Security News

Ferrari has disclosed a data breach following a ransom demand received after attackers gained access to some of the company's IT systems."We regret to inform you of a cyber incident at Ferrari, where a threat actor was able to access a limited number of systems in our IT environment," Ferrari says in breach notification letters sent to customers.

The NBA is notifying fans of a data breach after some of their personal information, "Held" by a third-party newsletter service, was stolen.The NBA is a global sports and media organization that manages five professional sports leagues, including the NBA, WNBA, Basketball Africa League, NBA G League, and NBA 2K League.

Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability. Hitachi Energy is a department of Japanese engineering and technology giant Hitachi focused on energy solutions and power systems.

Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and Multi-State Information Sharing and Analysis Center. "Exploitation of this vulnerability allowed malicious actors to successfully execute remote code on a federal civilian executive branch agency's Microsoft Internet Information Services web server," the agencies said.

Independent Living Systems, a Miami-based healthcare administration and managed care solutions provider, suffered a data breach that exposed the personal information of 4,226,508 individuals. The number of impacted individuals makes this the largest data breach in the healthcare sector disclosed this year.

The Housing Authority of the City of Los Angeles is warning of a "Data security event" after the LockBit ransomware gang targeted the organization and leaked data stolen in the attack. HACLA is a state-chartered agency that provides affordable housing to low-income individuals and families in Los Angeles, California.

CISA has added an almost three-year-old high-severity remote code execution vulnerability in the Plex Media Server to its catalog of security flaws exploited in attacks. Attackers with "Admin access to a Plex Media Server could abuse the Camera Upload feature to make the server execute malicious code," according to an advisory published by the Plex Security Team in May 2020 when it patched the bug with the release of Plex Media Server 1.19.3.

Healthcare platform Cerebral is sending data breach notices to 3.18 million people who have interacted with its websites, applications, and telehealth services. Cerebral is a remote telehealth company that provides online therapy and medication management for various mental health conditions, including anxiety, depression, ADHD, Bipolar Disorder, and substance abuse.

AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January. "The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. We are notifying affected customers."

The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account and sensitive personal information was stolen from DC Health Link's servers. DC Health Link is the organization that administers the health care plans of U.S. House members, their staff, and their families.