Latest from Carly Page
Malicious hackers have begun mass-exploiting two critical zero-day vulnerabilities in Ivanti’s widely used corporate VPN appliance. That’s according to cybersecurity company Volexity, which first reported last week that China state-backed…
Framework says hackers accessed customer data after phishing attack on accounting partner
U.S. repairable laptop maker Framework has confirmed that hackers accessed customer data after successfully phishing an employee at its accounting service provider. In an email sent to affected customers, Framework…
U.S. software giant Ivanti has confirmed that hackers are exploiting two critical-rated vulnerabilities affecting its widely-used corporate VPN appliance, but said that patches won’t be available until the end of…
Texas-based care provider HMG Healthcare has confirmed that hackers accessed the personal data of residents and employees, but says it has been unable to determine what types of data were…
FTC bans X-Mode from selling phone location data, and orders firm to delete collected data
The U.S. Federal Trade Commission has banned the data broker X-Mode Social from sharing or selling users’ sensitive location data, the federal regulator said Tuesday. The first of its kind…
Despite a rise in cyberattacks and breaches, the cybersecurity industry is by no means exempt from the uncertainty inspired by the current economy. 2023 will likely be remembered as the…
Featured Article
Here we go again: 2023’s badly handled data breaches
Last year, we compiled a list of 2022’s most poorly handled data breaches, looking back at the bad behavior of corporate giants when faced with hacks and breaches. That included everything from downplaying the real-world impact of spills of personal information to failing to answer basic questions. Turns out this…
Featured Article
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023
This year, 2023, was a hell of a year for data breaches, much like the year before it (and the year before that, etc.). Over the past 12 months, we’ve seen hackers ramp up their exploitation of bugs in popular file-transfer tools to compromise thousands of organizations, ransomware gangs adopt…
Featured Article
These are the cybersecurity stories we were jealous of in 2023
Back in 2018, my former colleague at VICE Motherboard Joseph Cox and I started publishing a list of the best cybersecurity stories that were published elsewhere. It wasn’t just a way to tip our hats at our friendly competitors; by pointing to other publications’ stories, we were giving our readers…
An international group of law enforcement agencies has seized the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat. “The Federal Bureau of Investigation seized…
Comcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers. This vulnerability, known as “CitrixBleed,” is found in Citrix networking…
Vans, Supreme owner VF Corp. says personal data stolen and orders impacted in suspected ransomware attack
VF Corporation, the U.S.-based owner of apparel brands including Vans, Supreme and The North Face, has confirmed a cyberattack has impacted the company’s ability to fulfill orders ahead of Christmas,…
Featured Article
Why extortion is the new ransomware threat
Cybercriminals are becoming more aggressive in their effort to maximize disruption and compel the payment of ransom demands, and now there’s a new extortion tactic in play. In early November, the notorious ALPHV ransomware gang, also known as BlackCat, attempted a first-of-its-kind extortion tactic: weaponizing the U.S. government’s new data…
Database management giant MongoDB says it’s investigating a security incident that has resulted in the exposure of some information about customers. The New York-based MongoDB helps more than 46,000 companies,…
Featured Article
As the SEC’s new data breach disclosure rules take effect, here’s what you need to know
Starting from today, December 18, publicly owned companies operating in the U.S. must comply with a new set of rules requiring them to disclose “material” cyber incidents within 96 hours. The regulation represents a significant shake-up for organizations, many of which have argued that the new rules open them up…
Microsoft disrupts cybercrime operation selling fraudulent accounts to notorious hacking gang
Microsoft says it has successfully dismantled the infrastructure of a cybercrime operation that sold access to fraudulent Outlook accounts to other hackers, including the notorious Scattered Spider gang. The group,…
Ukraine’s largest telecommunications operator Kyivstar says it has been hit by a “powerful” cyberattack that has disrupted phone and internet services for millions of people across the country. In a…
US healthcare giant Norton says hackers stole millions of patients’ data during ransomware attack
Kentucky-based nonprofit healthcare system Norton Healthcare has confirmed that hackers accessed the personal data of millions of patients and employees during an earlier ransomware attack. Norton operates more than 40…
Featured Article
Ex-Uber CSO Joe Sullivan on why he ‘had to get over’ shock of data breach conviction
Before joining Uber as chief security officer in 2015, Joe Sullivan served for two years as a federal prosecutor with the United States Department of Justice, where he specialized in computer hacking and IP issues. He worked on a number of high-profile cases, from the first case in the U.S.…
US indicts alleged Russian hackers for years-long cyber espionage campaign against Western countries
U.S. authorities have indicted two hackers linked to Russia’s Federal Security Service (FSB) for allegedly carrying out a years-long cyber espionage campaign targeting government officials. The Department of Justice alleged…
A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps. The vulnerability, dubbed “AutoSpill,” can expose users’…
Featured Article
Millions of patient scans and health records spilling online thanks to decades-old protocol bug
Thousands of exposed servers are spilling the medical records and personal health information of millions of patients due to security weaknesses in a decades-old industry standard designed for storing and sharing medical images, researchers have warned. This standard, known as Digital Imaging and Communications in Medicine, or DICOM for short,…
British Library confirms customer data was stolen by hackers, with outage expected to last ‘months’
The British Library has told customers that their personal data may have been stolen during a recent ransomware attack that knocked the library’s systems and website offline for the past…
U.S. access and identity management giant Okta says hackers stole data about all of its customers during a recent breach of its support systems, despite previously stating that only a…
Europol and its international law enforcement partners have arrested five individuals who authorities accuse of involvement in a string of ransomware attacks affecting more than 1,800 victims worldwide. The arrested…
CTS, a U.K.-based provider of managed IT services for law firms and the professional services industry, is experiencing a cybersecurity incident that is causing ongoing widespread disruption across the legal…
North Korean state-backed hackers are distributing a malicious version of a legitimate application developed by CyberLink, a Taiwanese software maker, to target downstream customers. Microsoft’s Threat Intelligence team said on…
The British Library, the national library of the United Kingdom and one of the world’s largest libraries, has confirmed that a ransomware attack led to the theft of internal data.…
Hackers accessed the personal data of more than 8 million people by exploiting a security vulnerability in a file transfer tool used by Welltok, the healthcare platform owned by Virgin…
Featured Article
Healthcare startups scramble to assess fallout after Postmeds data breach hits millions of patients
More than 2 million people across the United States will receive notice that their personal and sensitive health information was stolen earlier this year during a cyberattack at Postmeds, the parent company of online pharmacy startup Truepill. For some of those affected, it’s the first they’re hearing of Postmeds, let…