Latest from Carly Page
Security
State-backed hackers are exploiting new Ivanti VPN zero-days — but no patches yet
7:17 am PST • January 11, 2024
U.S. software giant Ivanti has confirmed that hackers are exploiting two critical-rated vulnerabilities affecting its widely-used corporate VPN appliance, but said that patches won’t be available until the end of…
Security
Texas-based care provider HMG Healthcare says hackers stole unencrypted patient data
8:10 am PST • January 10, 2024
Texas-based care provider HMG Healthcare has confirmed that hackers accessed the personal data of residents and employees, but says it has been unable to determine what types of data were…
Security
FTC bans X-Mode from selling phone location data, and orders firm to delete collected data
10:35 am PST • January 9, 2024
The U.S. Federal Trade Commission has banned the data broker X-Mode Social from sharing or selling users’ sensitive location data, the federal regulator said Tuesday. The first of its kind…
Despite a rise in cyberattacks and breaches, the cybersecurity industry is by no means exempt from the uncertainty inspired by the current economy. 2023 will likely be remembered as the…
Featured Article
Here we go again: 2023’s badly handled data breaches
Last year, we compiled a list of 2022’s most poorly handled data breaches, looking back at the bad behavior of corporate giants when faced with hacks and breaches. That included everything from downplaying the real-world impact of spills of personal information to failing to answer basic questions. Turns out this…
4:05 am PST • December 29, 2023
Featured Article
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023
This year, 2023, was a hell of a year for data breaches, much like the year before it (and the year before that, etc.). Over the past 12 months, we’ve seen hackers ramp up their exploitation of bugs in popular file-transfer tools to compromise thousands of organizations, ransomware gangs adopt…
4:05 am PST • December 27, 2023
Featured Article
These are the cybersecurity stories we were jealous of in 2023
Back in 2018, my former colleague at VICE Motherboard Joseph Cox and I started publishing a list of the best cybersecurity stories that were published elsewhere. It wasn’t just a way to tip our hats at our friendly competitors; by pointing to other publications’ stories, we were giving our readers…
4:00 am PST • December 22, 2023
Security
Authorities claim seizure of notorious ALPHV ransomware gang’s dark web leak site
5:05 am PST • December 19, 2023
An international group of law enforcement agencies has seized the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat. “The Federal Bureau of Investigation seized…
Security
Comcast says hackers stole data of close to 36 million Xfinity customers
4:45 am PST • December 19, 2023
Comcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers. This vulnerability, known as “CitrixBleed,” is found in Citrix networking…
Security
Vans, Supreme owner VF Corp. says personal data stolen and orders impacted in suspected ransomware attack
9:50 am PST • December 18, 2023
VF Corporation, the U.S.-based owner of apparel brands including Vans, Supreme and The North Face, has confirmed a cyberattack has impacted the company’s ability to fulfill orders ahead of Christmas,…
Featured Article
Why extortion is the new ransomware threat
Cybercriminals are becoming more aggressive in their effort to maximize disruption and compel the payment of ransom demands, and now there’s a new extortion tactic in play. In early November, the notorious ALPHV ransomware gang, also known as BlackCat, attempted a first-of-its-kind extortion tactic: weaponizing the U.S. government’s new data…
9:00 am PST • December 18, 2023
Security
MongoDB investigating security incident that exposed data about customer accounts
5:45 am PST • December 18, 2023
Database management giant MongoDB says it’s investigating a security incident that has resulted in the exposure of some information about customers. The New York-based MongoDB helps more than 46,000 companies,…
Featured Article
As the SEC’s new data breach disclosure rules take effect, here’s what you need to know
Starting from today, December 18, publicly owned companies operating in the U.S. must comply with a new set of rules requiring them to disclose “material” cyber incidents within 96 hours. The regulation represents a significant shake-up for organizations, many of which have argued that the new rules open them up…
5:05 am PST • December 18, 2023
Security
Microsoft disrupts cybercrime operation selling fraudulent accounts to notorious hacking gang
4:52 am PST • December 14, 2023
Microsoft says it has successfully dismantled the infrastructure of a cybercrime operation that sold access to fraudulent Outlook accounts to other hackers, including the notorious Scattered Spider gang. The group,…
Security
Ukraine’s largest mobile operator Kyivstar downed by ‘powerful’ cyberattack
9:00 am PST • December 12, 2023
Ukraine’s largest telecommunications operator Kyivstar says it has been hit by a “powerful” cyberattack that has disrupted phone and internet services for millions of people across the country. In a…
Security
US healthcare giant Norton says hackers stole millions of patients’ data during ransomware attack
6:10 am PST • December 11, 2023
Kentucky-based nonprofit healthcare system Norton Healthcare has confirmed that hackers accessed the personal data of millions of patients and employees during an earlier ransomware attack. Norton operates more than 40…
Featured Article
Ex-Uber CSO Joe Sullivan on why he ‘had to get over’ shock of data breach conviction
Before joining Uber as chief security officer in 2015, Joe Sullivan served for two years as a federal prosecutor with the United States Department of Justice, where he specialized in computer hacking and IP issues. He worked on a number of high-profile cases, from the first case in the U.S.…
7:07 am PST • December 8, 2023
Security
US indicts alleged Russian hackers for years-long cyber espionage campaign against Western countries
10:03 am PST • December 7, 2023
U.S. authorities have indicted two hackers linked to Russia’s Federal Security Service (FSB) for allegedly carrying out a years-long cyber espionage campaign targeting government officials. The Department of Justice alleged…
Security
Your mobile password manager might be exposing your credentials
11:50 am PST • December 6, 2023
A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps. The vulnerability, dubbed “AutoSpill,” can expose users’…
Featured Article
Millions of patient scans and health records spilling online thanks to decades-old protocol bug
Thousands of exposed servers are spilling the medical records and personal health information of millions of patients due to security weaknesses in a decades-old industry standard designed for storing and sharing medical images, researchers have warned. This standard, known as Digital Imaging and Communications in Medicine, or DICOM for short,…
7:05 am PST • December 6, 2023
Security
British Library confirms customer data was stolen by hackers, with outage expected to last ‘months’
7:05 am PST • November 29, 2023
The British Library has told customers that their personal data may have been stolen during a recent ransomware attack that knocked the library’s systems and website offline for the past…
Security
Okta admits hackers accessed data on all customers during recent breach
5:45 am PST • November 29, 2023
U.S. access and identity management giant Okta says hackers stole data about all of its customers during a recent breach of its support systems, despite previously stating that only a…
Security
Europol arrest hackers allegedly behind string of ransomware attacks
6:45 am PST • November 28, 2023
Europol and its international law enforcement partners have arrested five individuals who authorities accuse of involvement in a string of ransomware attacks affecting more than 1,800 victims worldwide. The arrested…
Security
Cyberattack on legal tech provider causing widespread disruption to UK law firms
9:20 am PST • November 27, 2023
CTS, a U.K.-based provider of managed IT services for law firms and the professional services industry, is experiencing a cybersecurity incident that is causing ongoing widespread disruption across the legal…
Security
North Korea-backed hackers target CyberLink users in supply-chain attack
11:18 am PST • November 22, 2023
North Korean state-backed hackers are distributing a malicious version of a legitimate application developed by CyberLink, a Taiwanese software maker, to target downstream customers. Microsoft’s Threat Intelligence team said on…
Security
British Library confirms data stolen during ransomware attack
8:15 am PST • November 20, 2023
The British Library, the national library of the United Kingdom and one of the world’s largest libraries, has confirmed that a ransomware attack led to the theft of internal data.…
Security
Hackers accessed sensitive health data of more than 8 million Welltok patients
6:05 am PST • November 20, 2023
Hackers accessed the personal data of more than 8 million people by exploiting a security vulnerability in a file transfer tool used by Welltok, the healthcare platform owned by Virgin…
Featured Article
Healthcare startups scramble to assess fallout after Postmeds data breach hits millions of patients
More than 2 million people across the United States will receive notice that their personal and sensitive health information was stolen earlier this year during a cyberattack at Postmeds, the parent company of online pharmacy startup Truepill. For some of those affected, it’s the first they’re hearing of Postmeds, let…
6:00 am PST • November 18, 2023
Security
Samsung says hackers accessed customer data during year-long breach
6:05 am PST • November 16, 2023
Samsung has admitted that hackers accessed the personal data of U.K.-based customers during a year-long breach of its systems. In a statement to TechCrunch, Samsung spokesperson Chelsea Simpson, representing the…
Security
Digital pharmacy startup Truepill says hackers accessed sensitive data of 2.3 million patients
6:00 am PST • November 15, 2023
Truepill, a digital health startup that provides pharmacy fulfillment services for healthcare organizations, has confirmed that hackers accessed the personal data of more than 2.3 million patients. In a data…
