Security News > 2024 > April
The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. The BlackCat/ALPHV ransomware gang claimed the attack, alleging to have stolen 6TB of sensitive patient data.
Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact...
For nearly four years and perhaps even longer, Forest Blizzard has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service. Dubbed GooseEgg, the tool is a launcher application that can spawn other applications with SYSTEM-level permissions, thus helping the hackers to perform remote code execution, install backdoors, steal credentials, and more.
Mandiant says the small increase over last year's figures, which were the lowest ever recorded for the region, could be due to data normalizing after Mandiant's work in Ukraine. Its own red teamers are able to achieve their objectives within five to seven days, it said, and given that equally capable enemies are carrying out their attacks regularly, these times need to drop if the number of successful attacks are too.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
TL;DR: If you want to improve your knowledge of cybersecurity, The All-in-One Ethical Hacking & Penetration Testing Bundle is available for $29.99. The All-in-One Ethical Hacking & Penetration Testing Bundle includes nine courses that are perfect for cybersecurity beginners and improvers alike.
In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricate web of interconnected systems and...
Grotto told us Microsoft had to be "Dragged kicking and screaming" to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best. "The government needs to focus on encouraging and catalyzing competition," Grotto said.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption (E2EE). They called on the...