Security News

More than a week after its website and online services were taken offline by malware, foreign currency super-exchange Travelex continues to battle through what has become an increasingly damaging outage that may have unpatched VPN servers at its heart. While the capital's cops declined to name a specific victim, a spokesperson told us: "On Thursday, 2 January the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Enquiries into the circumstances are ongoing."

On Saturday, Troy Mursch of Chicago-based threat intelligence firm Bad Packets reported that his internet scans have identified 3,825 Pulse Secure VPN servers that remain at risk because they have not been updated with a patch to fix a critical vulnerability, designated CVE-2019-1150. The patch for Pulse Secure VPN servers - as with critical patches for VPN servers built by Fortinet and Palo Alto that have also required updates to fix serious flaws since last year - has been available for months.

A breach stemming from malware infecting a medical imaging server at a small, rural New Mexico hospital serves as a reminder of medical equipment data security and privacy vulnerabilities and risks faced by facilities of all sizes. While Roosevelt General says in its statement that the malware infecting a digital imaging server did not affect EHRs, the risk of medical device security incidents also affecting records systems is a growing worry, some experts say.

2019 was a banner year for data exposures, with billions of people affected by cloud misconfigurations, hacks and poor security practices in general. Here's the Threatpost Top 10 for data-breach...

Things you don't do with Elasticsearch dbs, number 1: Put them on the web Exclusive Infosec researchers have uncovered a data breach affecting 1.3TB of web server log entries held by Chinese...

Vendor revenue in the worldwide server market declined 6.7% year over year to $22.0 billion during the third quarter of 2019 (3Q19), according to IDC. Worldwide server shipments declined 3.0% year...

Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected...

Cisco Talos researchers have identified two vulnerabilities in the GoAhead embedded web server, including a critical flaw that can be exploited for remote code execution. read more

An exposed Elasticsearch server was found to contain data on more than 1.2 billion people, Data Viper security researchers report. The server was accessible without authentication and it contained...

One in ten of Louisiana’s 5,000 computer network servers that power operations across state government were damaged by this week’s cyberattack, a key technology official told lawmakers Friday. read more