More than a year after the December 2020 cyberattack on Accellion's File Transfer Appliance, the company has agreed to a $ 8.1 million settlement to resolve a class action against it following the data exposure that resulted in the theft of both consumer and patient data.
Police in Ukraine have arrested five individuals on suspicion of using ransomware to extort more than 50 companies across the United States and Europe, as well as to provide an IP-changing service to international hackers to help them distribute malware, steal sensitive data and disrupt sites.
The Cyberspace Administration of China's new regulation for companies that offer algorithm-based recommendation services has been met with caution. Some statements in the regulation, which is to go into effect on March 1, are vague enough to be abused, and confidentiality is also a concern.
Top U.S. cybersecurity leaders continue to warn against the peril of Apache Log4j vulnerabilities, confirming on Monday that hundreds of millions of devices worldwide are likely affected by the logging utility flaw, although the response, in terms of scope and speed, has been "exceptional."
U.S. authorities are warning healthcare sector entities of rising threats involving Pysa ransomware and the cybercriminal gang Mespinoza, which operates the malware variant. Meanwhile, healthcare entities in the U.S. and globally continue to battle an assortment of cyberattacks and their fallout.
The EU's law enforcement agency, Europol, has been ordered by a watchdog to not retain for longer than six months any personal data it stores pertaining to individuals who reside in the EU, unless it has ascertained that the individuals are tied to an investigation or criminal activities.
French data protection agency CNIL has imposed fines of $170 million on Google and $66 million on Facebook for not complying with cookie regulations. The watchdog has ruled that the firms should make opting out of cookies as simple as opting in, or pay a $113,000 fine for each day of delay.
A Chicago-based fertility center has reported that a hacking incident detected in February 2021 has affected the protected health information of nearly 80,000 individuals. The breach is among the latest major security incidents involving fertility healthcare providers.
A California man has pleaded guilty to his role in a scheme to commit a $50 million wire and securities fraud that involved the creation of fake websites to solicit funds from investors, the Department of Justice announced Wednesday.
A senior executive at a Russian cybersecurity services firm has been denied bail after being extradited from Switzerland to the U.S. to face charges that he participated in a hacking scheme that stole pre-public earnings information for publicly traded companies to make $82.5 million via insider trading.
Arbix Finance, a yield-farming protocol that runs on Binance Smart Chain, has reportedly siphoned user funds in what blockchain security firm CertiK labeled a "rug pull." This follows a Library of Congress report indicating that the number of nations banning cryptocurrency has doubled since 2018.
A proposed class action lawsuit has been filed against a practice management and electronic health records vendor in the wake of a 2021 cyberattack affecting nearly 320,000 individuals. Among other demands, the lawsuit seeks a long list of security improvements by the company.
Ten U.S. senators this week wrote to the secretaries of both the Department of Homeland Security and the Department of Transportation inquiring about specific measures they plan to pursue to prevent and respond to cyberattacks on the nation's critical infrastructure.
New York State Attorney General Leticia James detailed a credential stuffing investigation that showed the compromise of 1.1 million user accounts linked to "well-known" retail operations. The 17 companies involved reportedly agreed to put new measures in place to mitigate cyber risks.
Morgan Stanley agreed to a $60 million settlement to resolve a class action lawsuit claiming the banking giant violated security compliance laws and provided negligent oversight when a third party did not properly decommission legacy IT systems in 2016 and 2019.