A periodic stress test assessment of U.K. insurers by the Bank of England found underwriters mostly withstood extreme cyber events. Still, underwriters may not be operating from the same set of assumptions when it comes to the likelihood of having to manage an actual extreme cyber event.
The FBI penetrated the network of the Hive ransomware group, which has a history of attacking hospitals. A multinational operation seized the ransomware-as-a-service group's leak site and two servers located in Los Angeles. U.S. law enforcement said an investigation is ongoing.
T-Mobile disclosed Thursday that hackers had access for approximately six weeks to an application programming interface that exposed customer data including names, birthdates and email addresses. No payment information or passwords were part of the breach, the company said.
PayPal is notifying 34,942 Americans that a hacker accessed their personal information during a two-day credential stuffing attack in early December. The San Jose, California-based company says it has not detected unauthorized transactions emanating from affected accounts.
An international sting operation on Tuesday shut down the operations of cryptocurrency exchange Bitzlato Ltd. as FBI agents hauled co-founder Anatoly Legkodymov into a Miami jail to face U.S. federal charges of conducting an unlicensed money-transmitting business.
An Ohio software developer that attempted to use business insurance to pay for a 2019 ransomware attack was stymied by the Ohio Supreme Court. The justices unanimously decided for Owners Insurance Company against greater Dayton-based EMOI, writing that the developer didn’t experience physical loss.
A member of a criminal data breach forum says he's selling email addresses and phone numbers of 400 million Twitter users. If verified, the data breach would be a further blow to Twitter and its beleaguered chief executive as regulators increase pressure over the firm's security practices.
Ukrainian President Volodymyr Zelenskyy made a historic visit to Washington in a bid to shore up support during a critical moment. Behind the scenes, U.S. assistance includes strengthening Ukrainian cyber resiliency. Russian cyber operations remain a threat.
Chris Inglis intends to step down as head of the Office of the National Cyber Director inside the White House after President Joe Biden approves a new national cybersecurity strategy for critical infrastructure. The strategy will recommend a regulatory approach, a former congressional staffer says.
Security researchers at Palo Alto Networks say they identified an attempted hack on a large petroleum refining company based inside a NATO member that came from a threat actor known as Gamaredon and Trident Ursa. The Ukrainian government traces the group to a Russian FSB.
Epic Games, maker of Fortnite, will pay $520 million to the U.S. government to settle allegations it violated children's privacy and charged credit cards without authorization. Epic said its previous practices adhered to "long-standing industry practices" but that "the old status quo" has changed.
Assets kept behind air-gapped networks should be inaccessible, but researchers from Pentera describe how hackers use the DNS protocol as a command-and-control channel. To be truly safe, companies should isolate the DNS server used for air-gapped networks and filter traffic for anomalies.
Ride-hailing app maker Uber says a data breach at a third party is responsible for the appearance on a hacking forum of internal data. The data is unrelated to the September incident Uber experienced after a hacker affiliated with Lapsus$ penetrated the company network, an Uber spokesperson says.
A human resources outsourcing firm reportedly underwent a data breach from its own outsourced cloud computing storage provider. The company, San Francisco-based Sequoia One, did not respond to multiple requests for comment from Information Security Media Group.
Smartphone giant Apple says that starting later this year, users can enable end-to-end encryption of iPhone backups stored in the company's commercial cloud. Apple took pains to frame its announcement in the context of cloud computing data breaches.