Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. reads the SonicWall’s advisory.

Ransomware 105

Ransomware Access Data breaches Encryption 105

Security Affairs

FEBRUARY 28, 2024

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. million as malicious.

Security 126

Security Phishing Communications Financial Services 126

Security Affairs

OCTOBER 23, 2024

Data Security Posture Management (DSPM) helps organizations address evolving data security and privacy requirements by protecting and managing sensitive information. However, the proliferation of such workloads and the data within creates a complex web of data sprawl that is challenging to navigate and manage.

Data Privacy 101

Data Privacy Privacy GDPR Compliance 101

eSecurity Planet

OCTOBER 15, 2024

But as more teams rely on Kubernetes, security challenges have come sharply into focus. Organizations can better protect their applications and data by following well-established security best practices. Proper security measures, therefore, play a crucial role in managing the risks associated with Kubernetes deployments.

Security 67

Security Encryption Authentication Access 67

Security Affairs

SEPTEMBER 18, 2024

Broadcom released security updates to address a critical vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), in VMware vCenter Server that could lead to remote code execution. It serves as a centralized and comprehensive management platform for VMware’s virtualized data centers. ” reads the advisory.

Cloud 106

Cloud Access IT Security 106

Security Affairs

OCTOBER 25, 2024

US hospice pharmacy OnePoint Patient Care suffered a data breach that exposed the personal info of approximately 800,000 individuals. The company suffered a data breach that exposed the personal info of approximately 800,000 individuals. “On August 8, 2024, OPPC detected suspicious activity on its computer network.

Data breaches 100

Data breaches Ransomware Security IT 100

eSecurity Planet

SEPTEMBER 21, 2024

Cybersecurity laws and regulations encompass a range of legal requirements designed to protect information systems and data from cyber threats. These laws aim to establish standards for securing data, ensuring privacy, and mitigating risks associated with digital information.

Cybersecurity 120

Cybersecurity Computer and Electronics Compliance Privacy 120

Security Affairs

OCTOBER 11, 2024

Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Veeam Backup & Replication is a comprehensive data protection and disaster recovery software developed by Veeam. reads the advisory.

Ransomware 108

Ransomware Authentication Access Cloud 108

Krebs on Security

AUGUST 27, 2024

In a security advisory published Aug. 26, Versa urged customers to deploy a patch for the vulnerability ( CVE-2024-39717 ), which the company said is fixed in Versa Director 22.1.4 ISP on June 12, 2024. In January 2024, the U.S. victims and one non-U.S. victims and one non-U.S. ”

Communications 278

Communications Information Security Cybersecurity Security 278

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. GeoServer is an open-source server that allows users to share and edit geospatial data. GeoServer versions prior to 2.23.6, The vulnerability has been addressed in versions 2.23.6,

Libraries 107

Libraries Encryption Cybersecurity Access 107

Security Affairs

SEPTEMBER 16, 2024

SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. and prior versions. ” reads the advisory.

Access 119

Access Authentication Security Information Security 119

IT Governance

FEBRUARY 16, 2024

Expert tips from Alan Calder Alan is the Group CEO of GRC International Group PLC, the parent company of IT Governance, and is an acknowledged international security guru. We sat down to chat to him about industry challenges in 2024. There are still more than ten months to go in 2024.

Data Privacy 104

Data Privacy GDPR Compliance Privacy 104

IT Governance

FEBRUARY 5, 2024

29,530,829,012 known records breached so far in 4,645 publicly disclosed incidents Welcome to our 2024 data breaches and cyber attacks page, where you can find an overview of the year’s top security incidents, the most breached sectors of 2024, month-on-month trends, links to our monthly reports, and much more.

Data breaches 93

Data breaches Security Government Personal data 93

Security Affairs

AUGUST 17, 2024

Background check service National Public Data confirms a data breach that exploded millions of social security numbers and other sensitive information. The company states that the security incident may have occurred in late December 2023, with potential leaks of certain data in April 2024 and summer 2024.

Data breaches 122

Data breaches Archiving Sales Personal data 122

Security Affairs

OCTOBER 7, 2024

238,000 Comcast customers were impacted by the FBCS data breach following the February ransomware attack, Comcast reports. Telecommunications giant Comcast is notifying approximately 238,000 customers impacted by the Financial Business and Consumer Solutions (FBCS) data breach. reads the notice of data breach.

Data breaches 117

Data breaches Ransomware Access Encryption 117

Security Affairs

JULY 25, 2024

The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs researchers observed a malware campaign exploiting the vulnerability CVE-2024-21412 (CVSS score: 8.1) with booby-trapped files.

Education 129

Education Security Information Security Cybersecurity 129

Security Affairs

OCTOBER 7, 2024

Universal Music Group notified hundreds of individuals about a data breach compromising their personal information. Universal Music Group is notifying 680 individuals about a data breach that compromised their personal information, including their Social Security number.

Data breaches 110

Data breaches Ransomware Security Access 110

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. Image: Tamer Tuncay, Shutterstock.com.

Insurance 212

Insurance Ransomware Data breaches Computer and Electronics 212

Security Affairs

FEBRUARY 20, 2024

Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The IT giant addressed the issue with the release of Patch Tuesday security updates for February 2024. Out of 97,000 servers, 28,500 have been verified to be vulnerable to CVE-2024-21410.

Authentication 130

Authentication Ransomware Cybersecurity Security 130

Security Affairs

APRIL 6, 2024

Experts warn of roughly 16,500 Ivanti Connect Secure and Poly Secure gateways still vulnerable to a remote code execution (RCE) flaw. Shadowserver researchers reported that roughly 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to the recently reported RCE flaw CVE-2024-21894.

Security 120

Security Information Security IT 120

Security Affairs

FEBRUARY 14, 2024

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The vulnerability CVE-2024-24691 is an improper input validation bug that could be exploited by an attacker with network access to escalate privileges. ” reads the advisory.

Authentication 129

Authentication Access IT Security 129

Security Affairs

OCTOBER 14, 2024

US-based financial services company Fidelity Investments warns 77,000 individuals of a data breach that exposed their personal information. based financial services company Fidelity Investments is notifying 77,099 individuals that their personal information was compromised in an August cyberattack.

Data breaches 121

Data breaches Financial Services Access Security 121

Security Affairs

JULY 17, 2024

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void Banshee was spotted exploiting the Windows zero-day CVE-2024-38112 (CVSS score of 7.5) to execute code through the disabled Internet Explorer.

Archiving 105

Archiving Ransomware Libraries Passwords 105

Security Affairs

SEPTEMBER 30, 2024

Community Clinic of Maui experienced a data breach impacting over 120,000 people following a LockBit ransomware attack. ’ The Community Clinic of Maui now discloses a data breach impacting 123882 people following the LockBit ransomware attack. In June, the Lockbit ransomware gang took credit for the attack.

Data breaches 109

Data breaches Ransomware Personal data Cybersecurity 109

Security Affairs

AUGUST 19, 2024

Microsoft has addressed a zero-day vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), which has been exploited by the North Korea-linked Lazarus APT group. The vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), is a privilege escalation issue that resides in the Windows Ancillary Function Driver (AFD.sys) for WinSock.

Access 129

Access Security Marketing IT 129

Security Affairs

JULY 25, 2024

Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. It provides tools for report design, scheduling, and secure delivery, allowing organizations to centralize their reporting processes. ” reads the report published by the company.

Authentication 104

Authentication Access Security IT 104

Security Affairs

JULY 2, 2024

million individuals were affected by the data breach it suffered in February 2024. The insurance company Prudential Financial confirmed that the data breach it suffered in February 2024 affected over 2.5 The incident occurred on February 4, 2024, and was discovered on February 5, 2024. million individuals.

Data breaches 124

Data breaches Insurance Ransomware Security 124

Security Affairs

OCTOBER 11, 2024

The Internet Archive disclosed a data breach, the security incident impacted more than 31 million users of its “The Wayback Machine.” As of September 5, 2024, the Internet Archive held more than 42.1 Starting from Wednesday, the website archive.org was displaying a message informing visitors that it was hacked.

Archiving 106

Archiving Data breaches Passwords File names 106

Security Affairs

DECEMBER 26, 2023

Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 100 and government agencies worldwide, has compiled a comprehensive forecast outlining the imminent threats and novel security challenges anticipated in the upcoming year.

Energy and Utilities 124

Energy and Utilities Artificial Intelligence Ransomware Data breaches 124

Security Affairs

AUGUST 4, 2024

operating as National Public Data, exposed the personal information of nearly 3 billion individuals in an April data breach. operating with the National Public Data, exposed the personal information of nearly 3 billion individuals in a data breach that occurred in April. Jerico Pictures Inc.,

Data breaches 142

Data breaches Personal data Sales Archiving 142

Thales Cloud Protection & Licensing

APRIL 24, 2024

Stronger Together: Join Thales & Imperva at RSA Conference 2024 Where the World Talks Security madhav Thu, 04/25/2024 - 05:17 In today’s increasingly connected and digital world, the cybersecurity industry stands as a bastion against a relentless tide of threats. Today, the benefits of vendor consolidation are clear.

Security 104

Security Digital transformation Cloud Cybersecurity 104

Security Affairs

OCTOBER 18, 2024

Omni Family Health disclosed a data breach affecting nearly 470,000 current and former patients and employees. Omni Family Health is notifying nearly 470,000 individuals that their personal information was compromised in a data breach resulting from a cyberattack that occurred earlier this year.

Data breaches 113

Data breaches Insurance Cybersecurity Ransomware 113

Security Affairs

SEPTEMBER 6, 2024

Car rental giant Avis disclosed a data breach that impacted one of its business applications in August compromising customers’ personal information. Car rental company Avis notified customers impacted in an Augus data breach. ” reads the data breach notification letter sent to the impacted individuals.

Data breaches 110

Data breaches Cybersecurity Access Security 110

Security Affairs

OCTOBER 17, 2024

VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. ” VMware HCX (Hybrid Cloud Extension) is a workload mobility platform designed to simplify the migration, rebalancing, and continuity of workloads across data centers and clouds.

Authentication 107

Authentication Cloud IT Information Security 107

Security Affairs

JUNE 20, 2024

Atlassian June 2024 Security Bulletin addressed nine high-severity vulnerabilities in Confluence, Crucible, and Jira products. The most severe issue addressed by the company is an improper authorization org.springframework.security:spring-security-core dependency in Confluence Data Center and Server. to 8.9.28.8.0

Security 116

Security IT Information Security 116

Security Affairs

AUGUST 28, 2024

Software solutions provider Young Consulting disclosed a data breach impacting 950,000 individuals following a BlackSuit ransomware attack. Attackers gained access to the company network between April 10, 2024, and April 13, 2024, and stole certain files. ” reads a notice of data breach published by the company.

Data breaches 84

Data breaches Ransomware Insurance Access 84

Security Affairs

AUGUST 28, 2024

Cisco Talos observed the BlackByte ransomware group exploiting the recently patched security flaw CVE-2024-37085 in VMware ESXi hypervisors in recent attacks. The flaw CVE-2024-37085 (CVSS score of 6.8) BlackByte ransomware operators are exploiting a recently patched VMware ESXi hypervisors vulnerability in recent attacks.

Ransomware 107

Ransomware Authentication Encryption Access 107