Point32Health, the second-largest health insurer in Massachusetts, is in the process of informing more than 2.5 million individuals that their personal and protected health information was stolen in a recent ransomware attack. Identified on April 17 and initially disclosed on April 20, the attack impacted systems related to Point32Health’s Harvard Pilgrim Health Care, and resulted […]

An algorithm submitted to the NIST post-quantum encryption competition – and one that made it to the fourth round – has been defeated. The algorithm, Supersingular Isogeny Key Encapsulation (SIKE), was broken by Wouter Castryck and Thomas Decru at KU Leuven, and the process described in a paper written at the end of July 2022. […]

What is likely one of history’s largest heists of personal data—and the largest known cybersecurity breach in China—occurred because of a common vulnerability that left the data open for the taking on the internet, say cybersecurity experts who discovered the security flaw earlier this year. The Shanghai police records—containing the names, government ID numbers, phone […]

Posted: July 4, 2022 by Mark Stockley Last updated: June 29, 2022 In the digital era, freedom is inextricably linked to privacy. After a good start, the Internet-enabled, technological revolution we are living through has hit some bumps in the road. We have already lost a lot of control over who and what has access […]

Microsoft has confirmed that Windows is affected by a zero-day vulnerability after researchers warned of exploitation in the wild. The security hole, now tracked as CVE-2022-30190, came to light after a researcher who uses the online moniker “nao_sec” reported finding a malicious Word file designed to execute arbitrary PowerShell code. The file was uploaded to VirusTotal from […]

Containers revolutionized the development process, acting as a cornerstone for DevOps initiatives, but containers bring complex security risks that are not always obvious. Organizations that don’t mitigate these risks are vulnerable to attack. In this article, we outline how containers contributed to agile development, which unique security risks containers bring into the picture – and […]

On April 20, the security agencies that comprise the Five Eyes intelligence alliance from countries including the U.S., Australia, Canada, New Zealand, and the United Kingdom, released a joint Cybersecurity Advisory (CSA) warning of imminent and serious threats to critical infrastructure in countries that have sanctioned Russia or otherwise supported the Ukraine. Cybercrime groups have […]

The National Institute of Standards and Technology (NIST) has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain. “[Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (C-SCRM)] encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but […]

The United States House of Representatives has passed a bill that would change how cybercrime is tracked, measured and reported by the federal government. The Better Cybercrime Metrics Act (S.2629), authored by US senator Brian Schatz, was approved by the House in a bipartisan 377-48 vote on Tuesday. Once signed into law, the bill will […]