Security News
HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. On December 22, the firm disclosed that it suffered a data breach between July 14 and 23, 2023, which resulted in unauthorized access to some of its systems.
The Australian government announced the 2023-2030 Australian Cyber Security Strategy, which aims to "Help realise the Australian Government's vision of becoming a world leader in cyber security." Overall, the strategy is designed to bring the public and private sectors together in delivering a cohesive vision. More Australia coverage Lack of bipartisan agreement means a lack of clear cyber security strategy.
French IT services provider Atos has entered talks with Airbus to sell its tech security division in an effort to ease its financial burdens. In a market update this morning, Atos Group said it received two letters indicating non-binding interest in its Big Data & Security division, but said only Airbus offered to buy the entire business unit.
Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. The Terrapin attack targets the SSH protocol, affecting both clients and servers, and was developed by academic researchers from Ruhr University Bochum in Germany.
Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even...
Xerox has officially confirmed that a cyber baddie broke into the systems of its US subsidiary - a week after INC Ransom claimed to have exfiltrated data from the copier and print giant. Xerox Business Solutions, a subsidiary of Xerox, offers a range of products and services, from managed IT and print services, to robotic process automation solutions, and more.
The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel. Spreadsheet::ParseExcel RCE. The first issue that CISA added to its Known Exploited Vulnerabilities is CVE-2023-7101, a remote code execution vulnerability that affects versions 0.65 and older of the Spreadsheet::ParseExcel library.
A helpful summary of which US retail stores are using facial recognition, thinking about using it, or currently not planning on using it. Three years ago, I wrote that campaigns to ban facial recognition are too narrow.
As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack...
A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security...