Indian Minister for State Rajeev Chandrasekhar addresses the media during a press conference. (Source: Shutterstock)

India May Postpone Enforcement of New Data Protection Law

Jayant Chakravarti • September 21, 2023

Indian government officials say they may delay enforcement of the new Digital Personal Data Protection Act to give small businesses and healthcare organizations more time to comply. A decision on the deadline will come sometime after the appointment of a Data Protection Board in the next 30 days.

Governance & Risk Management

Why Palo Alto Is Eyeing Secure Browser Firm Talon for $600M

Latest

Fraud Management & Cybercrime

Feds Warn About Snatch Ransomware

Prajeet Nair • September 21, 2023

The Snatch ransomware group is targeting a wide range of critical infrastructure sectors, including the defense industrial base, food and agriculture, and information technology sectors, according to a new alert issued by U.S. authorities. The group operates on a ransomware-as-a-service model.

Fraud Management & Cybercrime

Ohio Community College Data Theft Breach Affects Nearly 300K

Marianne Kolbasuk McGee • September 21, 2023

An Ohio community college is notifying 290,000 people of a data theft breach this spring that may have compromised their personal and health information. Security researchers say small schools such as this are now favored targets. Some 80% of schools have reported hacking incidents in the past year.

Cybercrime

Dutch Police Warns Users of Credentials Leak Site

Akshaya Asokan • September 21, 2023

Hundreds of Dutch patrons of a now-defunct credential marketplace received warnings from national police in an attempt to prevent potential crimes using illicitly obtained personal identifiable information. Dutch national police Politie said it had contacted 400 "possible customers" of WeLeakInfo.

Blockchain & Cryptocurrency

Cryptohack Roundup: Private Key Compromise Led to CoinEx Hit

Mihir Bagwe • September 21, 2023

This week, hackers stole $70 million from CoinEx, FTX resumed online claims, Balancer suffered a breach, Celsius creditors are targets of phishing, nearly $900,000 was stolen from Mark Cuban's hot wallet, Malta prepares for crypto regulation and Hong Kong cracked down on illicit crypto exchanges.

Cybercrime

Breach Roundup: Effects of ISP Ransomware Attack in Colombia

Anviksha More • September 21, 2023

This week, Colombia grappled with the aftermath of a ransomware attack against IFX Networks, Clorox suffered product shortages, a glitch allowed T-Mobile users to access other users' data, California passed restrictions for data brokers and Finland seized a dark web marketplace.

Cyberwarfare / Nation-State Attacks

Canada Confirms DDoS Attack Disrupted Airport Arrival Kiosks

Mathew J. Schwartz • September 21, 2023

A recent, brief disruption at Canadian airports is a reminder that Russia-aligned hacking groups' bark remains worse than their bite. Experts say these groups' impact largely remains minimal, which begs the question of how they disrupted arrival kiosks across Canadian airports.

Cloud Security

Journey to the Cloud: Navigating the Transformation - Part 3

CyberEdBoard • September 21, 2023

In Part 3 of this three-part blog post, Nikko Asset Management's Marcus Rameke discusses why opting for SaaS or PaaS over IaaS is a sensible decision for most businesses, why cloud solutions are preferable to on-premises HCI, and how to achieve environmental sustainability.

Encryption & Key Management

UK Parliament Approves Online Safety Bill

Akshaya Asokan • September 20, 2023

A day after the British Parliament approved a bill intended to eradicate child abuse content, cabinet officials called on social media giant Meta to halt a rollout of end-to-end encryption. Meta hasn't provided assurances that it will safeguard users, charged Home Secretary Suella Braverman.

Cybercrime

Financially Motivated Hacks by Chinese-Speaking Actors Surge

Prajeet Nair • September 20, 2023

Chinese-speaking hackers associated with criminal activity have redoubled efforts to target compatriots with malware to remotely control victim computers, pointing to a worrying surge in financially driven activity in the Sino cyber underworld, say researchers at Proofpoint.

Cybercrime

Feds Warn Health Sector of Lazarus Group Attacks

Marianne Kolbasuk McGee • September 20, 2023

Federal authorities are warning of "significant risk" for potential attacks on healthcare and public health sector entities by the North Korean state-sponsored Lazarus Group involving exploitation of a critical vulnerability in 24 Zoho ManageEngine products.

Critical Infrastructure Security

Microsoft: China Group Hacking Asian Telecom Phone Records

Jayant Chakravarti • September 20, 2023

Microsoft said Chinese state-affiliated groups have stepped up cyberattacks in 2023 against countries in the South China Sea region - even hacking telecom firms to steal call records for cyberespionage. The most active group, Raspberry Typhoon, targets governments, militaries and infrastructure.

Artificial Intelligence & Machine Learning

Don't Let AI Frenzy Lead to Overlooking Security Risks

Akshaya Asokan • September 20, 2023

The private sector's frenzy to incorporate generative AI into products is leading companies to overlook basic security practices, a Google executive warned Tuesday. "Most people are still struggling with the basics," said John Stone, whose title at Google Cloud is "chaos coordinator."