|
|
|
|
|
PHOTO: TOMS KALNINS/SHUTTERSTOCK
|
|
|
|
|
Quantifying the damage: About 750,000 people had their personal data breached in an August phishing attack at the Canadian Investment Regulatory Organization. Compromised information includes contact details, dates of birth and account statements, the regulatory body for investment and mutual fund dealers said Wednesday. CIRO said it and external consultants spent about 9,000 hours investigating. (Bloomberg)
|
|
|
|
Takedown: Microsoft worked with law enforcement in the U.S., U.K. and Germany to disrupt RedVDS, a global cybercrime subscription service responsible for an estimated $40 million in fraud in the U.S. alone. Scammers subscribed to disposable virtual machines to conduct fraud for as little as $24 a month, Microsoft said Wednesday.
-
Alabama pharmaceutical firm H2-Pharma lost more than $7.3 million via fraudulent activity linked to RedVDS.
|
|
|
French internet service provider Free Mobile was fined €42 million, or about $49 million, for security failures that violated the European Union's strict data-privacy rules. More than 23 million people had their personal data breached and sold after an October 2024 cyberattack at Free Mobile. (Bleeping Computer)
-
Of particular interest: France's data-privacy watchdog called out Free Mobile for storing data about former customers for longer than needed for accounting purposes. The regulator gave the company six months to sort it and delete what is no longer necessary.
|
|
|
|
|
Securing OT: Cyber agencies in the U.S., U.K., Australia, Canada, Germany, the Netherlands and New Zealand issued joint guidance for strong cybersecurity for industrial systems and operational technology amid growing concern about the vulnerability of critical infrastructure to nation-state attacks. Among their recommendations are:
-
Make "risk-informed decisions" about whether and how to allow OT systems to connect to the internet or business partners.
-
Consider old or obsolete products untrustworthy. Segment them, where possible.
-
Understand how systems behave when they, or their networks, fail. Figure out ahead of time how to continue operating manually.
The agencies urged equipment makers to help by designing products with security in mind and providing better documentation for turnkey systems so that customers can adapt security tools to them over time.
Read the full guidance here.
|
|
|
|
|
4,737
|
|
Number of attacks claimed by hackers operating data-leak sites in 2025, according to new research from cyber company Symantec. That's up from 4,701 in 2024.
|
|
|
|
|
|
|
|
|
|
PHOTO: JEENAH MOON/REUTERS
|
|
|
|
|
China bans U.S., Israeli cyber tech. Chinese companies and other organizations can no longer use products from 15 security companies based in the U.S. and Israel, Reuters reported, citing people familiar with the matter. The firms, which China said put its national security at risk, include Palo Alto Networks, Google's Mandiant unit, Recorded Future, Check Point and Orca Security, among others. Several said they don't do business in China.
|
|
|
|
Dismissed: A federal judge in Texas dismissed shareholder suit against CrowdStrike over the July 2024 tech outage that crashed 8 million computers at companies worldwide. The suit had accused CrowdStrike of defrauding investors with inadequate disclosures about its product quality. A faulty software upgrade kicked off the crash.
-
Plaintiffs didn't show that statements by the company and its executives were misleading or intended to defraud, the judge said. (Reuters)
|
|
|
|
-
AI penetration testing startup Aikido raised $60 million in a Series B funding round led by Tom Stafford at DST Global. The investment puts Aikido, founded in 2022 in Belgium, at a $1 billion valuation.
|
|
-
San Francisco-based depthfirst raised $40 million in a Series A round led by Accel. The company launched products four months ago that use AI to detect, triage and fix vulnerabilities.
|
|
|
|
|
|
|
|
|
|
|
|
