Security Affairs
E-prescription provider MediSecure impacted by a ransomware attack
Electronic prescription provider MediSecure in Australia suffered a ransomware attack likely originate from a third-party vendor.
Security Affairs
Electronic prescription provider MediSecure in Australia suffered a ransomware attack likely originate from a third-party vendor.
DarkReading
The company reports that customers based in Chile, Spain, and Uruguay were the primary victims of the breach, alongside some former employees of the global bank.
Bleeping Computer
Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor.
Cyber Security News
Best MSP for CISO, CTO & IT Managers - 1. Perimeter 812. Secureworks 3. IBM 4. Trustwave 5. Wipro 6. Verizon 7. Sophos 8. Symantec.
SecurityWeek
Nissan North America determined recently that a ransomware attack launched last year resulted in employee personal information compromise.
CSO
Application Security Posture Management tools need to integrate with other security tools to do their job.
Security Affairs
Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week.
DarkReading
Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week.
The Cyber Express
Josh Krueger, the Chief Information Security Officer at Project Hosts, Inc. has been appointed to the Federal Secure Cloud Advisory
Security Affairs
The Spanish bank Santander disclosed a data breach at a third-party provider that impacted customers in Chile, Spain, and Uruguay.
The Cyber Express
A ransomware attack has compromised MediSecure, a leading Australian script provider facilitating electronic prescribing and dispensing of prescriptions. The MediSecure
SecurityWeek
Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.
Cyber Security News
LogRhythm and Exabeam, two leading cybersecurity companies to create a powerful force in the security operations and analytics market.
The Hacker News
Google fixes critical zero-day vulnerability in Chrome. CVE-2024-4947, a type confusion bug in the V8 JavaScript engine, has been actively exploited b
SC Magazine
GenAI, API and identity risks are key concerns, as well as conflicts between DevOps and SecOps.
The Record
Kia, General Motors, Subaru and Mitsubishi received “civil investigative demand” letters from the Office of the Texas Attorney General's consumer protection division in late April.
SC Magazine
Security pros say the uptick in Chrome zero-days this week demonstrates an increased focus by threat actors on attacking browsers.
Bleeping Computer
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
Bleeping Computer
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
DarkReading
Attackers can exploit the issue to trick users into connecting to insecure networks, but it works only under specific conditions.
Bleeping Computer
Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom.
The Cyber Express
Santander, one of the largest banks in the eurozone, confirmed that an unauthorized party had gained access to a database
SecurityWeek
Financial terms were not released but it's likely a hefty price tag with Exabeam’s most recent valuation pegged at $2.5 billion.
Bleeping Computer
Apple's antifraud technology has blocked more than $7 billion in potentially fraudulent transactions in four years, the company states in its latest annual fraud prevention analysis.
The Hacker News
Android 15 introduces new features to prevent malicious apps from capturing your sensitive data. Find out more about these crucial updates:
Ars Technica
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.
Bleeping Computer
Banco Santander S.A. announced it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers.
CSO
The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack.
SecurityWeek
The Spanish bank Santander said customers in Chile, Spain and Uruguay are affected by a data breach at a third-party provider.
Infosecurity News
Santander has warned that customer and employee data has been breached following unauthorized access to a database held by a third-party provider
HACKRead
Researchers warn that hackers can bypass FIDO2 phishing-resistant protections under certain conditions using a sophisticated MITM technique.
Cyber Security News
Cybercriminals have been exploiting GitHub, a platform widely trusted by developers, to host malicious infrastructure.
The Cyber Express
Santander, one of the largest banks in the eurozone, confirmed that an unauthorized party had gained access to a database
Infosecurity News
Trend Micro research claims CISOs are often ignored or dismissed as “nagging” by their board
Cyber Security News
Best Network Security Providers for the Healthcare Industry - 1. Perimeter 81, 2. Palo Alto Networks, 3. Fortinet, 4. Cisco, 5. Trend Micro
The Cyber Express
A dark web actor named DuckyMummy claimed responsibility for an alleged data breach at Frotcom International, a prominent player in
DarkReading
The nation amends its Cybersecurity Act, giving its primary cybersecurity agency more power to regulate critical infrastructure and third parties, and requiring cyber incidents be reported.
CSO
CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting.
The Record
Researchers with cybersecurity company ESET have labeled two new pieces of suspected Russian malware as LunarWeb and LunarMail.
The Record
“They know what they have to do,” said Sophie in’t Veld, who led the European Parliament investigation into spyware. “The problem is they don't want to do it.”
SC Magazine
In this month’s release, Redmond patched 60 CVEs including two other zero-days and a SharePoint Server remote code execution vulnerability rated critical.
DarkReading
CVE-2024-30051 is the most concerning out of this month's Patch Tuesday offerings, and is already under active exploit by several QakBot actors.
DarkReading
While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.
Infosecurity News
Comparitech said 2023 was a record year for breaches with 954 reported, up from 139 in 2022 and 783 in 2021
HACKRead
A new Android malware poses as popular applications like WhatsApp, Instagram, and Snapchat to steal user data, including login credentials.
Bleeping Computer
On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with them.
Infosecurity News
Recorded Future details a novel campaign that abuses legitimate internet services to deploy multiple malware variants for credential theft
Ars Technica
Rare bitcoin fragments are worth many times their face value.
DarkReading
Several campaigns are leveraging the evasive tactic to provide useful insights into victims' online activities, and find new ways to compromise organizations.
SecurityWeek
SAP has released 14 new and three updated security notes on its May 2024 Security Patch Day, including for critical vulnerabilities.
SecurityWeek
VMware has patched three critical and high-severity vulnerabilities exploited earlier this year at the Pwn2Own hacking competition.
SecurityWeek
Threat actors are using DNS tunneling to track victims’ interaction with spam and to scan network infrastructures.
SecurityWeek
Google has patched CVE-2024-4761, the second exploited vulnerability addressed by the company within one week.
The Hacker News
12 security flaws addressed, including two critical issues leading to remote code execution. Update to version 1.2.27 now to stay protected
Security Affairs
Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability.
The Cyber Express
This May, the heartbeat of the cybersecurity industry will resonate through Dubai, where The Cyber Express is set to host
Bleeping Computer
Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks.
SecurityWeek
Zscaler has completed its investigation into the recent hacking claims and found that only an isolated test environment was compromised.
SC Magazine
Emails from “Jenny Green” delivered LockBit Black through attached ZIP files.
The Record
In a blog post, the FTC gave special attention to the sale of geolocation data and what the agency called the “surreptitious disclosure of sensitive information" by automakers.
Bleeping Computer
The Federal Communications Commission (FCC) has named its first officially designated robocall threat actor 'Royal Tiger,' a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall campaigns.
Security Affairs
The City of Helsinki suffered a data breach that impacted tens of thousands of students, guardians, and personnel.
SecurityWeek
Weakening liberal democracies and weakening the NATO alliance are conjoined in the hybrid war that Russia is conducting against Ukraine.
Cyber Security News
An attacker published a malicious package on PyPI named "requests-darwin-lite," masquerading as a variant of the popular "requests" library,
HACKRead
Londoners were met with a rather unusual sight this week as part of a thought-provoking marketing campaign by Surfshark VPN, a VPN provider.
Security Magazine
The Federal Trade Commission (FTC) has ordered Cerebral, Inc. to restrict how the company can use and/or disclose sensitive consumer data.
Infosecurity News
Affiliates of prolific Black Basta ransomware group have breached over 500 global organizations
SecurityWeek
Financial Business and Consumer Solutions (FBCS) says the personal information of 2.7 million was impacted in the recent data breach.
SecurityWeek
Chinese hacking contest Matrix Cup is offering rewards for exploits targeting OS, smartphones, enterprise software, and security products.
Cyber Security News
Black Basta ransomware is used by threat actors because of its powerful abilities and inconspicuous moves.
CyberSecurity Dive
Generative AI gives attackers an edge over cyber defenders, according to a Splunk survey of security experts.
Security Affairs
Firstmac Limited disclosed a data breach after the new Embargo extortion group leaked over 500GB of data allegedly stolen from the company.
The Cyber Express
This week on TCE Cyberwatch we’re covering the different data breaches and vulnerabilities faced by different companies. Along with this,
The Record
Foreign hackers made three attempts to compromise government systems in British Columbia, officials said.
The Record
In Cambodia, Laos and Myanmar, the groups are estimated to reap about $43.8 billion each year through scams — some 40 percent of the three nations’ combined formal GDP.
Security Affairs
Pro-Russia hackers targeted government websites in Kosovo in retaliation for the government's support to Ukraine with military equipment.
Bleeping Computer
Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm.
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported.
CSO
Details of the use-after-free memory vulnerability were not publicly released, but Google says it’s aware an exploit for the bug exists.
Bleeping Computer
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company.
Security Magazine
A report detailing tech CISO compensation, mobility and job position satisfaction shows that a quarter of CISOs are unhappy with their compensation.
CyberNews
The UK’s Information Commissioner's Office (ICO) calls organizations to boost “cybersecurity and protect the personal information they hold.”
Security Affairs
CERT Polska warns of a large-scale malware campaign against Polish government institutions conducted by Russia-linked APT28.
The Hacker News
EDR solutions can detect threats that traditional defenses like antivirus often miss. Find out how EDR provides a deeper level of security.
SecurityWeek
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
The Cyber Express
Dell has issued a warning to its customers regarding a data breach following claims by a threat actor of pilfering
CSO
The company says the breach compromised non-critical customer data and involved no sensitive personal or financial information.
Security Affairs
Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers to steal a XenCenter admin's private SSH key.
Cyber Security News
Dell Technologies is investigating a data breach incident involving a company portal containing limited customer information related to purchases.
Computerworld
It's essential reading for IT admins, security researchers and anyone with an interest in Apple security, now updated for 2024.
The Record
A recent update of security incident trends data from the Information Commissioner’s Office (ICO) shows that 2023 was yet another record year for data breaches.
The Record
The Kremlin’s "hybrid war" on Moldova — featuring disinformation, cyberattacks and influence operations — aims to manipulate three consequential votes in Moldova this year and next.
The Record
The current cybersecurity situation in the healthcare industry is at least a decade in the making, White House official Anne Neuberger said at the RSA Conference.
HACKRead
Dell has announced a data breach, while a hacker using the alias Menelik is selling 49 million Dell customer data on the notorious Breach Forums.
Bleeping Computer
Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key.
Infosecurity News
Afghanistan, Turkmenistan and Tajikistan victims experienced the highest share of banking Trojans
Bleeping Computer
Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers.
SecurityWeek
Despite the current lack of large-scale criminal exploitation of gen-AI, researchers highlight indications that this may change.
The Cyber Express
The International Baccalaureate Organization (IBO) confirmed a hacking incident, while clarifying that no ongoing exam papers were leaked despite claims
Loading more articles....