Recent Security News
-
US govt probes if ransomware gang stole Change Healthcare data
March 13, 2024 at 04:22PM The U.S. Department of Health and Human Services is investigating a ransomware attack on UnitedHealthcare Group (UHG) subsidiary Optum, which affected the Change Healthcare platform. The attack, attributed to the BlackCat ransomware gang, compromised sensitive health information of millions, impacting operations in the U.S. healthcare industry. The investigation follows claims…
-
Heated Seats? Advanced Telematics? Software-Defined Cars Drive Risk
March 13, 2024 at 04:01PM Automobile manufacturers are transforming vehicles into next-gen application platforms, offering “software-defined” features. This enhances safety and offers conveniences like remote disablement but increases cybersecurity risks. Vulnerabilities include physical risks, theft, DDoS, and data privacy concerns. While security efforts show improvement, manufacturers need to prioritize security controls, secure development processes, and…
-
ChatGPT vs. Gemini: Which Is Better for 10 Common Infosec Tasks?
March 13, 2024 at 03:32PM In late 2023, a comparison of ChatGPT and Google Bard’s performance in handling writing security policies is discussed. Both tools are evaluated across various use cases for information security professionals, such as generating diagrams, explaining architecture, interpreting exploit code, and writing policies. Each tool showcases strengths and weaknesses in different…
-
Nissan Oceania Breached; 100K People Affected Down Under
March 13, 2024 at 03:32PM Nissan’s Oceania-region corporate and finance offices experienced a ransomware attack on Dec. 5, compromising sensitive data of around 100,000 individuals in Australia and New Zealand. The breach includes government IDs and other personal information of Renault-Nissan-Mitsubishi Alliance customers. The nature of the attack and the perpetrators have not been disclosed,…
-
Fortinet warns of critical RCE bug in endpoint management software
March 13, 2024 at 02:48PM Fortinet patched a critical remote code execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) software, impacting versions 7.0 and 7.2. The company also fixed an out-of-bounds write weakness in FortiOS and FortiProxy captive portal, as well as other high-severity flaws. A prior RCE bug was disclosed, potentially exploited…