Industry Spotlight

open source security

XZ Utils-Like Takeover Attempt Targets the OpenJS Foundation

The OpenJS Foundation, which oversees multiple JavaScript projects, thwarted a takeover attempt of at least one project that has echoes of the dangerous backdoor found in versions of the XZ Utils data compression library that failed only because a Microsoft engineer incidentally discovered it. The malicious code targeting XZ Utils ... Read More
FTC Cerebral data security

Online Health Firm Cerebral to Pay $7 Million for Sharing Private Data

Cerebral, accused by the FTC of sharing sensitive information of over 3.2 million users with third parties, is now banned from using health info for advertising purposes ... Read More
crypto exchange fraud

Ex-Security Engineer Gets Three Years in Prison for $12 Million Crypto Hacks

Prosecutors noted the need for deterrence as the amount of money stolen in crypto exchange frauds piles up ... Read More
Seal of the Cybersecurity & Infrastructure Security Agency

Sisense Hacked: CISA Warns Customers at Risk

A hard-coded credential catastrophe: The analytics firm kept big companies’ secrets in an insecure AWS bucket. Government says victims include the “critical infrastructure sector.” ... Read More
Apple spyware

Apple Warns of ‘Mercenary Spyware Attacks’ on iPhone Users

Apple reportedly is alerting iPhone users in 92 countries that they may have been the targets of attacks using “mercenary spyware,” a term that the company is now using in such alerts in place of “state-sponsored” malware. Apple’s messages to affected users said they were being “targeted by a mercenary ... Read More
FCC connected cars domestic abuse

FCC Mulls Rules to Protect Abuse Survivors from Stalking Through Cars

To protect domestic violence survivors from abusers, the FCC wants to include internet-connected vehicles under the Safe Communication Act ... Read More
healthcare voice scams

HHS: Health Care IT Helpdesks Under Attack in Voice Scams

Scammers are impersonating employees in voice calls to gain access to healthcare organizations' systems and steal money, the agency says ... Read More

Secure Guardrails