The US Department of Justice has unsealed charges against a man with dual Russian and Israeli nationality accused of being involved in the development of the LockBit ransomware. The suspect, 51-year-old Rostislav Panev, was arrested in Israel in August based on a request from the United States. Panev is currency in custody in Israel pending […]

Italy’s data protection watchdog said Friday it has fined OpenAI 15 million euros ($15.6 million) after wrapping up a probe into the collection of personal data by the U.S. artificial intelligence company’s popular chatbot ChatGPT. The country’s privacy watchdog, known as Garante, said its investigation showed that OpenAI processed users’ personal data to train ChatGPT […]

Apple complained that requests from Meta Platforms for access to its operating software threaten user privacy, in a spat fueled by the European Union’s intensifying efforts to get the iPhone maker to open up to products from tech rivals. The 27-nation EU’s executive Commission is drawing up “interoperability” guidelines for Apple under its new digital […]

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, […]

More than 190,000 Android devices have been observed connecting to newly uncovered BadBox botnet infrastructure, cybersecurity firm Bitsight reports. The sinkholing of a BadBox domain has revealed that most of the infected devices are unique models not seen before, such as Yandex 4K QLED smart TVs and Hisense T963 smartphones, with Russia, China, India, Belarus, […]

The Play ransomware group has claimed responsibility for the cyberattack that disrupted operations at donut and coffee retail chain Krispy Kreme last week. The incident occurred on November 29, the North Carolina company said in a regulatory filing with the Securities and Exchange Commission (SEC) last week. “Krispy Kreme shops globally are open, and consumers […]

A Romanian national accused of conducting cyberattacks using the NetWalker ransomware has been sentenced to 20 years in prison in the United States, the Justice Department announced on Thursday. In addition to the prison sentence, the man, 30-year-old Daniel Christian Hulea, has been ordered to pay nearly $15 million in restitution, and has been ordered […]

The US cybersecurity agency CISA warns that a recently disclosed vulnerability in BeyondTrust’s remote access products has been exploited in the wild. The issue, tracked as CVE-2024-12356 (CVSS score of 9.8), is a command injection bug impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) that can be exploited without authentication. BeyondTrust released patches […]

Critical vulnerabilities patched by Rockwell Automation in its Allen-Bradley PowerMonitor 1000 product could allow remote hackers to breach an organization’s industrial systems and cause disruption or gain further access.  The existence of the vulnerabilities came to light this week when Rockwell Automation and the cybersecurity agency CISA released security advisories. PowerMonitor 1000 is a compact […]

Vulnerabilities introduced from third-party components continue to create major issues for organizations: Nearly all codebases, for example, contain open-source components, and 77 percent of all code in codebases originates from open source. Yet, open source-linked vulnerabilities exist in 84 percent of risk-assessed codebases, with 74 percent of the codebases considered at high risk. The emergence […]