Cyber Security

A Bank of England (BoE) policymaker highlighted the dual nature of artificial intelligence (AI) as both a potential disruptor and a driver of productivity within Britain's economy. Randall Kroszner, a member of the BoE's Financial Policy Committee, emphasized the necessity for regulators to adopt adaptable approaches to rule-making in light of AI's transformative potential. Unlike...

The Bank of Italy issued a stark warning on Wednesday regarding the proliferation of fraudulent video messages circulating online. These messages, facilitated by artificial intelligence (AI) technology, are being used to fabricate statements purportedly from financial authorities and other reputable institutions. Describing the phenomenon as "deepfakes," the central bank elucidated that these deceptive messages are...

BleepingComputer has reported that Canadian pharmacy and retail chain London Drugs fell victim to a ransomware attack orchestrated by the LockBit group last month. The attack prompted the temporary closure of all London Drugs stores across Western Canada. LockBit, a notorious ransomware group, remains active despite recent law enforcement actions, and it has threatened to...

Blackbaud, a software provider based in the Lowcountry, has been ordered by the Federal Trade Commission (FTC) to revamp its security practices after a significant data breach exposed the personal information of millions of consumers. The breach, which occurred in early 2020, went undetected for three months and compromised sensitive data from 13,000 customers,...

The Federal Trade Commission (FTC) has finalized a settlement with Blackbaud, a provider of financial, fundraising, and administrative software, following a 2020 ransomware attack that led to a massive data breach. This settlement requires Blackbaud to implement stringent data security measures and establish a comprehensive data retention schedule. The 2020 ransomware attack on Blackbaud exposed...

In a significant regulatory update, the US Securities and Exchange Commission (SEC) has amended Regulation S-P, mandating financial institutions to disclose security breaches within 30 days of discovery. This change aims to enhance the protection of consumers' personal financial information, reflecting the evolving nature and impact of data breaches. The updated rule affects broker-dealers, investment...

Researchers have identified a significant memory corruption vulnerability in Fluent Bit, a widely used cloud logging utility, potentially affecting major cloud platforms. The vulnerability, discovered by Tenable, has been dubbed "Linguistic Lumberjack" and poses serious risks including denial of service (DoS), data leakage, and remote code execution (RCE). Fluent Bit, an open-source tool for collecting,...

In response to a surge in cyber-attacks on water systems, the Environmental Protection Agency (EPA) is urging municipalities across the United States to bolster their cybersecurity defenses. Recent attacks on small communities in Texas and Pennsylvania, allegedly orchestrated by foreign hackers, have highlighted vulnerabilities in the nation's water infrastructure. An EPA inspection of drinking water...

Frontier Communications Corporation revealed a significant cyber incident occurring on April 14, 2024, causing a notable operational disruption due to unauthorized access to its IT infrastructure. Upon detection, the telecommunications giant promptly activated its cyber incident response protocols, swiftly shutting down select systems to contain the breach. Investigations by the company identified a cybercrime group...

ACTS Retirement Services, a senior living community operator, has reached a settlement agreement in a class action lawsuit stemming from a data breach that occurred in April 2022. The settlement aims to resolve claims that ACTS failed to adequately protect patient and employee information, which was allegedly compromised during the breach. While the company has...

A debilitating cyberattack on Change Healthcare has imposed significant financial strains on the Massachusetts health care system, costing approximately $24 million per day. The Massachusetts Health and Hospital Association (MHA) revealed this staggering figure on Monday, based on input from 12 hospitals and health systems affected by the attack. The cyber incident, which occurred on...

A new cybersecurity threat has emerged as threat actors utilize Facebook messages to distribute a Python-based information stealer known as Snake. Designed to capture credentials and sensitive data, Snake has been implicated in a campaign that transmits harvested credentials to various platforms, including Discord, GitHub, and Telegram. The campaign, first reported on the social media...

IBM has unveiled the IBM X-Force Cyber Range in downtown Washington, D.C., at its offices on 600 14th Street, NW, situated near the White House. The new facility aims to provide comprehensive cyber response training to federal agencies and their suppliers, equipping them with the skills needed to combat artificial cyber attacks and data...

A cyberattack targeting one of the largest healthcare payment systems in the country has entered its third week, causing significant disruptions to patient care and financial operations. On February 21, Change Healthcare, a unit of UnitedHealth Group, fell victim to a cyber intrusion, compromising patients' information and leading to delays in prescriptions and paychecks...

A new malware campaign, dubbed "Spinning YARN" by cloud security company Cado, is targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services. The campaign aims to deliver a cryptocurrency miner and establish persistent remote access through a reverse shell. According to Cado security researcher Matt Muir, threat actors exploit...