The ransomware attack against Colonial Pipeline, which has disrupted the flow of gasoline and other petroleum products throughout the eastern U.S. since Friday, is prompting members of Congress to call for new cybersecurity regulations and ask probing questions about regulators' scrutiny of security measures.
After a ransomware incident, Colonial Pipeline Co. has restored smaller pipelines that ship fuels to the U.S. East Coast, but its larger ones are still offline as it assesses safety. Citing U.S. officials, The Associated Press reports the company was infected by the DarkSide ransomware group.
The latest edition of the ISMG Security Report features an analysis of whether courts can trust evidence collected by Cellebrite's mobile device forensic tools. Also featured: Report shows attackers' dwell times plummeting; a call for partnership with law enforcement.
SmileDirectClub, which sells teeth-straightening appliances, expects that a recent cyberattack, which disrupted the manufacturing of its products, will take a $10 million to $15 million bite out of its second-quarter revenue.
The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that federal agencies and other entities have been compromised by two attack groups, with one possibly acting on behalf of the Chinese government. The groups are exploiting vulnerabilities in Ivanti's Pulse Connect Secure.
U.S. insurance giant Geico says fraudsters stole driver's license numbers from its website after they supplied personal information that they had acquired elsewhere. The driver's license numbers are believed to have been used to fraudulently apply for unemployment benefits, the insurer says.
About 70 major health data breaches have been added to the federal tally in the last four weeks as ransomware attacks have persisted and breaches at vendors have affected clients.
The University of Hertfordshire has sustained a cyber incident that severely affected students' online classes and an assignment submission portal. The university, however, notes the incident did not lead to data theft.
Four editors at Information Security Media Group discuss important cybersecurity issues, including Facebook’s latest data leak and how adversaries continue to innovate and evolve.
The American Bankers Association and three other banking groups have voiced objections to provisions in a proposed federal cyber incident notification regulation. For example, they say the definition of a reportable "computer security incident" is too broad and would result in the reporting of insignificant events.
The SolarWinds supply chain attack that led to follow-on attacks on nine government agencies and 100 companies points to the need for a federal law requiring prompt breach notification, several senators said at a Wednesday hearing.
A recent cyberattack on a Washington-based health plan, which the company believes was carried out by a foreign cybercrime group, is the latest in a series of hacking incidents targeting health insurers.
Criminals love to amass and sell vast quantities of user data, but not all data leaks necessarily pose a risk to users. Even so, the ease with which would-be attackers can amass user data is a reminder to organizations to lock down inappropriate access as much as possible.
Facebook has been attempting to dismiss the appearance of a massive trove of user data by claiming it wasn't hacked, but scraped. No matter how the theft is characterized, 533 million users have just learned that their nonpublic profile details were stolen and sold to fraudsters.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.