CISA stresses that "significant" Log4j breaches have not yet been found in the networks of federal agencies or critical infrastructure, but that it is not yet possible to assess whether the vulnerability is present across all of these disparate systems.
The fallout from the Pegasus spyware incident has prompted the Biden administration to issue a warning to the general public about commercial surveillance tools, offering advice for self-protection to journalists and dissidents.
The Office of the Attorney General of New York has recorded 1.1 million compromised accounts. The stolen logins were put to use in credential stuffing attacks against a variety of "well-known" online retail, food and delivery businesses.
Legal action may be forthcoming for organizations that do not patch Log4j. The FTC has issued an alert that references the Equifax breach (which ended in a settlement of $700 million) as a precedent.
Grinch bots have been a problem in the retail space for years and even beyond the Christmas season, snapping up everything from concert tickets to new video games.
Two Iranian hackers have been indicted for election interference, charged with stealing information from state voter rolls to personally target thousands of individual voters as well as members of Congress and campaign staffers.
The US authorities offered a $10 million reward for information to identify or locate REvil and DarkSide ransomware gang leaders, and $5 million for their affiliates preparing attacks.
A new ransomware reporting bill introduced to the House of Representatives proposes putting new requirements on financial institutions, some of which are likely to be controversial. Any payment of over $100,000 would require the victim to first obtain special permission from the US Treasury.
A little-known law from 1984, originally intended to discourage large cash transfers, has been repurposed as a crypto regulation and tucked into the massive US infrastructure bill.
The biggest names in Big Tech are about to be subject to a new investigation. The CFPB wants to look over their handling of payment data, as a means of providing better protections against things like fraud and data breaches.