Month: April 2024
The Los Angeles County Department of Health Services disclosed a data breach after thousands of patients’ personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. This integrated health system operates the public hospitals and clinics in L.A. County (the most populous county in…
Read More
Healthcare service provider Kaiser Permanente disclosed a data security incident that may impact 13.4 million people in the United States. Kaiser Permanente is an integrated managed care consortium and one of the largest nonprofit health plans in the U.S. It operates 40 hospitals and 618 medical facilities in California, Colorado, the District of Columbia, Georgia, Hawaii, Maryland,…
Read More
A recent cyberattack on a wastewater treatment plant in Tipton, Indiana, has been claimed by the Cyber Army of Russia Reborn (CARR), a Russian-speaking hacker group. The incident spotlights the ongoing vulnerability of critical infrastructure in smaller communities, even as the plant itself reportedly experienced minimal disruption. CARR has previously been linked to similar cyberattacks…
Read More
State of Kansas names John Godfrey as CISO John Godfrey has become the new chief information security officer for the State of Kansas, following the appointment of former CISO Jeff Maxon to Chief Information Technology Officer for Kansas. Godfrey will lead the Kansas Information Security Office in developing and implementing information security strategies, including cybersecurity…
Read More
Dutch semiconductor manufacturer Nexperia has suffered a significant data breach, exposing sensitive information, including intellectual property. The company’s servers were compromised, prompting Nexperia to take them offline and launch a full-scale investigation. The extent of the damage remains unclear, and Nexperia hasn’t confirmed whether the attackers demanded ransom. However, the hacking group Dunghill has claimed…
Read More
Apr 26, 2024NewsroomThreat Intelligence / Cyber Attack Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to…
Read More
In 2022, we published an article discussing the rise in targeted cyberattacks on managed service providers (MSPs), which included warnings from the Five Eyes intelligence alliance. Nearly two years later, it has become evident that these warnings were well-founded, as attacks on MSPs now occur on a regular basis. In this article, we will explore…
Read More
Frequently asked questions about CVE-2024-20353 and CVE-2024-20359, two vulnerabilities associated with “ArcaneDoor,” the espionage-related campaign targeting Cisco Adaptive Security Appliances. Background The Tenable Security Response Team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding an espionage campaign called ArcaneDoor. FAQ What is ArcaneDoor? ArcaneDoor is the name given to an espionage-focused campaign…
Read More
The data security company remains committed to driving its business through channel partners after completing the first cybersecurity IPO in more than two years, Rubrik co-founder and CTO Arvind Nithrakashyap tells CRN. Rubrik’s stock price surged Thursday following the completion of its initial public offering, another indicator that the data security company remains on track…
Read More
The FBI has warned today that using unlicensed cryptocurrency transfer services can result in financial loss if law enforcement takes down these platforms. This announcement is aimed at crypto transfer platforms not registered as Money Services Businesses (MSB) and non-compliant with anti-money laundering requirements as mandated by U.S. federal law. Such cryptocurrency services are frequently…
Read More