October 26, 2023 at 06:18PM New data from Lumen Technologies reveals that the banking industry was the most targeted vertical for Distributed Denial of Service (DDoS) attacks in Q3 2023. A single banking customer experienced over 230 DDoS attacks in a single day, but Lumen’s multi-layered DDoS mitigation approach prevented any downtime. The report also … Read more
October 26, 2023 at 04:48AM Users of Mirth Connect, an open-source data integration platform, are urged to update to version 4.4.1 due to the discovery of an unauthenticated remote code execution vulnerability (CVE-2023-43208). Horizon3.ai warns that attackers may exploit this vulnerability to gain access to sensitive healthcare data. The flaw affects various versions of Mirth … Read more
October 25, 2023 at 08:03PM Westinghouse subsidiary BHI Energy confirmed experiencing an Akira ransomware attack in June. The threat actor gained access through a compromised account of a third-party contractor. They performed network reconnaissance before exfiltrating 690GB of data and deploying the ransomware. The threat actor was removed in July and BHI was able to … Read more
October 24, 2023 at 05:57PM The City of Philadelphia has disclosed that certain individuals’ information was stolen in a cyberattack involving its email environment. Unauthorized access to city email accounts occurred between May 26 and July 28, and personal information, health information, and financial information may have been compromised. The investigation is ongoing, and the … Read more
October 23, 2023 at 06:21PM Cisco has released a patch for a critical bug in its IOS XE software that allowed criminals to exploit thousands of devices. However, the patch seems to be ineffective as the attackers have updated their implants to evade detection. A new variant of the implant hinders identification of compromised systems. … Read more
October 23, 2023 at 04:12PM Casio, the Japanese electronics maker, announced a data breach that exposed the personal information of customers in 150 countries. The breach occurred in the development environment for ClassPad.net, an education web application managed by Casio. The company attributed the breach to an operational error and insufficient security measures. The compromised … Read more
October 23, 2023 at 10:09AM Cisco has released a free software update to address two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that hackers exploited to compromise over 50,000 IOS XE devices. The first fixed release available is 17.9.4a, with updates for other releases to be disclosed later. The vulnerabilities are in the web UI of Cisco devices … Read more
October 20, 2023 at 06:17PM Cisco has disclosed two high-severity zero-day vulnerabilities, CVE-2023-20198 and CVE-2023-20273, being actively exploited to compromise Cisco IOS XE devices. The company has found fixes for both vulnerabilities and plans to release them on October 22. Over 40,000 devices have already been compromised. System administrators are urged to disable the vulnerable … Read more
October 18, 2023 at 05:22PM Taiwan-based network equipment vendor D-Link confirms data breach but denies hacker’s claims of severity. Investigation reveals that the stolen data is outdated and doesn’t contain personally identifiable or financial information. D-Link believes the breach occurred through a successful phishing attack on an employee and assures customers that they are unlikely … Read more
October 18, 2023 at 12:09AM D-Link, a Taiwanese networking equipment manufacturer, confirmed a data breach that exposed “low-sensitivity and semi-public information.” The breach originated from an old D-View 6 system and did not contain user IDs or financial information. D-Link denied claims of millions of records being compromised and stated that approximately 700 outdated records … Read more