A zero-day vulnerability detected in the Java logging library Apache Log4j can result in full server takeover and leaves countless applications vulnerable, according to security researchers, who say that the easily exploitable flaw was first detected in the popular game Minecraft.
A Nov. 16 ransomware attack on Frontier Software leaked "significant personal information" of thousands of South Australian government employees on the dark web, according to a Friday statement by Rob Lucas, treasurer of South Australia.
SonicWall is urging users of its Secure Mobile Access 100 series gateways and remote access products to immediately apply patches, as a majority of the devices are affected by eight critical- to medium-severity vulnerabilities even after enabling their web application firewall.
Open-source analytics and interactive visualization solutions provider Grafana Labs has released an emergency security update to patch a high-severity zero-day vulnerability on its dashboard. The company had to issue the fix before schedule to limit exploitation after a researcher reported it.
While the Maryland Department of Health's public website is operational again after a weekend network security incident, certain systems continue to be offline. Officials are asking employees not to use state-issued computers as state authorities and law enforcement agencies investigate.
An electric cooperative serving two western Colorado counties says a cyberattack first detected Nov. 7 has disabled billing systems and wiped out 20 to 25 years' worth of historic data, leaving the utility operating under limited functionality, according to the company and local reports.
Nearly $200 million has reportedly been stolen from the cryptocurrency exchange BitMart, one of the top centralized crypto exchanges by volume, according to China-based blockchain analytics firm PeckShield, which tracked the heist beginning Saturday.
Good news on the breach prevention and incident response front: More businesses are getting more mature practices in place, although as attackers continue to improve their efforts, so too must defenders, says incident response expert Rocco Grillo of consultancy Alvarez & Marsal.
In October, Missouri's governor accused a journalist of hacking after he alerted the state to exposed personal information on a state education website. Now, emails reveal that state planned on thanking him before it chose to pursue prosecution and that the FBI immediately dismissed the incident.
The U.S. Transportation Security Administration has issued new security directives for higher-risk freight railroads, passenger rail, and rail transit that it says will strengthen cybersecurity across the transportation sector in response to growing threats to critical infrastructure.
Planned Parenthood of Los Angeles is notifying about 400,000 individuals of a hacking incident in October involving the exfiltration of files containing sensitive health data, including patients' diagnoses and medical procedures. Could other similarly high-profile entities and their patients become the next targets?
An Ohio-based DNA testing company reported to regulators that the information of more than 2.1 million individuals contained in a legacy database was accessed and acquired in a hacking incident detected in August. The archived database contained personal information collected more than a decade ago.
Japanese multinational conglomerate Panasonic has disclosed a security breach that it says involved unnamed threat actors accessing servers on its network. The company says it detected the breach on Nov. 11. It was determined that some data on a file server had been accessed during the intrusion.
Pfizer has sued a former employee, alleging she uploaded to her personal devices and accounts thousands of files containing confidential information and trade secrets pertaining to the company's vaccines and medications, including its COVID-19 vaccine, to potentially provide to her new employer.
Following the holiday recess, U.S. lawmakers are picking up several legislative priorities starting Monday, including progress on the annual defense spending bill, which contains amendments that would require incident reporting for critical infrastructure providers, among other measures.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.