-typhoon-what-is-it-how-does-it-work-chinese-cyber-operation-china-hackers-explainer
Suspected Chinese hackers find new ways to target Ivanti: The Five Eyes alliance warned companies to apply new mitigations to keep attackers out.
axios.com/2024/03/01/ivanti-five-eyes-cyber-warning
US critical infrastructure cyberattack reporting rules inch closer to reality: After all, it's only about keeping the essentials on – no rush
theregister.com/2024/03/28/critical_infrastructure_cyberattack_reporting/
Behind China’s hack of UK’s Electoral Commission: The UK government has accused China of hacking the UK Electoral Commission, gaining access to information about ...
asiatimes.com/2024/03/behind-chinas-hack-of-uks-electoral-commission/
New to NewsWall?
Sign up now to get your own personalized news!
Trending topics