Security Affairs
E-prescription provider MediSecure impacted by a ransomware attack
Electronic prescription provider MediSecure in Australia suffered a ransomware attack likely originate from a third-party vendor.
DarkReading
Santander Falls Victim to Data Breach Involving Third-Party Provider
The company reports that customers based in Chile, Spain, and Uruguay were the primary victims of the breach, alongside some former employees of the global bank.
Bleeping Computer
MediSecure e-script firm hit by ‘large-scale’ ransomware data breach
Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor.
Cyber Security News
Top 10 Best Managed Service Providers (MSP) for CISO, CTO & IT Managers - 2024
Best MSP for CISO, CTO & IT Managers - 1. Perimeter 812. Secureworks 3. IBM 4. Trustwave 5. Wipro 6. Verizon 7. Sophos 8. Symantec.
SecurityWeek
Nissan Data Breach Impacts 53,000 Employees
Nissan North America determined recently that a ransomware attack launched last year resulted in employee personal information compromise.
CSO
Cycode rolls out ASPM connector marketplace, analysts see it as bare minimum
Application Security Posture Management tools need to integrate with other security tools to do their job.
Security Affairs
Google fixes seventh actively exploited Chrome zero-day this year
Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week.
DarkReading
Patch Now: Another Google Zero-Day Under Exploit in the Wild
Google has rolled an emergency patch for CVE-2024-4947, the third Chrome zero-day it's addressed in the past week.
The Cyber Express
Josh Krueger of Project Hosts, Inc. Appointed to Federal Secure Cloud Advisory Committee
Josh Krueger, the Chief Information Security Officer at Project Hosts, Inc. has been appointed to the Federal Secure Cloud Advisory
Security Affairs
Santander: a data breach at a third-party provider impacted customers and employees
The Spanish bank Santander disclosed a data breach at a third-party provider that impacted customers in Chile, Spain, and Uruguay.
The Cyber Express
MediSecure Data Breach Confirms Impact on Personal and Health Information of Individuals
A ransomware attack has compromised MediSecure, a leading Australian script provider facilitating electronic prescribing and dispensing of prescriptions. The MediSecure
SecurityWeek
Third Chrome Zero-Day Patched by Google Within One Week
Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.
Cyber Security News
LogRhythm and Exabeam to Merge to Boost SIEM & SOAR
LogRhythm and Exabeam, two leading cybersecurity companies to create a powerful force in the security operations and analytics market.
The Hacker News
Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability
Google fixes critical zero-day vulnerability in Chrome. CVE-2024-4947, a type confusion bug in the V8 JavaScript engine, has been actively exploited b
SC Magazine
AI-generated code top cloud security concern amid 100% use rate in survey
GenAI, API and identity risks are key concerns, as well as conflicts between DevOps and SecOps.
The Record
Texas attorney general probes connected-car companies’ data privacy practices
Kia, General Motors, Subaru and Mitsubishi received “civil investigative demand” letters from the Office of the Texas Attorney General's consumer protection division in late April.
SC Magazine
Google patches 3rd Chrome browser zero-day inside of a week
Security pros say the uptick in Chrome zero-days this week demonstrates an increased focus by threat actors on attacking browsers.
Bleeping Computer
Google patches third exploited Chrome zero-day in a week
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
Bleeping Computer
Google fixes third actively exploited Chrome zero-day in a week
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
DarkReading
Flaw in Wi-Fi-Standard Can Enable SSID Confusion Attacks
Attackers can exploit the issue to trick users into connecting to insecure networks, but it works only under specific conditions.
Bleeping Computer
Nissan North America data breach impacts over 53,000 employees
Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom.
The Cyber Express
Banco Santander Confirms Data Breach, Assures Customers’ Transactions Remain Secure
Santander, one of the largest banks in the eurozone, confirmed that an unauthorized party had gained access to a database
SecurityWeek
Thoma Bravo-owned LogRhythm Announces Merger with Rival Exabeam
Financial terms were not released but it's likely a hefty price tag with Exabeam’s most recent valuation pegged at $2.5 billion.
Bleeping Computer
Apple blocked $7 billion in fraudulent App Store purchases in 4 years
Apple's antifraud technology has blocked more than $7 billion in potentially fraudulent transactions in four years, the company states in its latest annual fraud prevention analysis.
The Hacker News
Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps
Android 15 introduces new features to prevent malicious apps from capturing your sensitive data. Find out more about these crucial updates:
Ars Technica
SSH backdoor has infected 400,000 Linux servers over 15 years and keeps on spreading
Ebury backdoors SSH servers in hosting providers, giving the malware extraordinary reach.
Bleeping Computer
Banco Santander warns of a data breach exposing customer info
Banco Santander S.A. announced it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers.
CSO
Singing River ransomware attack now thought to have affected over 895,000
The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack.
SecurityWeek
Santander Data Breach Impacts Customers, Employees
The Spanish bank Santander said customers in Chile, Spain and Uruguay are affected by a data breach at a third-party provider.
Infosecurity News
Santander Customer Data Compromised Following Third-Party Breach
Santander has warned that customer and employee data has been breached following unauthorized access to a database held by a third-party provider
HACKRead
MITM Attacks Can Still Bypass FIDO2 Security, Researchers Warn
Researchers warn that hackers can bypass FIDO2 phishing-resistant protections under certain conditions using a sophisticated MITM technique.
.webp)
Cyber Security News
Hackers Abusing to GitHub to Host Malicious Infrastructure
Cybercriminals have been exploiting GitHub, a platform widely trusted by developers, to host malicious infrastructure.
The Cyber Express
Santander Confirms Data Breach, Assures Customers’ Transactions Remain Secure
Santander, one of the largest banks in the eurozone, confirmed that an unauthorized party had gained access to a database
Infosecurity News
A Third of CISOs Have Been Dismissed “Out of Hand” By the Board
Trend Micro research claims CISOs are often ignored or dismissed as “nagging” by their board
Cyber Security News
10 Best Network Security Providers for Healthcare Industry in 2024
Best Network Security Providers for the Healthcare Industry - 1. Perimeter 81, 2. Palo Alto Networks, 3. Fortinet, 4. Cisco, 5. Trend Micro
The Cyber Express
Cybersecurity Alert: Frotcom International Faces Alleged Data Breach
A dark web actor named DuckyMummy claimed responsibility for an alleged data breach at Frotcom International, a prominent player in
DarkReading
Singapore Cybersecurity Update Puts Cloud Providers on Notice
The nation amends its Cybersecurity Act, giving its primary cybersecurity agency more power to regulate critical infrastructure and third parties, and requiring cyber incidents be reported.
CSO
FBI warns Black Basta ransomware impacted over 500 organizations worldwide
CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting.
The Record
New backdoors on a European government's network appear to be Russian
Researchers with cybersecurity company ESET have labeled two new pieces of suspected Russian malware as LunarWeb and LunarMail.
The Record
EU failure to rein in spyware reflects lack of political will, parliamentarian says
“They know what they have to do,” said Sophie in’t Veld, who led the European Parliament investigation into spyware. “The problem is they don't want to do it.”
SC Magazine
Microsoft fixes exploited Qakbot-delivering 0-day in May Patch Tuesday
In this month’s release, Redmond patched 60 CVEs including two other zero-days and a SharePoint Server remote code execution vulnerability rated critical.
DarkReading
Microsoft Windows DWM Zero-Day Poised for Mass Exploit
CVE-2024-30051 is the most concerning out of this month's Patch Tuesday offerings, and is already under active exploit by several QakBot actors.
DarkReading
Unprotected Session Tokens Can Undermine FIDO2 Security
While the protocol has made passwordless authentication a reality, token-binding is key to prevent against token theft and reuse, security vendor says.
Infosecurity News
Data Breaches in US Schools Exposed 37.6M Records
Comparitech said 2023 was a record year for breaches with 954 reported, up from 139 in 2022 and 783 in 2021
HACKRead
Android Malware Poses as WhatsApp, Instagram, Snapchat to Steal Data
A new Android malware poses as popular applications like WhatsApp, Instagram, and Snapchat to steal user data, including login credentials.
Bleeping Computer
Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android
On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with them.
Infosecurity News
Russian Actors Weaponize Legitimate Services in Multi-Malware Attack
Recorded Future details a novel campaign that abuses legitimate internet services to deploy multiple malware variants for credential theft
Ars Technica
The hunt for rare bitcoin is nearing an end
Rare bitcoin fragments are worth many times their face value.
DarkReading
DNS Tunneling Abuse Expands to Tracking & Scanning Victims
Several campaigns are leveraging the evasive tactic to provide useful insights into victims' online activities, and find new ways to compromise organizations.
SecurityWeek
SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver
SAP has released 14 new and three updated security notes on its May 2024 Security Patch Day, including for critical vulnerabilities.
SecurityWeek
VMware Patches Vulnerabilities Exploited at Pwn2Own 2024
VMware has patched three critical and high-severity vulnerabilities exploited earlier this year at the Pwn2Own hacking competition.
SecurityWeek
Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks
Threat actors are using DNS tunneling to track victims’ interaction with spam and to scan network infrastructures.
SecurityWeek
Google Patches Second Chrome Zero-Day in One Week
Google has patched CVE-2024-4761, the second exploited vulnerability addressed by the company within one week.
The Hacker News
Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code
12 security flaws addressed, including two critical issues leading to remote code execution. Update to version 1.2.27 now to stay protected
Security Affairs
Google fixes sixth actively exploited Chrome zero-day this year
Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability.
The Cyber Express
The Cyber Express Sets the Stage to Host World CyberCon META Edition 2024 in Dubai
This May, the heartbeat of the cybersecurity industry will resonate through Dubai, where The Cyber Express is set to host
Bleeping Computer
Google Chrome emergency update fixes 6th zero-day exploited in 2024
Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks.
SecurityWeek
Zscaler Confirms Only Isolated Test Server Was Hacked
Zscaler has completed its investigation into the recent hacking claims and found that only an isolated test environment was compromised.
SC Magazine
LockBit ransomware spread in millions of emails via Phorpiex botnet
Emails from “Jenny Green” delivered LockBit Black through attached ZIP files.
The Record
FTC fires 'shot across the bow' at automakers over connected-car data privacy
In a blog post, the FTC gave special attention to the sale of geolocation data and what the agency called the “surreptitious disclosure of sensitive information" by automakers.
Bleeping Computer
FCC reveals Royal Tiger, its first tagged robocall threat actor
The Federal Communications Commission (FCC) has named its first officially designated robocall threat actor 'Royal Tiger,' a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall campaigns.
Security Affairs
City of Helsinki suffered a data breach
The City of Helsinki suffered a data breach that impacted tens of thousands of students, guardians, and personnel.
SecurityWeek
NATO Draws a Cyber Red Line in Tensions With Russia
Weakening liberal democracies and weakening the NATO alliance are conjoined in the hybrid war that Russia is conducting against Ukraine.
Cyber Security News
Malicious Python Package Hides Sliver C2 Framework Within PNG File
An attacker published a malicious package on PyPI named "requests-darwin-lite," masquerading as a variant of the popular "requests" library,
HACKRead
Surfshark VPN Brings Data Breach Awareness with See-Through Toilet Campaign
Londoners were met with a rather unusual sight this week as part of a thought-provoking marketing campaign by Surfshark VPN, a VPN provider.
.jpg?height=635&t=1713982088&width=1200)
Security Magazine
FTC orders Cerebral to restrict how consumer data can be shared
The Federal Trade Commission (FTC) has ordered Cerebral, Inc. to restrict how the company can use and/or disclose sensitive consumer data.
Infosecurity News
Black Basta Ransomware Victim Count Tops 500
Affiliates of prolific Black Basta ransomware group have breached over 500 global organizations
SecurityWeek
FBCS Collection Agency Data Breach Impacts 2.7 Million
Financial Business and Consumer Solutions (FBCS) says the personal information of 2.7 million was impacted in the recent data breach.
SecurityWeek
$2.5 Million Offered at Upcoming 'Matrix Cup' Chinese Hacking Contest
Chinese hacking contest Matrix Cup is offering rewards for exploits targeting OS, smartphones, enterprise software, and security products.
Cyber Security News
CISA Warns Of Black Basta Ransomware Attacking 500+ Industries
Black Basta ransomware is used by threat actors because of its powerful abilities and inconspicuous moves.
CyberSecurity Dive
Only one-third of firms deploy safeguards against generative AI threats, report finds
Generative AI gives attackers an edge over cyber defenders, according to a Splunk survey of security experts.
Security Affairs
Firstmac Limited disclosed a data breach after cyber attack
Firstmac Limited disclosed a data breach after the new Embargo extortion group leaked over 500GB of data allegedly stolen from the company.
The Cyber Express
TCE Cyberwatch: Weekly Wrap on AI, Deepfakes, Cybersecurity Challenges Affecting Nations Worldwide
This week on TCE Cyberwatch we’re covering the different data breaches and vulnerabilities faced by different companies. Along with this,
The Record
Hack of provincial Canadian government suspected to be ‘state-sponsored’
Foreign hackers made three attempts to compromise government systems in British Columbia, officials said.
The Record
Southeast Asian scam syndicates stealing $64 billion annually, researchers find
In Cambodia, Laos and Myanmar, the groups are estimated to reap about $43.8 billion each year through scams — some 40 percent of the three nations’ combined formal GDP.
Security Affairs
Pro-Russia hackers targeted Kosovo government websites
Pro-Russia hackers targeted government websites in Kosovo in retaliation for the government's support to Ukraine with military equipment.
Bleeping Computer
Largest non-bank lender in Australia warns of a data breach
Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm.
Security Affairs
Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide
Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported.
CSO
Google Chrome gets a patch for actively exploited zero-day vulnerability
Details of the use-after-free memory vulnerability were not publicly released, but Google says it’s aware an exploit for the bug exists.
Bleeping Computer
Dell API abused to steal 49 million customer records in data breach
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company.
Security Magazine
25% of CISOs in tech are not satisfied with their compensation
A report detailing tech CISO compensation, mobility and job position satisfaction shows that a quarter of CISOs are unhappy with their compensation.
CyberNews
“Do more” – UK authority issues vague call to bolster cyber defenses
The UK’s Information Commissioner's Office (ICO) calls organizations to boost “cybersecurity and protect the personal information they hold.”
Security Affairs
Russia-linked APT28 targets government Polish institutions
CERT Polska warns of a large-scale malware campaign against Polish government institutions conducted by Russia-linked APT28.
The Hacker News
What's the Right EDR for You?
EDR solutions can detect threats that traditional defenses like antivirus often miss. Find out how EDR provides a deeper level of security.
SecurityWeek
RSA Conference 2024 – Announcements Summary (Day 4)
Hundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
The Cyber Express
Dell Warns Customers of Data Breach: Threat Actor Claims 49M Records Compromised
Dell has issued a warning to its customers regarding a data breach following claims by a threat actor of pilfering
CSO
Dell data breach exposes data of 49 million customers
The company says the breach compromised non-critical customer data and involved no sensitive personal or financial information.
Security Affairs
Citrix warns customers to update PuTTY version installed on their XenCenter system manually
Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers to steal a XenCenter admin's private SSH key.
Cyber Security News
Dell Hacked - 49 Million Customers Data Affected
Dell Technologies is investigating a data breach incident involving a company portal containing limited customer information related to purchases.
Computerworld
Apple updates its Platform Security Guide
It's essential reading for IT admins, security researchers and anyone with an interest in Apple security, now updated for 2024.
The Record
UK hit by more ransomware and cyberattacks last year than ever before
A recent update of security incident trends data from the Information Commissioner’s Office (ICO) shows that 2023 was yet another record year for data breaches.
The Record
As EU referendum looms, Moldova finds itself in Russian digital army’s crosshairs
The Kremlin’s "hybrid war" on Moldova — featuring disinformation, cyberattacks and influence operations — aims to manipulate three consequential votes in Moldova this year and next.
The Record
As White House preps new cyber rules for healthcare, Neuberger says backlash is unwarranted
The current cybersecurity situation in the healthcare industry is at least a decade in the making, White House official Anne Neuberger said at the RSA Conference.
HACKRead
Dell Discloses Data Breach As Hacker Sells 49 Million Customer Data
Dell has announced a data breach, while a hacker using the alias Menelik is selling 49 million Dell customer data on the notorious Breach Forums.
Bleeping Computer
Citrix warns admins to manually mitigate PuTTY SSH client bug
Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key.
Infosecurity News
Mobile Banking Malware Surges 32%
Afghanistan, Turkmenistan and Tajikistan victims experienced the highest share of banking Trojans
Bleeping Computer
Dell warns of data breach, 49 million customers allegedly affected
Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers.
SecurityWeek
Criminal Use of AI Growing, But Lags Behind Defenders
Despite the current lack of large-scale criminal exploitation of gen-AI, researchers highlight indications that this may change.
The Cyber Express
International Baccalaureate Exam Hack Speculation Sparks Student Outrage
The International Baccalaureate Organization (IBO) confirmed a hacking incident, while clarifying that no ongoing exam papers were leaked despite claims
Loading more articles....