News in the Security category

Ascension hacked after employee downloaded malicious file

Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device.
- Sergiu Gatlan
- June 13, 2024
- 05:52 PM
- 0
New York Times warns freelancers of GitHub repo data breach

The New York Times notified an undisclosed number of contributors that some of their sensitive personal information was stolen and leaked after its GitHub repositories were breached in January 2024.
- Sergiu Gatlan
- June 13, 2024
- 03:52 PM
- 0
Toronto District School Board hit by a ransomware attack

The Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any personal information was exposed.
- Bill Toulas
- June 13, 2024
- 02:43 PM
- 0
Panera warns of employee data breach after March ransomware attack

U.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack.
- Sergiu Gatlan
- June 13, 2024
- 02:32 PM
- 0
Exploit for Veeam Recovery Orchestrator auth bypass available, patch now

A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks.
- Bill Toulas
- June 13, 2024
- 01:21 PM
- 0
Sponsored Content
How to meet evolving MFA demands in the current threat landscape

Multi-factor authentication (MFA) is a crucial weapon in the fight against cybercrime, significantly enhancing online security. Learn more from Specops Software on how to stay on top of the rapidly evolving requirements?
- Sponsored by Specops Software
- June 13, 2024
- 10:01 AM
- 0
Phishing emails abuse Windows search protocol to push malicious scripts

A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware.
- Bill Toulas
- June 12, 2024
- 06:30 PM
- 1
AWS adds passkeys support, warns root users must enable MFA

Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability.
- Bill Toulas
- June 12, 2024
- 03:38 PM
- 5
Google patches exploited Android zero-day on Pixel devices

Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day.
- Sergiu Gatlan
- June 12, 2024
- 03:06 PM
- 3
CISA warns of criminals impersonating its employees in phone calls

Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money.
- Sergiu Gatlan
- June 12, 2024
- 01:58 PM
- 0
New phishing toolkit uses PWAs to steal login credentials

A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials.
- Lawrence Abrams
- June 12, 2024
- 01:35 PM
- 1
Life360 says hacker tried to extort them after Tile data breach

Safety and location services company Life360 says it was the target of an extortion attempt after a threat actor breached and stole sensitive information from a Tile customer support platform.
- Sergiu Gatlan
- June 12, 2024
- 12:45 PM
- 0
Microsoft deprecates Windows DirectAccess, recommends Always On VPN

Microsoft has announced that the DirectAccess remote access solution is now deprecated and will be removed in a future release of Windows, recommending companies migrate to the 'Always On VPN' for enhanced security and continued support.
- Bill Toulas
- June 12, 2024
- 11:05 AM
- 0
Sponsored Content
OAuth risks: How to identify, investigate, and mitigate them

OAuth apps can make our digital lives much easier, but it can also be a huge headache for security teams. Learn more from Nudge Security about these OAuth risks and how to investigate them.
- Sponsored by Nudge Security
- June 12, 2024
- 10:01 AM
- 0
Police arrest Conti and LockBit ransomware crypter specialist

The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself.
- Bill Toulas
- June 12, 2024
- 09:42 AM
- 2
Black Basta ransomware gang linked to Windows zero-day attacks

The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available.
- Bill Toulas
- June 12, 2024
- 06:00 AM
- 0
JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens

JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens.
- Sergiu Gatlan
- June 11, 2024
- 02:59 PM
- 0
Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs

Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability.
- Lawrence Abrams
- June 11, 2024
- 01:31 PM
- 0
City of Cleveland shuts down IT systems after cyberattack

The City of Cleveland, Ohio, is currently dealing with a cyberattack that has forced it to take citizen-facing services offline, including the public offices and facilities at Erieview and the City Hall.
- Bill Toulas
- June 11, 2024
- 12:54 PM
- 2
Chinese hackers breached 20,000 FortiGate systems worldwide

The Dutch Military Intelligence and Security Service (MIVD) warned today that the impact of a Chinese cyber-espionage campaign unveiled earlier this year is "much larger than previously known."
- Sergiu Gatlan
- June 11, 2024
- 12:22 PM
- 3