Security News

MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. Tools and techniques used to breach MITRE. The attackers leveraged the Ivanti zero-days to gain access to the organization's research and prototyping network, from which they performed additional reconnaissance, moved into its VMware environment and exfitrated data.

The UK Government confirmed today that a threat actor recently breached the country's Ministry of Defence and gained access to part of the Armed Forces payment network.The attacked system contained personal data belonging to active and reserve personnel as well as some recently retired veterans.

Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general...

The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches, according to Verizon's 2024 Data Breach Investigations Report, which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023. "This year's DBIR findings reflect the evolving landscape that today's CISO's must navigate - balancing the need to address vulnerabilities quicker than ever before while investing in the continued employee education as it relates to ransomware and cybersecurity hygiene," said Craig Robinson, Research VP, Security Services at IDC. "The breadth and depth of the incidents examined in this report provides a window into how breaches are occurring, and despite the low-level of complexity are still proving to be incredibly costly for enterprises."

Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March and stole the personal information of an undisclosed number of individuals. The company discovered a data security breach on March 10, 2024, which affected some of its corporate systems but left in-store systems, operations, and guest experience unaffected.

Daily newspaper Philadelphia Inquirer revealed that attackers behind a May 2023 security breach have stolen the personal and financial information of 25,549 individuals. In May 2023, The Inquirer disclosed that its systems were breached in a cyberattack detected after its content management system went down unexpectedly.

Financial Business and Consumer Solutions is warning 1,955,385 impacted individuals in the United States that the company suffered a data breach after discovering unauthorized access to specific systems in its network. According to a data breach notification sample the firm shared with the authorities late last week, on February 26, 2024, it discovered that unauthorized actors had breached its network since February 14, 2024.

Hackers backdoored Cisco ASA devices via two zero-daysA state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances used on government networks across the globe and use two zero-day vulnerabilities to install backdoors on them, Cisco Talos researchers have shared on Wednesday. How to optimize your bug bounty programsIn this Help Net Security interview, Roy Davis, Manager - Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty programs play in identifying security vulnerabilities and facilitating collaboration with researchers.

Healthcare service provider Kaiser Permanente disclosed a data security incident that may impact 13.4 million people in the United States. "Kaiser Permanente has determined that certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors Google, Microsoft Bing, and X when members and patients accessed its websites or mobile applications" - Kaiser Permanente.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.