SecurityWeek

The Dutch Data Protection Authority has fined Uber €290 million ($320 million) for driver data transfer practices that allegedly violate GDPR.

Patelco Credit Union has confirmed a data breach impacting many individuals after the RansomHub ransomware group stole some databases. 

Meta said it discovered a network of Iranian hackers, who posed as tech support agents for companies including AOL, Microsoft, Yahoo and Google.

Noteworthy stories that might have slipped under the radar: FAA improving cyber rules for airplanes, NGate Android malware used to steal cash from ATMs, abusing Slack AI to steal data.

Kentucky man attempted to fake his death to avoid paying child support obligations by hacking into state registries and falsifying official records.

Government agencies in the US and allied countries have released guidance on how organizations can define a baseline for event logging best practices.

CrowdStrike has addressed a cloud service issue causing degraded performance and boot times for some of its customers. 

Audit finds weaknesses in FBI’s inventory management and disposition procedures for drives containing sensitive information.

Deniss Zolotarjovs was charged in a US court for extorting victims and laundering cryptocurrency as part of the Karakurt cyber extortion group.

SolarWinds has issued a second Web Help Desk hotfix to remove hardcoded credentials after patching a critical-severity vulnerability last week.

Wray declined to talk about any specific investigation or threat but said investigations into cyberattacks, including against election infrastructure, candidates or campaigns, require help from the private sector.

US oil giant Halliburton confirmed its computer systems were hit by a cyberattack that affected operations at its Houston offices.

Hackers gained access to the switch using valid administrator credentials, and then ‘jailbroke’ from the application level into the OS level.

More than two years after the Log4j crisis, organizations are still being hit by crypto-currency miners and backdoor scripts.

Ransomware isn't just about malware. It's about brands, trust, and the shifting allegiances of cybercriminals.

Atlassian has released patches for nine high-severity vulnerabilities in Bamboo, Confluence, Crowd, and Jira products.

CISA warns that attackers are exploiting two critical-severity authentication bypass vulnerabilities impacting multiple Dahua products.

CrowdStrike has denied having any significant acquisition talks with patch management firm Action1 following rumors of a $1 billion deal.

A high-severity vulnerability in Cisco Unified CM and Unified CM SME could allow attackers to cause a denial-of-service (DoS) condition.

A critical vulnerability in the Litespeed Cache WordPress plugin can allow attackers to hack websites by creating an admin user.