A new attack dubbed “TunnelVision” can route traffic outside a VPN’s encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection. The method, described in detail in a report by Leviathan Security, relies on the abuse of Dynamic Host Configuration Protocol’s (DHCP) option 121, which permits the…
Read More
In response to the attack, Change Healthcare technology infrastructure has been rebuilt from the ground up. Change Healthcare’s data center network and core services have been rebuilt with added server capacity and greater reliance on the cloud. Questions about insurance reimbursements and the extent of the breach, which also exposed the personal information and medical…
Read More
‘There’s a very unique flavor to TeraSky that I know the founders are working hard to preserve. It’s the first-encounter relationship with the customers. A very deep knowledge and expertise and competencies with our vendors of choice. We will not be tagged as box movers and paper pushers. If we don’t have our value add…
Read More
The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev and charged him with using Lockbit to attack more than 2,000 victims and extort at least $100 million in…
Read More
Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. Tinyproxy is an open-source HTTP and HTTPS proxy server designed to be fast, small, and lightweight. It is specifically tailored for UNIX-like operating systems and is commonly used by small businesses, public WiFi providers, and home users. At the…
Read More
BetterHelp has agreed to pay $7.8 million in a settlement agreement with the U.S. Federal Trade Commission (FTC) over allegations of misusing and sharing consumer health data for advertising purposes. Founded in 2013, BetterHelp is an alternative to traditional face-to-face therapy sessions. It provides a mental health platform for direct counseling from licensed therapists through text,…
Read MoreToday, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare…
Read More
The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named Dmitry Yuryevich Khoroshev. In addition, Khoroshev has been sanctioned by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury’s Office of Foreign Assets Control…
Read More
“We’re at $100 billion-plus annualized revenue run rate, yet 85 percent or more of the global IT spend remains on-premises,” said Andy Jassy, Amazon’s CEO and former longtime leader of AWS. Amazon’s CEO Andy Jassy says AWS’ generative AI strategy is accelerating companies to ditch their on-premises IT environments in favor of the cloud, with…
Read MoreCISA released two Industrial Control Systems (ICS) advisories on May 07, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol
Read More