Researchers discovered an undisclosed malware family named EarlyRat being used by a branch of the North Korea-backed Lazarus Group. Kaspersky researchers said they stumbled upon the never-before-seen malware family, which is deployed in Log4j and phishing attacks.
More victims of the Clop ransomware group's supply chain attack against popular file transfer software MOVEit continue to come to light. Security experts say about 150 organizations now appear to have been affected by the attacks, which compromised the personal data of over 16 million individuals.
Federal regulators have issued a warning about a vulnerability in medical device maker Medtronic's Paceart Optima System which, if exploited, could lead to a denial-of-service or remote code execution affecting the system's cardiac device data.
Venn Software landed Series A funding to help businesses ensure the security and compliance of data on laptops they don't necessarily manage or own. The $29 million will enable firms to control and govern corporate data on worker-owned devices without forcing users to launch remote virtual desktops.
A firm that provides coding and billing services to healthcare entities has agreed to pay federal regulators a $75,000 fine and implement a corrective action plan in the wake of an exfiltration incident that compromised patient data contained in an unsecured network server.
A Cleveland-based healthcare system is notifying a not-yet-disclosed number of individuals about an incident involving unauthorized medical records access by an employee that continued for 15 years. The safety-net organization says the worker has been disciplined.
Security researchers at Censys found hundreds of federally owned devices at 50 different agencies exposed to the internet, accessible through IPv4 addresses and loaded with potentially vulnerable MOVEit and Barracuda Networks' ESG software. The vulnerabilities violate new CISA policy, the firm said.
Technology giant Apple has joined the chorus of voices calling on the British government to rethink its proposed Online Safety Bill legislation intended to increase public safety by monitoring people's private communications via client-side scanning.
A startup founded by longtime Israeli Military Intelligence leaders landed Series B funding to support the cloud and on-premises data protection needs of hybrid organizations. The $100 million will help Cyera expand and broaden its offering to cover more pain points enterprises are experiencing.
The tally of organizations affected by the Clop ransomware group's supply chain attack against users of Progress Software's popular MOVEit file transfer software continues to grow. UCLA and New York City schools - including students and staff - are the most recently named victims.
Application security testing, or AST, and API security testing are important components of a comprehensive cybersecurity strategy. We'll discuss the application and API security best practices for each type of testing, the use cases, and how they protect your business from cyberattacks.
As generative AI applications become more common in healthcare, organizations will need to carefully consider critical third-party risk issues involving the use of these technologies, said Damian Chung, business information security officer at security firm Netskope.
A Chinese state hacker is using novel tradecraft to gain initial access to victim systems, according to CrowdStrike. Targeted organizations include those in the communications, manufacturing, utility, transportation, construction, maritime, government, IT and education sectors.
A Berlin, Maryland-based hospital recently told regulators that a ransomware breach discovered in January had compromised the sensitive information of nearly 137,000 patients, about five times the number of people originally estimated as having been affected by the incident.
Irish Parliament has proposed changes to a new bill that would make it a criminal offense to disclose privacy reprimands issued by the Data Protection Commission. Civil rights groups are accusing the government of shielding the country's privacy regulator from criticism.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.