According to a new CybSafe analysis of data from the UK Information Commissioner's Office (ICO), human error was responsible for 80 percent of data breaches reported in 2021. Last year, the ICO received 2,692 reports, 80 percent of which could be…

The Strengthening Cybersecurity for Medical Devices Act would require the US Food and Drug Administration (FDA) to review and update its medical device security guidelines more frequently. Senators Jacky Rosen (D-NV) and Todd Young (R-IN) introduced the…

Security researchers at Check Point have uncovered a major new state-backed spear-phishing operation targeting multiple high-ranking Israeli and US officials.  The researchers traced the campaign to the Iranian Phosphorus APT group.  Dating…

An examination of leaked Conti ransomware gang chats revealed that the cybercrime group was planning firmware attacks against the Intel Management Engine (ME). There are several implementations of the firmware, including the Intel Manageability Engine (…

Recently the operator of an infamous service that allowed users to launch distributed denial-of-service (DDoS) attacks was sentenced to 24 months in prison. Matthew Gatrel, 33, of St. Charles, Illinois, was convicted in September 2021 on three counts of…

A leading US healthcare provider, Kaiser Permanente, has warned that as many as 70,000 individuals may have had personally identifiable information (PII) stolen by a malicious third party.  A data breach notice sent to customers earlier this month…

Researchers with Palo Alto Networks Unit 42 report a rise in the activity of the Hello XD ransomware, whose operators are now using an updated sample with stronger encryption. The Hello XD ransomware family, which was first observed in November 2021, was…

The Drupal security team has recently released an advisory to call attention to serious vulnerabilities in a third-party library and warned that hackers can exploit the bugs to hijack Drupal-powered websites remotely.  The security team stated that…

Lyceum, an Iranian Advanced Persistent Threat (APT) group, has switched to deploying a new custom .NET-based backdoor in recent attacks targeting the Middle East. According to Avinash Kumar and Niraj Shivtarkar of Zscaler ThreatLabz, the .NET-based DNS…

Security researchers at Microsoft discovered a recently patched Confluence Server vulnerability is being exploited by multiple cybercrime and state-sponsored threat groups. The security hole, tracked as CVE-2022-26134, can be exploited by an…

Researchers uncovered a Denial-of-Service (DoS) vulnerability in Envoy Proxy that allows attackers to crash the proxy server. According to JFrog Security Research, which revealed the vulnerability, this could result in performance degradation or the…

Gallium, a Chinese Advanced Persistent Threat (APT) group, has been spotted deploying a previously unknown Remote Access Trojan (RAT) in its espionage attacks targeting companies in Southeast Asia, Europe, and Africa. According to new research published…