A contractor that provides claims processing and other services says several of its community health plan customers - including 1.7 million members of the Oregon Health Plan - are victims of the zero-day MOVEit vulnerability, which has affected more than 500 organizations worldwide.
TikTok will know within a month the outcome of an Irish investigation into whether the short-form video app violated the privacy of underage users. The investigation stalled after other European national privacy enforcers raised objections to the Irish Data Protection Commission's draft decision.
ISMG's roundup of digital assets-related cybersecurity incidents includes Kenya, France and Germany's probe into WorldCoin; July security incidents; Curve Finance and LeetSwap theft; the crypto amendment in the NDAA; and India's lack of crypto regulation.
A finalist in RSA Conference's prestigious Innovation Sandbox contest completed its first major funding round to extend its capabilities from code security to pipeline security. Endor Labs got $70 million to move beyond protecting open-source software and get into locking down the CI/CD pipeline.
Shadow APIs are up 900%, and API business logic abuse attacks have come to the forefront and are demanding both discovery and defensive measures from cybersecurity organizations, said James Sherlow, director of solution engineering in EMEA at Cequence Security.
A hacking campaign that exploited Ivanti mobile device manager to target the Norwegian government began in April or possibly earlier, say cybersecurity agencies from the U.S. and Norway. Mobile device management systems are "attractive targets for threat actors," the alert warns.
Public details have been scant so far from two medical care providers about recent major hacks that compromised the personal information of an unconfirmed number of patients. But that hasn't stopped the push by class action attorneys, who are already filing lawsuits.
Tenable CEO Amit Yoran once again accused Microsoft of irresponsible security practices, this time for letting a critical Azure vulnerability stay unpatched for four months. Tenable told Microsoft about a flaw in an Azure service that would allow an unauthenticated attacker to access sensitive data.
A multistage malware campaign is targeting industrial organizations in Eastern Europe with the objective of pilfering valuable intellectual property, including data from air-gapped systems. Researchers at Kaspersky identified two campaigns it has attributed to the Beijing-aligned APT31 group.
According to Expel's Q1 2023 Quarterly Threat Report, criminals are exploiting 1- to 2-year-old vulnerabilities. This suggests organizations don’t know which vulnerabilities pose the biggest threats to their environments, said Andrew Hoyt, Expel's director of solution architecture.
Shadow IT strikes again: Britain's privacy watchdog has reprimanded the NHS Lanarkshire health board in Scotland after finding its staff used WhatsApp for the unauthorized sharing of patient data and images as a workaround for in-person clinical discussions during the coronavirus pandemic.
A little-known cloud infrastructure provider called Cloudzy has been facilitating nation-state hackers, commercial spyware operations and ransomware affiliates' attacks by failing to keep a close eye on what its customers are doing, researchers at cybersecurity firm Halcyon warn.
Employees need technology that is easy to use and free of errors and that directs them to appropriate cybersecurity guidance when they have questions. Basically, they need technology that helps them to help themselves work more securely, said university professor Steve Furnell.
Atlanta-based trust intelligence firm OneTrust has balanced growth and profitability and now plans to use its $150 million funding round to boost its financial controls and processes and recruit a majority independent board to prepare for an eventual initial public offering, said CEO Kabir Barday.
As more organizations undergo resource and cost pressures, 86% of managed security services customers are deciding to consolidate security tools and outsource their security requirements, according to the OpenText Cybersecurity 2023 Global Managed Security Survey.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.