LATEST POST
FBI FLASH: Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion
The FBI has issued an alert, FLASH-20250912-001. Summary The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber activities by cyber criminal groups UNC6040 and UNC6395, responsible for a rising number of data theft and extortion intrusions. Both groups have recently been observed targeting […]
Sen. Wyden seeks FTC probe into Microsoft over Ascension cyberattack
Becker’s Health IT reports: U.S. Sen. Ron Wyden is urging the Federal Trade Commission to investigate Microsoft, saying weak security practices at the tech company helped enable a 2024 ransomware attack on St. Louis-based Ascension hospitals, Bloomberg reported Sept. 10. In a letter sent Sept. 10 to FTC Chairman Andrew Ferguson, Sen. Wyden accused Microsoft of “gross […]
HHS Releases Updated Security Risk Assessment Tool
From HHS OCR:
Department of War Announces the Final Defense Federal Acquisition Regulation Supplement Rule Implementing the Cybersecurity Maturity Model Certification Program
From the U.S. Department of Defense, now called the Department of War: On September 9, the Department of War (DoW) released the final Defense Federal Acquisition Regulation Supplement (DFARS) rule implementing the Cybersecurity Maturity Model Certification (CMMC) Program as described at 32 CFR 170.3 for public inspection in the Federal Register. The final rule will […]
Brazil lesbian dating app shuts down after security flaw exposes sensitive user data
The Record reports: A Brazilian dating app marketed as a safe space for lesbian women shut down this week after several users uncovered a flaw that reportedly could expose sensitive data, including identity verification photos. Sapphos, which launched in early September, required users to verify their identity by submitting a selfie holding a government-issued ID. But on […]
Trump Cuts Imperil Private Sector Cybersecurity Cooperation
From Bloomberg Law: Companies are facing the risk that they will be left alone to fend off cyber attacks. Even as authorities warn of relentless cyber threats, a key tool companies use to safely share information with other businesses and the government is set to expire. Meanwhile, the Cybersecurity and Infrastructure Security Agency, the federal body […]
18 Popular Code Packages Hacked, Rigged to Steal Crypto
KrebsOnSecurity reports: At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn […]
Burger King hacked, systems described as ‘solid as a paper Whopper wrapper in the rain’; Tim Hortons and Popeyes hacked too
What happens when you don’t acknowledge ethical hackers? Sometimes nothing, but sometimes you get a lot of negative coverage. Tom’s Hardware reports: Ethical hackers BobDaHacker and BobTheShoplifter have detailed their claim that they uncovered “catastrophic” vulnerabilities in multiple platforms hosted by Restaurant Brands International (RBI). While RBI may not be a very familiar name, this […]