Is the UK government’s new IoT cybersecurity bill fit for purpose?

Internet of Things (IoT) devices — essentially, electronics like fitness trackers and smart lightbulbs that connect to the internet — are now part of everyday life for most. However, cybersecurity remains a problem, and according to Kaspersky, it’s only getting worse: there were 1.5 billion breaches of IoT devices during the first six months of […]

Facebook is making two-factor mandatory for high-risk accounts

Facebook, a recently added subsidiary of Meta, said it will make two-factor authentication (2FA) mandatory for high-risk accounts likely to be targeted by malicious hackers. The move is part of a major expansion of Facebook Protect, the social networking giant’s enhanced security program that’s intended to protect the accounts of people who may be at […]

Soveren launches from stealth with $6.5M seed funding to automate GDPR compliance

Soveren, a London-based startup that automates the detection of privacy risks to help organizations comply with GDPR and CCPA, has launched out of stealth with $6.5 million in seed funding. The company analyzes real-time data flows inside an organizations’ infrastructure to discover personal data and detect privacy risks to make it easier for CTOs and […]

US education software company exposed personal data of 1.2M students

SmarterSelect, a U.S.-based company that provides software for managing the application process for scholarships, exposed the personal data of thousands of applicants because of a misconfigured Google Cloud Storage bucket. The data spill, discovered by cybersecurity company UpGuard, contained 1.5 terabytes of data collected by a number of programs that offer financial support to students. […]

US banks must soon report significant cybersecurity incidents within 36 hours

U.S. financial regulators have approved a new rule that requires banking organizations to report any “significant” cybersecurity incident within 36 hours of discovery.  Under the rule, banks must inform their primary federal regulator about incidents that have — or are reasonably likely to materially affect — the viability of their operations, their ability to deliver […]

US says Iran-backed hackers are now targeting organizations with ransomware

The U.S. government, along with counterparts in Australia and the U.K, have warned that Iranian state-backed hackers are targeting U.S. organizations in critical infrastructure sectors — in some cases with ransomware. The rare warning linking Iran with ransomware landed in a joint advisory Wednesday, issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal […]

Cloudflare blocked a massive 2 Tbps DDoS attack

Cloudflare says it has blocked a distributed denial-of-service (DDoS) attack that peaked at just under 2 Tbps, making it one of the largest ever recorded. The internet company said in a blog post that the attack was launched from approximately 15,000 bots running a variant of the original Mirai code on exploited Internet of Things […]

US charges Kaseya hacker and seizes $6M from REvil ransomware gang

The U.S. Department of Justice (DOJ) has charged a 22-year-old Ukrainian citizen linked to the REvil ransomware gang for orchestrating the July ransomware attack against U.S. technology firm Kaseya. It has also seized more than $6 million in ransom tied to another member of the notorious ransomware group. During a news conference on Monday, U.S. […]

CISA, NSA, FBI say BlackMatter ransomware group is targeting the US food industry

A joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) has warned that the BlackMatter ransomware group has targeted “multiple” organizations deemed critical infrastructure, including two organizations in the U.S. food and agriculture sector. The agencies did not name did not name […]

F12 isn’t hacking: Missouri governor threatens to prosecute local journalist for finding exposed state data

Missouri governor Mike Parson is facing a monumental backlash after threatening to prosecute a journalist for responsibly reporting a serious security lapse in the state’s website. Earlier this week, St. Louis Post-Dispatch journalist Josh Renaud reported that the website for the state’s Department of Elementary and Secondary Education (DESE) was exposing over 100,000 teachers’ Social Security […]