A contractor that provides claims processing and other services says several of its community health plan customers - including 1.7 million members of the Oregon Health Plan - are victims of the zero-day MOVEit vulnerability, which has affected more than 500 organizations worldwide.
Threat actors who recently attacked a dozen Norwegian ministries by exploiting a zero-day vulnerability in Ivanti's endpoint management software appeared to have another zero-day flaw that tied to the overall attack exploit chain, Ivanti confirmed on Friday.
More details about victims of the Clop crime group's zero-day attacks on users of the widely used MOVEit file transfer software continue to come to light. Researchers now report that at least 455 organizations were hit directly or indirectly, exposing data for at least 23 million individuals.
A mobile security vendor patched a critically rated zero-day vulnerability in its endpoint management platform that had been used by unknown hackers to attack the Norwegian government. The flaw is rated 10 on the CVSS scale. Multiple governments use the platform - the Ivanti Endpoint Manager Mobile.
Unknown hackers attacked a dozen Norwegian government ministries through a zero day vulnerability present in a shared digital platform, the Oslo government disclosed Monday. The prime minister's office and the ministries of defense, justice and foreign affairs were unaffected.
The count of organizations and individuals affected by Clop's attack on MOVEit file-transfer users has increased, with the Teachers Insurance and Annuity Association of America reporting that 2.6 million members' personal details were exposed when Clop hit service provider PBI Research.
Suspected North Korean hackers who targeted enterprise software firm JumpCloud are likely behind a social engineering campaign targeting the personal GitHub accounts of employees from major technology firms - including those in the cybersecurity sector.
The count of organizations affected by the Clop ransomware group's attack on MOVEit file-transfer software users continues to grow, now numbering over 400 organizations that were directly or indirectly impacted. More than 20 million individuals' personal details were stolen in the attacks.
This week, the U.S. ambassador to China was the latest Chinese hack victim, Linux malware infected 70,000 routers, Norway banned Meta ads, the MOVEit breach affected 1.2 million more customers, a Russian medical lab suffered a ransomware attack, and Estée Lauder shut down systems after a breach.
Days after attributing the recent breach in its customer environment, enterprise software company JumpCloud on Thursday confirmed the involvement of a North Korean nation-state actor who appears to be financially motivated to steal cryptocurrency.
The U.S. Federal Trade Commission and the Department of Health and Human Services are jointly warning dozens of hospitals and telehealth providers of potential patient data privacy and cybersecurity violations involving the use of online tracking technologies.
What are your third parties doing for you when it comes to security, and what has been assumed that you are doing, plus what’s the impact of AI? Bridget Kenyon, CISO at Shared Service Connected, said most organizations need better visibility into vendor risks.
How bad is the breach of the MOVEit zero-day to businesses, government agencies and their customers? The short answer is that the known fallout from the Clop ransomware group attack already looks bad and keeps getting worse as ongoing investigations add to the victim count of 20 million people.
Organizations need to change their approach to managing risk and vulnerabilities, monitor data to one place and identify the true risks - vulnerable devices and systems that matter most to the business, said Vulcan Cyber's Yaniv Bar-Dayan. It’s time to move from quantitative to qualitative analysis.
Federal regulators and medical device maker Becton, Dickinson and Co. are warning about eight vulnerabilities that could allow an attacker to compromise BD's medication infusion product suite, potentially putting data and device integrity at risk if exploited.