Author: nlqip

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 DOPSoft Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics CNCSoft-G2, a Human-Machine Interface (HMI)…

Read More

UnitedHealth confirms that Change Healthcare’s network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company’s Citrix remote access service, which did not have multi-factor authentication enabled. This was revealed in UnitedHealth CEO Andrew Witty’s written testimony published ahead of a House Energy and Commerce subcommittee hearing scheduled for tomorrow. The ransomware attack on Change…

Read More

Apr 30, 2024NewsroomDocker Hub / Supply Chain Attack Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious “imageless” containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. “Over four million of the repositories in Docker Hub are imageless and…

Read More

A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients. On October 21, 2020, the Vastaamo Psychotherapy Center in Finland became the target of blackmail…

Read More

‘The funding is for us to double down on investments in the channel,” says Dave Colesante, Apptega CEO. ‘It’s being able to package up compliance-as-a-service with our partners and do the same on the security scoring part.’ Apptega has raised $15 million in funding to accelerate the development of technology that brings continuous compliance to…

Read More

AWS’ global partner leader, Ruba Borno, talks with CRN about the general availability of Amazon Q Tuesday and why the AI-powered assistant is better than rivals Google and Microsoft’s generative AI technology. AWS’ Ruba Borno is bullish that Amazon Q is now the world’s best generative AI-powered assistant as the new AI chatbot becomes generally…

Read More

Elizabeth Warren put the kibosh on bad banking practices with her vision for the Consumer Financial Protection Bureau and now, with the Digital Consumer Protection Commission Act, she’s taking on Big Data. She joined us to talk about reigning in the Wild West of online life. This week’s Tinfoil Swan takes a look at subscription…

Read More

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I’ve been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I’m a fellow and lecturer at Harvard’s Kennedy School, a board member of EFF, and the Chief of Security Architecture…

Read More

Apr 30, 2024NewsroomMachine Learning / National Security The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats. “These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems,” the…

Read More

Calls for better response amid consolidation Meanwhile, the ransomware attack on Change Healthcare has triggered demands for mandatory baseline security standards for healthcare providers. Earlier this month, UnitedHealth faced criticism for its handling of the attack during a three-hour session before the House Energy and Commerce Committee. Significantly, the incident has brought concerns about healthcare…

Read More