March 4, 2024 at 08:48AM Hikvision has released patches for two vulnerabilities in its security management system HikCentral Professional. The more serious flaw, CVE-2024-25063, could lead to unauthorized access to specific URLs. The second bug, CVE-2024-25064, requires authentication to be exploited. Hikvision urges customers to apply the patches promptly, as prior vulnerabilities have been exploited. … Read more
March 4, 2024 at 12:36AM U.S. cybersecurity agencies have issued warnings about Phobos ransomware targeting government and critical infrastructure entities. The ransomware, operated as a service model, has targeted various sectors and has earned millions in ransom. The attackers use various tactics and have been actively targeting entities since May 2019, posing a significant ongoing … Read more
March 1, 2024 at 11:21AM SecurityWeek’s cybersecurity news roundup compiles key developments in the industry, offering insight into critical vulnerabilities, policy changes, and industry reports. This week’s stories include Apple’s EU user security efforts, a macOS API bug, Intel’s vulnerability patching, CISA’s guide for university cybersecurity clinics, NSO’s court order, and China’s data security plan. … Read more
March 1, 2024 at 06:15AM The text discusses the concept of “blameless” postmortems in tech companies and provides detailed examples of such postmortems from GitLab, Tarsnap, Roblox, and Cloudflare. These case studies uncover the root causes of outages, the impact of the incidents, and the lessons learned in data security and continuity planning. The examples … Read more
February 29, 2024 at 02:08PM Biden’s administration is concerned about national security threats from Chinese-made “connected” vehicles due to data collection and potential foreign access. The Department of Commerce is initiating an investigation and proposed rulemaking to address these risks. China’s burgeoning automobile industry is raising concerns about competition and national security in the US. … Read more
February 29, 2024 at 10:45AM European discount retailer Pepco Group reported a significant loss of €15.5 million to cybercriminals in a fraudulent phishing attack. An investigation is underway, but the company is unsure if the funds can be recovered. Pepco assured that no customer, supplier, or colleague information was compromised and is committed to enhancing … Read more
February 28, 2024 at 07:38PM The ALPHV/BlackCat cybercrime gang has claimed responsibility for a ransomware attack on Change Healthcare, impacting pharmacies and hospitals across the US. They allege to have stolen significant sensitive data, but their credibility is questionable. UnitedHealth Group is investigating the incident and coordinating with law enforcement and cybersecurity experts. The healthcare … Read more
February 28, 2024 at 03:56PM President Biden signed an executive order to ban bulk sale and transfer of Americans’ private data to countries such as China, Russia, Iran, North Korea, Cuba, and Venezuela. The Justice Department will block countries posing threats from accessing sensitive personal data, and new regulations aim to restrict risky data transactions. … Read more
February 27, 2024 at 05:45AM Cybersecurity researchers discovered a vulnerability in the Hugging Face Safetensors conversion service, allowing malicious actors to hijack models submitted by users and conduct supply chain attacks. The attack could compromise repositories, leading to the theft of tokens and potential backdoor implantation. Another recent vulnerability in GPGPUs allowed data recovery from … Read more
February 27, 2024 at 04:37AM Cybercriminals increasingly targeted the manufacturing industry with ransomware attacks last year, with 70% of industrial ransomware infections affecting manufacturing companies. Dragos CEO Robert Lee explains that manufacturing’s early adoption of IoT and connected machines, without adequate security, makes it a prime target. Furthermore, a ransomware infection at German control systems … Read more