Cybersecurity News, Awards, Webinars, eSummits, Research

Wooden judges gavel on wooden table, close up

A judge will not give three data breach lawsuits against CareFirst class-action status. (Adobe Stock Images)

CareFirst decision cites ‘actual harm’ requirement in data breach lawsuits

Jessica DavisMarch 30, 2023

In a March 28 filing, a D.C. Circuit Court judge refused to join three data breach lawsuits against CareFirst into a class action.

WHITEPAPER

The Automated Phishing Identification & Response Buyer’s Guide

PODCASTS

RESOURCES

FEATURED

As SVB failed, one CEO of a cybersecurity start-up shares his nerve-wracking weekend

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Login. Username and Password on Computer Screen

Identity and access

AlienFox source code toolset harvests credentials from 18 cloud services

Steve ZurierMarch 30, 2023

A threat actor is using AlienFox to harvest API keys and secrets from cloud service providers, including AWS Simple Email Service, Google Workspace and Microsoft Office 365.

Device Security

Hacking campaign exploited zero-day tied to spyware firm

Stephen WeigandMarch 30, 2023

Amnesty International’s Security Labs reported March 29 that it found a mercenary spyware campaign exploiting a zero-day in Android devices.

Threat intelligence

Supply chain attack hits 3CX VoIP software, drops malware to hosts

Jessica DavisMarch 30, 2023

The company's CISO said a bundled library contains an executable file, and urges network defenders to uninstall the desktop client.

Cybercrime

Russia arrests US citizen, Wall Street Journal reporter, on espionage claims

Menghan XiaoMarch 30, 2023

Evan Gershkovich, a U.S. citizen, was detained in the eastern city of Yekaterinburg, on suspicion of collecting "secret information" about a Russian defense company, according to a translated version of the Federal Security Service's statement on Thursday.

Device Security

FDA will refuse new medical devices for cybersecurity reasons on Oct. 1

Jessica DavisMarch 29, 2023

The FDA intends to start rejecting medical devices for cybersecurity reasons in October, but new submissions must include plans beginning March 29.

Ransomware

Unpatched IBM Aspera Faspex file transfer service under active attack

Jessica DavisMarch 29, 2023

At least one entity was compromised through a critical pre-authentication YAML deserialization vulnerability in IBM Aspera Faspex file transfer service; a patch was issued in January.

Emerging technology

Tech luminaries call for a 6-month moratorium on AI, but can they stop it?

Steve ZurierMarch 29, 2023

Security pros see letter from Elon Musk and other big names in tech as media hype and call for a more level-headed approach — even regulation.

CareFirst decision cites ‘actual harm’ requirement in data breach lawsuits

WHITEPAPER

The Automated Phishing Identification & Response Buyer’s Guide

PODCASTS

RESOURCES

FEATURED

As SVB failed, one CEO of a cybersecurity start-up shares his nerve-wracking weekend

Get daily email updates

Perspectives

Tech layoffs bring secure software supply chain security to the forefront

How deception technology fools everyone with a false sense of security

Balancing freedom of choice and security: the key to open platforms

Incident attribution: beware of jumping to conclusions

Three ways to keep the National Cybersecurity Strategy on track

In Brief

LockBit exposes Florida county sheriff’s office data

Ransomware attack confirmed by Sun Pharmaceuticals

Chinese hackers tied to novel Linux malware

Immediate QNAP NAS Linux Sudo bug patching urged

Funding round raises $10M for Spera

More Resources

Top ransomware controls and where MDR fits in

How to declutter DevSecOps with DAST

Deploying MDR: Quotes from the experts

How tech clutter complicates DevSecOps

Threat Hunting: Moving beyond reactive intelligence

AlienFox source code toolset harvests credentials from 18 cloud services

Hacking campaign exploited zero-day tied to spyware firm

Supply chain attack hits 3CX VoIP software, drops malware to hosts

Russia arrests US citizen, Wall Street Journal reporter, on espionage claims

FDA will refuse new medical devices for cybersecurity reasons on Oct. 1

Unpatched IBM Aspera Faspex file transfer service under active attack

Tech luminaries call for a 6-month moratorium on AI, but can they stop it?

EVENTS

Practical advice for protecting your digital supply chain: A realistic top 5 list

Reducing risk with user access review automation

IAM: Tales from the cutting edge, for the watch-and-learn crowd

Passwordless security: Where things stand, and What’s next?

The Three Steps to Cyber Readiness