Security News

Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. America's Cyber Defense Agency CISA confirmed last month that attackers are actively exploiting the flaw by adding it to its Known Exploited Vulnerabilities catalog.

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. NAS devices often store large amounts of valuable data for businesses and individuals, including sensitive personal information, intellectual property, and critical business data.

TechRepublic's cheat sheet about the NIST CSF is an overview of this new government recommended best practice, and it includes steps on implementing the security framework. Is the NIST cybersecurity framework just for government use?

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

Optum's Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system. United Health Group is the largest American health insurance company, and its subsidiary, Optum Solutions, operates the Change Healthcare platform.

Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems. In an updated US Securities and Exchange filing and companion security post, Microsoft provided more details about the breach, which it originally disclosed in January.

Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January...

Change Healthcare has taken the first steps toward a full recovery from the ransomware attack in February by bringing its electronic prescription services back online. The first step towards a full restoration of systems will be welcome news to the US healthcare system after thousands of hospitals and pharmacies reported severe disruptions following the attack in late February.

Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the...

The Swiss government had around 65,000 files related to it stolen by the Play ransomware gang during an attack on an IT supplier, its National Cyber Security Center says. A total of 1.3 million files were stolen during the incident at software biz Xplain in May 2023, meaning 5 percent of the entire trove related to the Swiss Federal Administration - a collection of seven federal agencies that alongside the Federal Council comprise the main government departments.