Snowflake
Mandiant confirms 165 Snowflake breach victims – sees custom .NET and Java reconnaissance tool
“At least 79.7% of the accounts leveraged by the threat actor in this campaign had prior credential exposure
News
TikTok's EU data migration will be over by Christmas, policy chief reveals
The Chinese giant is “leaning into” European data sovereignty laws as it moves vast quantities of data across the Atlantic
WithSecure
CTO to CISO: Christine Bejerasco on generative AI, and the "loneliness" of security
WithSecure’s Christine Bejerasco says CISOs need more sparring partners
cybersecurity
FBI reveals Zero Trust adoption plans in $8 billion IT budget
Crime fighters prioritise internal network security in the wake of major data breach
cybersecurity
How CISOs can make sure a cyber insurance claim pays out
Leading insurer highlights “shocking blind spots” that “happen over and over again on a daily basis” to invalidate claims.
News
Warning over Azure Service Tags vulnerability backed by infosec pros
Tenable research "revealed an attack surface most users of Azure service were probably not accounting for..."
News
NHS will fail to count death toll of London hospital cyberattack, CEO warns
"Right now, *no one* has died from a cyberattack that has targeted or shut down a hospital, but actuarial data shows that more than 300 people *probably* died as a result of WannaCry"
Snowflake
Snowflake: CrowdStrike and Mandiant say we're clean
"This appears to be a targeted campaign directed at users with single-factor authentication"
hugging face
Hugging Face left with split lip after someone punches way into Spaces secrets
"We pledge to use this as an opportunity to strengthen the security of our entire infrastructure"
cybersecurity
The Big Interview: Eclypsium CEO Yuriy Bulygin
An attacker shift toward black box appliances and lower layers of IT infrastructure has left organisations with a huge security gap
cybersecurity
New North Korean threat group seen deploying custom ransomware
Multiple Fortune 500 firms breached. Threat group uses remote IT staff, social engineering, trojanised npm packages, even a poisoned "tank game"
healthcare
One of the US's largest hospital providers, Ascension, fired IT staff in a cost-cutting drive; now it’s sucking up a cyber attack
"Unusual activity on select technology network systems" causes nationwide medical chaos as doctors lose access to EMR.