Multiple vulnerabilities in data center power management systems and supply technologies enable threat actors to gain unauthorized access and perform remote code injection. The attackers can chain multiple vulnerabilities to gain full access to data center systems.
A Georgia healthcare system is notifying over 180,000 individuals of a data compromise involving a hack first detected a year ago, in which attackers accessed and copied a range of patient information. The incident spotlights growing breach response and notification challenges some entities face.
The fallout from the Clop cybercrime group's mass theft of data from MOVEit servers continues to increase. Colorado's state healthcare agency alone is now notifying 4 million affected individuals. The latest tally of victims has reached 670 organizations and 46 million individuals.
Russian-speaking ransomware hackers may be responsible for deploying malware onto the network of an electric utility in southern Africa in an attack researchers say underscores heightened risks of industrial ransomware attacks. An unknown actor deployed a variant of SystemBC malware dubbed DroxiDat.
Secureworks has executed its second round of layoffs since February, axing 15% of its workforce as the company pursues high-growth products and improved operating margins. The company will reduce its 2,149-person staff by roughly 322 positions as it seeks break-even adjusted EBITDA by January 2024.
U.S. authorities seized a web-hosting company used by ransomware hackers in a joint operation with Polish authorities that resulted in the arrest of five individuals and the indictment of the site's owner. The site, LolekHosted, now displays a banner showing its seizure by the FBI and the IRS.
Protect AI bought one of the world's largest certified naming authorities to create a bug bounty platform focused exclusively on AI and ML open-source software. The acquisition will allow customers to discover exploits in the AI or ML supply chain weeks before they're publicly revealed.
Security researchers from Microsoft disclosed flaws in a software development kit used for industrial applications, warning that hackers could attempt remote code execution. The computer giant says the flaws are in the Codesys software environment developed by the Germany company of the same name.
Public companies disclosing a cyber incident under the new U.S. reporting requirements should focus on the business impact and stay away from the technical pieces, said Venable's Grant Schneider. The disclosure should examine how the incident will affect revenue, profitability and public perception.
German intelligence is warning Iranian expatriates about a state-sponsored espionage campaign driven by individualized social engineering techniques. Iran's authoritarian regime has long surveilled its Western diaspora in campaigns that have included cyberespionage, assassinations and terrorism.
In the latest weekly update, ISMG editors discuss the White House's debut of a $20 million contest to exterminate bugs with AI, a New York man admitting to being behind the Bitfinex hack, and a new malware campaign that is targeting newbie cybercriminals in order to steal sensitive information.
A nonprofit firm that administers government dental programs in Canada paid a "substantial" ransom for a decryptor key and the destruction of data stolen in a recent ransomware attack. But the company is now notifying nearly 1.5 million individuals that the hack compromised their data.
Threat actors are taking control of cloud-based Microsoft 365 accounts of C-suite executives using a multifactor authentication phishing tool. Proofpoint researchers say attackers use automation to identify in real time whether a phished user is a high-level profile company official.
Security researchers uncovered a vulnerability in AMD chips that could allow hackers to trick a computer system into leaking data from its kernel. They named the flaw after the 2010 movie "Inception," since both the hacking technique and the film's plot involve planting false ideas into memory.
In the latest "Proof of Concept," Mike Baker, VP/IT CISO at DXC Technology and a CyberEdBoard member, and Chris Hughes, co-founder and CISO at Aquia, join ISMG editors to explore the state of the software supply chain, MOVEit breaches and the role of SBOMs and transparency in software development.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.