Security News
Pharmaceutical giant Cencora has confirmed that patients' protected health information and personally identifiable information (PII) was exposed in a February cyberattack. [...]
US law enforcement and cybersecurity agencies are reminding the public that the country's voting systems will remain unaffected by distributed denial of service attacks as the next presidential election fast approaches. The feds didn't go as far as to say they expected DDoS attacks to strike the November election, but they did comment on how popular a tactic they are among politically and ideologically motivated hacktivists and cybercriminals.
Germany's government has named China-controlled actors as the perpetrators of a 2021 cyber attack on the Federal Office of Cartography and Geodesy - the official mapping agency. The nation's Ministry of the Interior and Home Affairs on Wednesday published an assertion that China infiltrated the Office's systems to conduct espionage, after first compromising devices belonging to private individuals and businesses to conduct the raid.
OneBlood, a large not-for-profit blood center that serves hospitals and patients in the United States, is dealing with an IT systems outage caused by a ransomware attack. [...]
CISA and the FBI said today that Distributed Denial of Service (DDoS) attacks targeting election infrastructure will, at most, hinder public access to information but will have no impact on the...
Microsoft confirmed that a nine-hour outage on Tuesday, which disrupted numerous Microsoft 365 and Azure services worldwide, was caused by a distributed denial-of-service (DDoS) attack. Affected services included Microsoft Entra, Intune, Power BI, Power Platform, Azure App Services, and others.The company explained that their DDoS protection mechanisms were triggered, but an error in the implementation of their defenses exacerbated the attack's impact. Once the issue was identified, Microsoft made networking configuration changes and rerouted to alternate paths to mitigate the problem.
A DDoS attack that started on Tuesday has made a number of Microsoft Azure and Microsoft 365 services temporarily inaccessible, the company has confirmed. Microsoft's mitigation statement on the Azure status history page.
CISA has ordered U.S. Federal Civilian Executive Branch agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks. Broadcom subsidiary VMware fixed this flaw discovered by Microsoft security researchers on June 25 with the release of ESXi 8.0 U3. CVE-2024-37085 allows attackers to add a new user to the 'ESX Admins' group-not present by default but can be added after gaining high privileges on the ESXi hypervisor-which will automatically be assigned full administrative privileges.
Theoretically, the threat of ransomware would be more of a costly irritant than a catastrophe; the idea being that if you pay the ransom, the problem goes away. Research from McGrathNicol Advisory found that 73% of Australian organisations that experienced a ransomware attack in the past five years chose to pay the ransom.
The City of Columbus, Ohio, says it's investigating whether personal data was stolen in a ransomware attack on July 18, 2024 that disrupted the City's services. An update published on the City's website yesterday confirms that the City of Columbus suffered a ransomware attack that was successfully thwarted, and no systems were encrypted.