July 4, 2024 at 06:37AM Microsoft has disclosed two security vulnerabilities in Rockwell Automation PanelView Plus, which could be exploited by remote attackers for remote code execution and denial-of-service (DoS) attacks. These flaws are tracked as CVE-2023-2071 and CVE-2023-29464, impacting FactoryTalk View Machine Edition and FactoryTalk Linx. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) … Read more
July 3, 2024 at 03:03AM The South African National Health Laboratory Service (NHLS) continues to recover from a ransomware attack, causing disruptions in lab testing and access to test results. This adds pressure to the already strained healthcare system, potentially leading to more infections and worsened health outcomes. The government and organizations must enhance cybersecurity … Read more
July 2, 2024 at 10:07AM Schools and libraries globally face a rise in cybersecurity threats, with 29% of U.S. K-12 schools having been attacked, according to the Center for Internet Security. Johnathan Kim, from Woodland Hills School District, discusses the challenges and vulnerabilities schools encounter, emphasizing the need for robust cybersecurity measures and staff education … Read more
July 2, 2024 at 07:07AM The cybersecurity threat landscape has seen a substantial rise in average ransomware payments, with increases over 500%. The surge is attributed to cybercriminals better targeting organizations for larger ransom payments, as well as the utilization of Generative AI in creating convincing phishing attacks. Implementing next-generation MFA technologies, including biometrics, is … Read more
July 1, 2024 at 03:24PM CDK Global aims to restore access to its dealer management system and other applications following a ransomware attack. The attack caused widespread outages, forcing car dealerships to resort to manual processes and prompting CDK to take down its IT systems. The attacker, BlackSuit ransomware gang, is now negotiating with CDK … Read more
July 1, 2024 at 01:18PM Security flaws in CocoaPods were discovered, allowing attackers to hijack and insert malicious code into popular iOS and macOS applications, posing serious supply chain risks. The vulnerabilities were patched in October 2023, but the issues stemmed from a 2014 migration, leading to unclaimed pods and flawed verification processes. Downstream customers … Read more
June 26, 2024 at 01:01AM Google has blocked ads for e-commerce sites using Polyfill.io due to a supply chain attack. The Chinese company Funnull acquired the domain and altered the JavaScript library to redirect users to malicious sites, impacting over 110,000 sites. Concerns have been raised about the security and maintenance of the library, prompting … Read more
June 21, 2024 at 05:11PM Los Angeles Unified School District confirmed a data breach from its Snowflake account, with student and employee data stolen by threat actors. After investigations by Snowflake, Mandiant, and CrowdStrike, it was revealed that at least 165 organizations were targeted due to lack of multi-factor authentication. Multiple threat actors put the … Read more
June 21, 2024 at 07:20AM The Qilin ransomware gang released 400GB of data from pathology services provider Synnovis following a cyberattack, affecting London hospitals and causing over 1,100 surgeries and 2,100 appointments to be postponed. Despite impacting patients, Qilin showed no remorse, stating the attack was intentional and a “struggle.” NHS continues to work on … Read more
June 19, 2024 at 07:21AM The CISO faces mounting pressures in our digital age. They grapple with regulatory challenges, constantly evolving threat landscapes, and limited decision-making authority. However, there’s a strategic evolution in play, with CISOs increasingly reporting to CEOs and aspiring to align security objectives with broader business goals. Despite the risks, the CISO … Read more