January 29, 2024 at 09:57AM KCATA, a major public transit agency, fell victim to a ransomware attack impacting its communication systems, rendering call centers inoperable. Despite this, regular bus services continue. KCATA is working with cyber professionals to restore systems. Medusa ransomware claimed responsibility and demanded a $2 million ransom, with a daily extension option … Read more
January 27, 2024 at 11:28AM KCATA, a bi-state public transit agency serving Missouri and Kansas, experienced a ransomware attack impacting communication systems. Despite disruption to call centers, bus routes and paratransit services continue to operate normally. The agency is working with cyber professionals to resolve the issue and ensure customer data security. No ransomware groups … Read more
January 26, 2024 at 05:12PM Senator Ron Wyden released documents revealing that the NSA purchases Americans’ internet records, prompting a call for intelligence agencies to cease buying unlawfully obtained personal data from data brokers. Wyden emphasized the need for legal and ethical data practices, highlighting the potential privacy violations and the lack of informed consent … Read more
January 25, 2024 at 12:59PM A new critical bug (CVE-2024-20253, 9.9 CVSS) in Cisco UC/CC solutions poses an unauthenticated remote code execution risk. Attackers can exploit the bug through specially crafted messages, potentially leading to data breaches, service disruption, and unauthorized system access. Cisco has issued patches and recommended interim measures to mitigate the vulnerability. … Read more
January 24, 2024 at 11:40AM Global financial technology firm EquiLend faced a cyberattack resulting in system disruptions and unauthorized network access. The company is working to restore affected services, engaging third-party experts for investigation. A recent acquisition by U.S. private equity firm WCAS is pending, with an additional $200 million investment committed. EquiLend’s Next Generation … Read more
January 23, 2024 at 03:56PM Subway is investigating claims by the LockBit 3.0 ransomware gang that they’ve breached the company’s internal system and plan to sell the data unless a ransom is paid. This potential shift in LockBit’s targets raises concerns, as they typically focus on midsize or small companies. Experts recommend implementing robust cybersecurity … Read more
January 23, 2024 at 10:46AM Fortra warns of a critical authentication bypass vulnerability in GoAnywhere MFT, affecting versions prior to 7.4.1. Exploitation allows unauthorized creation of admin accounts and could lead to data breaches and malware introduction. The flaw was fixed in version 7.4.1, and users are advised to update immediately. Notably, past incidents suggest … Read more
January 23, 2024 at 09:44AM Large enterprises often feel resistant to change due to their deep-rooted culture. Security professionals question the progress made in enhancing organizational security over the years. However, the implementation of AI in enterprise operations is disrupting traditional paradigms, leading to changes in data management, permission systems, and user activity monitoring, despite … Read more
January 23, 2024 at 09:12AM Splunk announced patches for multiple vulnerabilities, including a high-severity bug (CVE-2024-23678) affecting Splunk Enterprise on Windows, allowing unsafe deserialization leading to potential denial of service, application logic abuse, or code execution. Other medium-severity vulnerabilities and flaws in third-party packages were also resolved in versions 9.0.8 and 9.1.3. Splunk recommends upgrading … Read more
January 22, 2024 at 03:03AM The U.S. FTC has banned InMarket Media from selling precise location data without consumer consent and ordered it to destroy collected data subject to user approval. InMarket and Outlogic faced bans for allegations of improper location data use. InMarket allegedly harvested location data from various apps, while a study revealed … Read more