Security News
![Critical Fortinet flaw may impact 150,000 exposed devices](/static/build/img/news/critical-fortinet-flaw-may-impact-150000-exposed-devices-small.jpg)
Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. America's Cyber Defense Agency CISA confirmed last month that attackers are actively exploiting the flaw by adding it to its Known Exploited Vulnerabilities catalog.
![QNAP warns of critical auth bypass flaw in its NAS devices](/static/build/img/news/qnap-warns-of-critical-auth-bypass-flaw-in-its-nas-devices-small.jpg)
QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. NAS devices often store large amounts of valuable data for businesses and individuals, including sensitive personal information, intellectual property, and critical business data.
![NIST Cybersecurity Framework: A Cheat Sheet for Professionals](/static/build/img/news/nist-cybersecurity-framework-a-cheat-sheet-for-professionals-1-small.jpg)
TechRepublic's cheat sheet about the NIST CSF is an overview of this new government recommended best practice, and it includes steps on implementing the security framework. Is the NIST cybersecurity framework just for government use?
![Essays from the Second IWORD](/static/build/img/news/alt/cyberattack-costs-scaled-small.jpg)
About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.
![UnitedHealth brings some Change Healthcare pharmacy services back online](/static/build/img/news/unitedhealth-brings-some-change-healthcare-pharmacy-services-back-online-small.jpg)
Optum's Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system. United Health Group is the largest American health insurance company, and its subsidiary, Optum Solutions, operates the Change Healthcare platform.
![Microsoft confirms Russian spies stole source code, accessed internal systems](/static/build/img/news/microsoft-confirms-russian-spies-stole-source-code-accessed-internal-systems-small.jpg)
Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems. In an updated US Securities and Exchange filing and companion security post, Microsoft provided more details about the breach, which it originally disclosed in January.
![Microsoft says Russian hackers breached its systems, accessed source code](/static/build/img/news/alt/cyberattack-stats-small.jpg)
Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January...
![Change Healthcare registers pulse after crippling ransomware attack](/static/build/img/news/change-healthcare-registers-pulse-after-crippling-ransomware-attack-small.jpg)
Change Healthcare has taken the first steps toward a full recovery from the ransomware attack in February by bringing its electronic prescription services back online. The first step towards a full restoration of systems will be welcome news to the US healthcare system after thousands of hospitals and pharmacies reported severe disruptions following the attack in late February.
![Meta Details WhatsApp and Messenger Interoperability to Comply with EU's DMA Regulations](/static/build/img/news/meta-details-whatsapp-and-messenger-interoperability-to-comply-with-eu-s-dma-regulations-small.jpg)
Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the...
![Swiss cheese security? Play ransomware gang milks government of 65,000 files](/static/build/img/news/swiss-cheese-security-play-ransomware-gang-milks-government-of-65000-files-small.jpg)
The Swiss government had around 65,000 files related to it stolen by the Play ransomware gang during an attack on an IT supplier, its National Cyber Security Center says. A total of 1.3 million files were stolen during the incident at software biz Xplain in May 2023, meaning 5 percent of the entire trove related to the Swiss Federal Administration - a collection of seven federal agencies that alongside the Federal Council comprise the main government departments.