August 29, 2024 at 09:48AM Retail chain Dick’s Sporting Goods disclosed a cyberattack leading to unauthorized access of confidential information. The breach was discovered on August 21, prompting activation of their response plan and engagement with security experts. The company stated no disruption to business operations. They did not disclose details on the attackers, compromised … Read more
August 19, 2024 at 10:06AM FlightAware, a Houston-based flight tracking platform, is requesting some users to reset their account passwords due to a data security incident that may have exposed personal information. The incident, caused by a configuration error on January 1, 2021, was discovered on July 25, 2024. Potentially compromised information includes user IDs, … Read more
July 9, 2024 at 10:03AM The cyberattack on Ivanti’s asset management software has prompted action from CISA and raises questions about exploit techniques, breach response, and downtime costs. Attackers bypassed authentication and gained unauthorized access, prompting CISA to intervene and take Ivanti’s systems offline. The incident emphasizes the importance of robust cybersecurity measures and proactive … Read more
April 11, 2024 at 10:56AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is investigating a recent breach at Sisense, impacting critical infrastructure organizations. Sisense, a business intelligence software company founded in Israel, serves over 2,000 customers. CISA advises customers to reset credentials and report any suspicious activity to them. CISA and Sisense representatives were … Read more
April 4, 2024 at 03:30PM Utah IT software firm Ivanti responded to zero-day attacks with a CEO-led media campaign vowing to revamp its cybersecurity organization, acknowledged its security issues, and promised significant investment in secure-by-design principles. After delays in releasing patches for high-severity vulnerabilities, the US government ordered disconnection of Ivanti products. The CEO outlined … Read more
February 5, 2024 at 01:34PM AnyDesk acknowledged an IT security incident where criminals breached its systems. Though not related to ransomware, the intrusion compromised the code signing certificate, posing a threat of distributing malware as legitimate software. The company has taken steps to address the situation, including revoking security certificates, recommending password changes, and hiring … Read more
December 27, 2023 at 07:30AM Over 80,000 individuals are being informed by National Amusements about a data breach that compromised their personal information in December 2022. The breach involved access to the company’s network and files containing personal data. While the impacted information includes financial account numbers, National Amusements is offering complimentary credit monitoring services … Read more
December 18, 2023 at 08:45AM Mr. Cooper has reported a data breach incident, affecting 14.7 million customers. The breach, discovered on November 1, 2023, exposed personal information, including names, addresses, phone numbers, SSNs, birth dates, and bank account numbers. The company took immediate action to mitigate the incident and is offering identity protection services to … Read more
November 14, 2023 at 04:21PM VMware has released an urgent patch to fix a serious authentication bypass bug in its Cloud Director Appliance product. The vulnerability, known as CVE-2023-34060, has a severity score of 9.8 out of 10 and can be exploited by attackers with network access. The issue affects instances where the appliance has … Read more