The ransomware attack and subsequent month-long network outage at CommonSpirit Health in October cost the major health system at least $150 million to date, according to its unaudited quarterly financial report.

A hacker has landed a very shiny prize at the end of the cyber rainbow: the Transportation Security Administration’s no-fly list, as first reported by the Daily Dot.

Cybersecurity firm NCC Group has shared details on two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months.

Decentralized multi-chain crypto wallet BitKeep on Wednesday confirmed a cyberattack that allowed threat actors to distribute fraudulent versions of its Android app with the goal of stealing users' digital currencies.

December 13, 2022 - InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.

Former Uber security chief Joe Sullivan’s conviction is a rare criminal consequence for an executive’s handling of a hack.

A bug in the message encryption mechanism used by Microsoft in Office 365 can allow to access the contents of the messages.

Ad injection and other "man-in-the-middle" techniques will have a tougher time installing themselves onto PCs.

44 per cent of Internet users admit having shared their passwords or stored them in visible places.

Frankly, I'm surprised. Is it the revelation that Juniper had "unauthorized code" in their Netscreen product? Is it that a third party could reportedly remotely access these systems? Is it that VPN traffic could be decrypted?

I'm seeing in the news today that a subset of Twitter users have been receiving notifications that they may well be the targets of surveillance by nation state actors. Step one, let's all take a deep breath.

Cybersecurity funding in corporate environments has always been a source of anxiety for those who seek to keep organizations safe. When we examine the cybersecurity readiness of many state, local, and territorial governments, this funding struggle is taken to new heights of scarcity.

A vital part of the Commodity Futures Trading Commission’s Data Protection Initiative has been completed, CFTC Commissioner Dawn Stump announced this week.

Cryptographic key reuse is rampart in European payment terminals, allowing attackers to compromise them en masse.

Security firm Zscaler discovered a malicious campaign based on a new strain of the Spy Banker banking malware.

FireEye says it has discovered a type of malware designed to steal payment card data that can be very difficult to detect and remove.
The cybercriminal group behind the malware, which FireEye nicknamed "FIN1," is suspected of being in Russia and has been known to target financial institutions.

The malware, which FIN1 calls Nemesis, infected an organization that processes financial transactions, which FireEye did not identify.

A criminal named Hacker Buba after asking UAE bank for $3 million ransom started leaking customer data online.