A Russian domestic intelligence agency hacking group known for long-lasting logon credential phishing campaigns against Western targets is now deploying malware embedded into PDFs, say security researchers from Google. "Coldriver" is using a family of backdoors Google dubs Spica.
A federal judge said he is inclined to let proceed a putative class action lawsuit against Meta over its gathering of data from medical center patient portals through a web activity tracking tool. U.S. District Judge William Orrick for the District of Northern California heard arguments.
The U.S. Cybersecurity and Infrastructure Security Agency is warning critical infrastructure owners and operators about the dangers associated with the increasing reliance on Chinese unmanned aircraft systems, warning their use in CI sectors "risks exposing sensitive information to PRC authorities."
OpenAI said it is taking steps to prevent use of its models in online influence operations throughout the 2024 election season, amid growing concerns about election security and increasing fears that political deepfakes and AI-generated election misinformation could significantly disrupt democracy.
IT infrastructure mainstays including NetScaler, Atlassian and VMware on Tuesday released fixes for vulnerabilities including some allowing malicious takeover of appliances. NetScaler warned customers Tuesday of two zero-day vulnerabilities that researchers say are being exploited in the wild.
Google released an urgent fix for the first zero-day vulnerability of the year in its Chrome web browser, warning the bug is under active exploitation. Google blamed an out-of-bounds memory access flaw in its V8 JavaScript rendering engine. It also affects Microsoft Edge browser.
It's last call for Drizly, the alcohol delivery service Uber bought for $1.1 billion in 2021. Whether or not Drizly's past cybersecurity missteps - leading to a two-decade consent agreement with regulators - played any part in its being retired by Uber remains unclear.
The British data regulator is set to analyze the privacy implications of processing scraped data used for training generative artificial intelligence algorithms. The Information Commissioner's Office is soliciting comments from AI developers, legal experts and other industry stakeholders.
Mimecast, the cloud security firm specializing in email and cyber resilience, has appointed a new CEO after co-founder Peter Bauer served in the chief executive role since the company's inception in 2003. The leadership transition comes less than two years after the company went private.
Federal agencies are making significant headway in achieving a series of critical cybersecurity milestones included in a sweeping executive order on artificial intelligence the president signed in October 2023, according to White House Special Advisor for AI Ben Buchanan.
A North Carolina healthcare system has agreed to pay $6.6 million to settle a consolidated class action lawsuit involving its use of tracking tools in its websites and patient portals. The suit alleges the website trackers sent sensitive patient information to third parties without their consent.
Digital money is energizing Southeast Asian organized crime as a method for money laundering and as a way of reaping new revenue, warn experts who say that tether plays a heavy role in the rapidly evolving state of law-breaking in Myanmar, Thailand and elsewhere.
Cryptocurrency phishing scams designed to send crypto owners to fake versions of legitimate sites, recently disseminated via hijacked high-profile social media accounts, highlight the ongoing use of drainer scam-as-a-service offerings, which researchers say last year led to $295 million in losses.
Estimates of the number of devices affected by a duo of zero-days in a popular corporate VPN made by software developer Ivanti have skyrocketed from fewer than 10 to over 1,700. The flaws affect the firm's Connect Secure VPN appliance, formerly known as Pulse Secure, and Ivanti Policy Secure.
Robert Blumofe, executive vice president and CTO at Akamai, expects social engineering, phishing, extortion and AI-driven attacks to dominate the threat landscape. He advised enterprises to use FIDO2-based MFA, zero trust, microsegmentation and API security to reduce risks.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.