|
|
|
|
|
PHOTO: KIRSTY WIGGLESWORTH/AP
|
|
|
|
|
U.K. streamlines cyber regulations. Companies that must report cyberattacks can now use one portal and a single definition of an incident to report details to the Financial Conduct Authority, Prudential Regulation Authority and the Bank of England, the regulators said Wednesday.
|
|
|
-
Firms would report most incidents within 24 hours of determining it meets certain thresholds for consumer harm, market stability or safety and soundness for the organization.
-
A final report is due within 30 working days of resolving the incident.
|
|
|
Japan will allow its police and self-defense forces to conduct cyber operations against hackers starting Oct. 1, becoming the latest country to adopt a more aggressive stance in pursuit of cybersecurity adversaries. The U.S. and Germany recently have disclosed similar proactive plans. (The Register)
|
|
|
The Stryker lesson: Businesses should step up cyber protections for endpoint devices in the wake of a cyberattack at medical tech company Stryker, the top U.S. cyber agency said Wednesday.
-
Malicious activity discovered March 11 at Stryker abused legitimate endpoint management software, the Cybersecurity and Infrastructure Security Agency warned.
-
One key step: Use phishing-resistant multifactor authentication, CISA said, pointing to resources from Microsoft for hardening its Intune endpoint management tool.
-
Microsoft issued similar guidance for securing Intune three days after the Stryker hack.
|
|
|
Stryker said some patients have had to delay surgeries because of continuing outages to its manufacturing, ordering and fulfillment systems. (Bloomberg)
|
|
|
Consumer cybersecurity provider Aura said a voice phishing attack led to a compromise of contact information for fewer than 35,000 current and former customers. An employee's account was accessed for about one hour, the company said. Sensitive information such as Social Security numbers, financial transactions and credentials, is encrypted and wasn't exposed, Aura said.
|
|
|
The FBI has resumed buying commercial data about U.S. residents, including location information, to help investigations. “We do purchase commercially available information that is consistent with the Constitution and the laws under the Electronic Communications Privacy Act, and it has led to some valuable intelligence for us,” Kash Patel, director of the Federal Bureau of Investigation, testified at a Senate hearing Wednesday. (TechCrunch)
-
Sen. Ron Wyden (D., Ore.) called the practice a violation of the Fourth Amendment, which protects against searches without a warrant.
|
|
|
General Electric is recalling a web-based radiology workstation because of a vulnerability that exposes login credentials, which could let unauthorized users manipulate data. Clinicians use GE Medical's Centricity Universal Viewer to assess patient images. About 1,568 units are affected globally, the Food and Drug Administration said. (Radiology Business)
|
|
|
|
|
72
|
|
Number of nation-state, criminal and hacktivist cyber groups that targeted the U.S. food and agriculture sector last year, according to research from the industry's information sharing and analysis center. More than 59% of reported attacks in 2025 came from Russia, the Food and Ag ISAC said.
That's followed by China at 25%, North Korea at 7%, Iran at 5% and the U.K. at 3%.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
