The Register reports that coming soon, entities in China will have only one hour from discovery to report a serious cyber incident — or even only 30 minutes if it is very serious: From November 1, the Cyberspace Administration of China (CAC) will enforce its new National Cybersecurity Incident Reporting Management Measures, a sweeping set of […]
Autocar reports: JLR car production will not restart until 24 September at the earliest, the company has confirmed. The Jaguar and Land Rover maker was targeted by hackers on 1 September and is still in the process of rebuilding its computer systems. The group that hit Marks & Spencer earlier this year has claimed responsibility. This has led to […]
Chosun Biz reports an update to a previously disclosed breach affecting Tiffany Korea: Tiffany & Co., the luxury jewelry brand of LVMH (Louis Vuitton Moët Hennessy), announced that it became aware of a leak of key personal information, including customers’ names, postal and email addresses, and phone numbers. Through a notice on the 15th, Tiffany […]
Public Technology reports: The UK’s data-protection watchdog has warned of a growing trend of cyberattacks on schools being perpetrated by pupils. The Information Commissioner’s Office recently analysed the details of 215 data breaches that took place across the education sector between January 2022 and August 2024 and were classified as “insider attacks”. Almost three in […]
More high-end retailers have reportedly fallen prey to Salesforce attacks. As first reported by DataBreaches.net, Gucci customer data was stolen last year. The data included more than 43 million records with customers’ names, age range, month and date of birth, email addresses, mobile phone numbers, addresses, total sales prices, and some additional information. The records […]
The FBI has issued an alert, FLASH-20250912-001. Summary The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber activities by cyber criminal groups UNC6040 and UNC6395, responsible for a rising number of data theft and extortion intrusions. Both groups have recently been observed targeting […]
Becker’s Health IT reports: U.S. Sen. Ron Wyden is urging the Federal Trade Commission to investigate Microsoft, saying weak security practices at the tech company helped enable a 2024 ransomware attack on St. Louis-based Ascension hospitals, Bloomberg reported Sept. 10. In a letter sent Sept. 10 to FTC Chairman Andrew Ferguson, Sen. Wyden accused Microsoft of “gross […]
From HHS OCR:
From the U.S. Department of Defense, now called the Department of War: On September 9, the Department of War (DoW) released the final Defense Federal Acquisition Regulation Supplement (DFARS) rule implementing the Cybersecurity Maturity Model Certification (CMMC) Program as described at 32 CFR 170.3 for public inspection in the Federal Register. The final rule will […]
Self-Replicating Worm Hits 180+ Software Packages
KrebsOnSecurity.com reports: At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed. […]