Warner Music Group reports that some of its e-commerce sites were targeted with web skimming attacks between April 25 and Aug. 5, potentially exposing an unknown number of consumers' personal and financial data. The company did not outline which sites were targeted, but said they were "hosted and supported by an external service provider."
A 16-year-old student was arrested for alleged involvement in cyberattacks on the virtual learning platform of the Miami-Dade County school district. Authorities said the student, a junior at South Miami Senior High School, confessed to eight of the more than a dozen distributed-denial-of-service attacks that disrupted virtual classes for 200,000 students.
Multiple internet service providers in France, Belgium and the Netherlands have been hit with distributed-denial-of-service attacks over the past week that interrupted service and in some cases persisted for hours. Officials in the Netherlands said the attacks in that country were accompanied by demands for large sums of cryptocurrency -- a tactic also used in a wave of recent DDoS attacks against financial institutions around the world.
E-voting company Voatz wants to restrict the access of researchers conducting ethical hacks on voting systems to detect flaws because it is difficult to distinguish between unauthorized researchers and genuine hackers, the company says in a Supreme Court brief. Bugcrowd founder Casey Ellis disagrees, saying, "Unauthorized access is one of the main purposes of security research -- by making it illegal, researchers will be unable to effectively do their jobs, the organization will not be able to close all vulnerabilities, and attackers will win."
The 1 in 3 companies in the digital supply chain that expose basic functions to the internet should either air-gap those services or introduce security controls, advises a report by the Mastercard company RiskRecon and cybersecurity research services firm Cyentia Institute. RiskRecon says its study confirms the correlation between unsafe network services and wider security failures in the digital supply chain.
Vulcan Cyber issued a study saying that most IT departments are ill-equipped to gauge the maturity of their vulnerability remediation programs. Nearly half of 100 survey respondents said they were up on vulnerability scanning and use of remediation tools, while 31% were involved in business alignment around cyber objectives.
A US cybersecurity agency has directed other federal departments to write and disclose policies aimed at simplifying procedures for the public to report potential security flaws and receive responses to them. The Cybersecurity and Infrastructure Security Agency's Bryan Ware said the new policy will strengthen the Department of Homeland Security's ability to protect governmental networks.