LATEST POST
Sen. Wyden seeks FTC probe into Microsoft over Ascension cyberattack
Becker’s Health IT reports: U.S. Sen. Ron Wyden is urging the Federal Trade Commission to investigate Microsoft, saying weak security practices at the tech company helped enable a 2024 ransomware attack on St. Louis-based Ascension hospitals, Bloomberg reported Sept. 10. In a letter sent Sept. 10 to FTC Chairman Andrew Ferguson, Sen. Wyden accused Microsoft of “gross […]
HHS Releases Updated Security Risk Assessment Tool
From HHS OCR:
Department of War Announces the Final Defense Federal Acquisition Regulation Supplement Rule Implementing the Cybersecurity Maturity Model Certification Program
From the U.S. Department of Defense, now called the Department of War: On September 9, the Department of War (DoW) released the final Defense Federal Acquisition Regulation Supplement (DFARS) rule implementing the Cybersecurity Maturity Model Certification (CMMC) Program as described at 32 CFR 170.3 for public inspection in the Federal Register. The final rule will […]
Brazil lesbian dating app shuts down after security flaw exposes sensitive user data
The Record reports: A Brazilian dating app marketed as a safe space for lesbian women shut down this week after several users uncovered a flaw that reportedly could expose sensitive data, including identity verification photos. Sapphos, which launched in early September, required users to verify their identity by submitting a selfie holding a government-issued ID. But on […]
Trump Cuts Imperil Private Sector Cybersecurity Cooperation
From Bloomberg Law: Companies are facing the risk that they will be left alone to fend off cyber attacks. Even as authorities warn of relentless cyber threats, a key tool companies use to safely share information with other businesses and the government is set to expire. Meanwhile, the Cybersecurity and Infrastructure Security Agency, the federal body […]
18 Popular Code Packages Hacked, Rigged to Steal Crypto
KrebsOnSecurity reports: At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn […]
Burger King hacked, systems described as ‘solid as a paper Whopper wrapper in the rain’; Tim Hortons and Popeyes hacked too
What happens when you don’t acknowledge ethical hackers? Sometimes nothing, but sometimes you get a lot of negative coverage. Tom’s Hardware reports: Ethical hackers BobDaHacker and BobTheShoplifter have detailed their claim that they uncovered “catastrophic” vulnerabilities in multiple platforms hosted by Restaurant Brands International (RBI). While RBI may not be a very familiar name, this […]
Texas sues PowerSchool For Data Breach That Compromised the Personal Information of Over 880,000 Texas School-Aged Children and Teachers
From Texas Attorney General Ken Paxton: Attorney General Ken Paxton filed suit against PowerSchool, a California-based provider of cloud-based services for K-12 schools, after an unprecedented data breach exposed the sensitive personal identifying information and protected health information of more than 880,000 Texas school-aged children and teachers. PowerSchool’s software collects, processes, and secures sensitive information […]