Security researchers have demonstrated a practical attack that can be used to defeat biometric fingerprint checks and log into a target's Android - but not Apple - smartphone. Dubbed "BrutePrint," the brute force attack is inexpensive and practical to deploy at a large scale.
European privacy regulators gave Facebook five months to stop transferring data into the United States and assessed the social media giant a record 1.2-billion-euro fine in a decision that puts pressure on the European Commission to finalize a legal agreement enabling trans-Atlantic data flows.
Researchers have identified two legitimate-looking malicious npm packages that concealed an open-source info stealer for two months before being detected and removed. Developers downloaded the TurkoRat malware about 1,200 times from open-source repositories.
A large-scale phishing-as-a-service operation is shifting tactics to allow attackers to avoid anomaly detection by using localized IP addresses, warns Microsoft. The U.S. Secret Service has reported that BEC incidents cost global enterprises more than $43 billion in losses over a five-year span.
MiCA's consumer protection provisions extend to cybersecurity, with its anti-money laundering, cyberattack liability and travel rule clauses. ISMG contributors Ari Redbord of TRM Labs and Troy Leach of Cloud Security Alliance discuss its impact on cybercrime, compliance challenges and the way ahead.
Taiwan was buffeted during April by a three-day surge in malicious emails that increased to four times the usual amount, a reflection of increased tensions in the Taiwan Strait, say threat analysts. Following the wave, Trellix observed a 15-fold increase in PlugX infections.
New entrants LexisNexis Risk Solutions and F5 joined longtime leaders Experian and IBM atop KuppingerCole's Leadership Compass for fraud reduction intelligence platforms. Leading vendors help users detect bots and have capabilities spanning different sectors from finance to payments to e-commerce.
Apple is patching actively exploited zero-day flaws in its browser rendering engine for mobile devices, and one cybersecurity firm says the vulnerabilities are likely evidence of takeover attacks. Two of the bugs were the subject of Apple's first-ever Rapid Security Response.
In the latest weekly update, four ISMG editors discuss the mounting fallout from the March hack of Capita and accompanying data breach, the comprehensive crypto regulation adopted by the EU, and Crosspoint Capital's agreement to purchase Absolute Software for $657 million.
The Federal Trade Commission's proposed changes to its 14-year-old Health Breach Notification Rule come at a time when some advocates say stronger consumer data privacy protections are needed. But will the FTC potentially face legal challenges to its authority to make these sweeping changes?
The LockBit ransomware group on Tuesday published 1.5 terabytes of data the group says it stole from Bank Syariah Indonesia after ransom negotiations broke down. The group says the records include information of about 15 million customers and employees of the country's largest Islamic bank.
The Federal Trade Commission on Thursday made a few bold moves to ramp up its oversight of data privacy. They include issuing a notice of proposed amendments to its Health Breach Notification Rule and releasing a policy statement warning of heightened scrutiny over the use of biometric information.
In the days between May 11 and May 18, the Uranium Finance hacker laundered more stolen funds, LayerZero launched a $15 million bug bounty program, the European Union adopted comprehensive cryptocurrency legislation, and Ledger faced backlash on its seed phrase recovery solution.
The French data protection authority on Tuesday signaled increased concerns over the privacy impacts of generative artificial intelligence and said issues such as data scraping raise data protection questions. Data scraping by AI companies is a flashpoint in the technology's rollout.