Month: June 2024
IMAGE: MIDJOURNEY Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device. Ascension says this was likely an “honest mistake” as the employee thought they were downloading a legitimate file. The attack impacted the MyChart electronic…
Read More
Google Cloud, Microsoft, Cube and Posit were among the most innovative vendors at Databricks Data+AI Summit 2024. Tech giants, startups and one company a Databricks co-founder dubbed “the coolest open source company” people haven’t heard of gathered this week for the open analytics platform provider’s annual Data+AI Summit. During the event, the San Francisco-based vendor…
Read More
The New York Times notified an undisclosed number of contributors that some of their sensitive personal information was stolen and leaked after its GitHub repositories were breached in January 2024. As The Times told BleepingComputer last week, the attackers used exposed credentials to hack into the newspaper’s GitHub repos. However, the breach didn’t affect the newspaper’s internal corporate systems…
Read More
According to a ProPublica report, the tech giant was dismissive of an employee’s warnings about a vulnerability later exploited in the widely felt SolarWinds Orion attacks. Microsoft was dismissive of a whistleblower’s warnings about a vulnerability later exploited as part of the widely felt SolarWinds Orion attacks, according to a ProPublica report. The former employee,…
Read More
‘With this new effort, we will help startups launch and scale world-class businesses, providing the building blocks they need to unleash new AI applications that will impact all facets of how the world learns, connects, and does business,’ says AWS’ Matt Wood. Amazon Web Services, the world’s largest cloud provider, is investing $230 million into…
Read More
The Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any personal information was exposed. TDSB is Canada’s largest school board and the fourth largest in North America, responsible for the administration and management of 473 elementary, 110 secondary, and five…
Read More
U.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack. The company and its franchises own 2,160 cafes under the names Panera Bread or Saint Louis Bread Co, spread across 48 states in the U.S. and Ontario, Canada. In breach notification…
Read More
Update June 13, 13:01 EDT: GrapheneOS says CVE-2024-32896 is the same as CVE-2024-29748. Google added a new CVE ID to track the Pixel fix for CVE-2024-29748, a vulnerability exploited by several forensics companies, as BleepingComputer reported in April. “It was exploited by forensics companies against users with apps like Wasted and Sentry trying to wipe the device when…
Read More
A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks. The exploit was developed by security researcher Sina Kheirkha, who also published a detailed post on his site. The post showcased that the flaw is practically more straightforward to…
Read MoreCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-32896 Android Pixel Privilege Escalation Vulnerability CVE-2024-26169 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability CVE-2024-4358 Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors…
Read More