IdentityKaiser Permanente notifies 13.4M patients of potential data exposureSteve ZurierApril 26, 2024Patient data may have been transferred via apps to third-party vendors like Google, Microsoft and X.
Application securityAfter a 19-month saga, Broadcom finally patches Brocade SANnav bugsSteve ZurierApril 25, 2024Security pros say given the complexity of SAN management tools, it’s understandable the patches took so long.
Vulnerability ManagementGoogle patches critical type-confusion flaw in Chrome browserSteve ZurierApril 24, 2024Security pros say there’s a high potential that attackers could launch arbitrary code execution.
RansomwareA ‘substantial proportion’ of Americans exposed in Change Healthcare cyberattackSteve ZurierApril 23, 2024Change Healthcare owner UnitedHealth Group acknowledges some customer protected health information leaked on dark web.
Network SecurityMITRE research and prototyping network breached via Ivanti zero-daysSteve ZurierApril 22, 2024Security pros say while the target was an unclassified network, the research it manages on emerging technologies could be of interest to adversaries.
RansomwareAkira takes in $42 million in ransom payments, now targets Linux serversSteve ZurierApril 19, 2024Security pros say threat actors gravitate towards Linux because it’s the OS of choice for many critical server functions.
Vulnerability Management‘MadMxShell’ leverages Google Ads to deploy malware via Windows backdoorSteve ZurierApril 18, 2024Security pros say using Windows backdoor in a malvertising campaign could expose companies to other malware attacks.
Network SecurityBrute-force attacks surge worldwide, warns Cisco Talos Steve ZurierApril 17, 2024While a longstanding method, the scale and systematic execution of the attacks signify an escalation, security pros said.
RansomwareOmni Hotels confirms data compromise in apparent ransomware attack Steve ZurierApril 16, 2024Security pros say the hospitality sector represents a new attack vector for the Daixin Team ransomware gang.
Network SecurityDelinea patches API vulnerability in Secret Server CloudSteve ZurierApril 15, 2024If left unpatched, the API flaw could let attackers bypass authentication, gain admin access, and steal company secrets.