SecurityWeek

A strong security program will sometimes require substantial organizational and cultural changes around security practices, and inevitably, a higher cost.

Hacker leaks 270,000 customer tickets allegedly stolen from Samsung Germany using long-compromised credentials.

The European Commission plans on investing €1.3 billion ($1.4 billion) in cybersecurity, artificial intelligence and digital skills. 

The newly identified Android banking trojan Crocodilus takes over devices, enabling overlay attacks, remote control, and keylogging.

CISA has published its analysis of Resurge, a SpawnChimera malware variant used in attacks targeting a recent Ivanti Connect Secure zero-day.

An email security incident at Chord Specialty Dental Partners, a US dental service organization, has impacted more than 170,000 people. 

Analysis found that 99% of healthcare organizations are vulnerable to publicly available exploits.

Nearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers.

Noteworthy stories that might have slipped under the radar: Key members of Hellcat ransomware group identified, controversy around CrushFTP flaw CVE, NYU website hacked and defaced.

HTTPS certificate issuance now requires Multi-Perspective Issuance Corroboration and linting to improve validation.

A threat actor tracked as Morphing Meerkat abuses DNS mail exchange (MX) records to deliver spoofed login pages.

The Grandoreiro banking trojan has reemerged in new campaigns targeting users in Latin America and Europe.

Firefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day.

Splunk patches high-severity remote code execution and information disclosure flaws in Splunk Enterprise and Secure Gateway App.

Russian-speaking espionage group RedCurl has been deploying ransomware on victims’ networks in a recent campaign.

The UK ICO has fined Advanced Computer Software Group £3 million ($3.8 million) over a 2022 data breach resulting from a ransomware attack.

Interview with Taylor Pyle, a Cybersecurity Engineer at Viasat on her experience with both cyber and mentorship.

GetReal Security has raised $17.5 million in series A funding to combat deepfakes, impersonation, and other AI-generated threats.

US defense contractor MORSE Corp has agreed to pay $4.6 million to settle allegations over its cybersecurity failures. 

ESET uncovers a link between RansomHub, Play, Medusa, and BianLian ransomware gangs as more groups adopt tools to disable EDR software.