Software giant ConnectWise urged customers to promptly update critical vulnerabilities that could allow the execution of remote code or directly affect confidential data or critical systems. The two vulnerabilities stem from an authentication bypass weakness and path traversal flaw.
A glitch in Wyze home security cameras permitted thousands of users to catch glimpses inside strangers' homes as its cloud system came back online after an hourslong outage. Around 13,000 Wyze users received thumbnails from cameras that were not their own, and around 1,504 users tapped on them.
The Biden administration's focus on addressing long-standing vulnerabilities in IT and OT at U.S. ports is a step in the right direction, and new incident reporting mandates could significantly benefit smaller, resource-strapped ports, experts told ISMG.
An Arizona firm that provides administrative services to a dozen ophthalmology practices in several states is notifying nearly 2.4 million patients of a data theft incident. The hack is among the latest recent major data breaches involving vendors of critical services to healthcare firms.
California privileged access management vendor Delinea announced it will acquire identity governance and administration vendor Fastpath. "We believe privilege, not just identity, is the true security perimeter," said Delinea Chief Product Officer Phil Calvin.
Australian telecom company Tangerine is blaming the compromise of a third-party contractor's credentials for exposing personal information of 232,000 customers, which had been stored in a legacy database. The breach exposed customers' names, birthdates, mobile numbers, addresses and account numbers.
Russian authorities have reportedly arrested three accused members of the SugarLocker ransomware-as-a-service operation. Their alleged crime? Targeting Russians, although one suspect has also been tied to a massive hack of Australian health insurer Medibank and a subsequent data leak.
U.S. President Joe Biden is set Wednesday to sign an executive order aimed at bolstering cybersecurity in maritime ports, including a directive for the Coast Guard to develop minimum cybersecurity standards for the marine transportation system.
As the two-year anniversary of Moscow's all-out war of conquest against Ukraine approaches, recent Russian cyber operations have focused not just on spear-phishing targets but also seeking to poison everyday Ukrainians' morale, focusing on heating outages and medical shortages.
Cross-site scripting vulnerabilities in Joomla, a widely used free-source content management system, were fixed in a patch published Tuesday by the open-source project that maintains the software. The flaws potentially expose millions of websites to attacks that can end with remote code execution.
A Finnish hacker on trial for his alleged role in the hack and leak of mental patient notes taken during psychotherapy sessions has vanished. A Finnish court on Friday ordered Aleksanteri Tomminpoika Kivimäki back into jail. He was under home detention at the time of his disappearance.
A bipartisan pair of congressmen is again attempting to address long-standing issues of patient safety and privacy - as well as medical errors, inadvertent information disclosures and denied medical claims - which all occur when patients and the health records used to treat them do not match.
An apparent leak of internal documents from a Chinese hacking contractor paints a picture of a disaffected, poorly paid workforce that nonetheless penetrated multiple regional governments and possibly NATO. Multiple experts told Information Security Media Group the documents appear to be legitimate.
Jeff Shiner, CEO of the popular password management company 1Password, said Monday that the company is acquiring leading device security platform Kolide in response to the "historic transformation of the workplace that demands transformative and intuitive new security solutions."
An international law enforcement operation that infiltrated ransomware-as-a-service operation LockBit has resulted in arrests, indictments and the seizure of encryption keys that can be used to help victims recover their data. LockBit emerged in 2019 and was one of the largest ransomware operations.