SecurityWeek

A cyberattack appears to have caused significant disruption to the systems and operations of title insurer First American and its subsidiaries.

By supplementing traditional perimeter defense mechanisms with principles of data integrity, identity management, and risk-based prioritization, organizations can reduce their exposure to data breaches.

Law enforcement authorities in 17 countries discovered more than 400 online merchants infected with skimmers.

The Akira ransomware group has taken credit for the recent attack that impacted Nissan Australia and New Zealand.

CBS parent company National Amusements is informing 80,000 individuals of a December 2022 data breach.

Integris Health has started informing patients of a data breach impacting their personal information.

Chinese hackers exploited a zero-day tracked as CVE-2023-7102 to deliver malware to Barracuda Email Security Gateway (ESG) appliances.

A variant of the Chameleon Android banking trojan features new bypass capabilities and has expanded its targeting area.

Arion Kurtaj was found responsible by a British court of carrying out one of the biggest breaches in the history of the video game industry

Noteworthy stories that might have slipped under the radar: Cryptocurrency exchange hacker pleads guilty, rating LLM vulnerabilities, Intellexa spyware analysis.

Microsoft has observed Iranian state-sponsored hackers targeting employees at US DIB entities with the FalseFont backdoor.

The Donald W. Wyatt Detention Facility says the data of 2,000 inmates, staff, and vendors was stolen in a cyberattack.

CISA released ICS advisories for FXC router and QNAP NRV flaws and added them to its known exploited vulnerabilities catalog. 

A researcher has shown how malicious actors can create custom GPTs that can phish for credentials and exfiltrate them to external servers. 

Isovalent raised about 70 million in funding from prominent investors including Microsoft's venture fund, Google, and Andreessen Horowitz.

Real Estate Wealth Network database containing real estate ownership data, including for celebrities and politicians, was found unprotected.

ESET has patched CVE-2023-5594, a high-severity vulnerability that can cause a browser to trust websites that should not be trusted.

ESO Solutions is informing 2.7 million individuals of a data breach impacting their personal and health information.

Ivanti has patched 20 vulnerabilities in its Avalanche MDM product, including a dozen remote code execution flaws rated critical.

The FTC has proposed strengthening children’s online privacy rules to address tracking and push notifications.