Ascension Healthcare Suffers Major Cyberattack
Healthcare provider Ascension, which operates 140 hospitals across 19 states, fell victim to a cyberattack that took down multiple essential systems including electronic health records (EHRs), the MyChart platform for patient communication, and certain medication and test-ordering systems. The organization disclosed the attack on May 8 and said it is actively investigating it with internal and external advisers, prioritizing patient safety amid the disruption. READ MORE...
Dell API abused to steal 49 million customer records in data breach
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. Yesterday, BleepingComputer reported that Dell had begun to send notifications warning customers that their personal data was stolen in a data breach. This data breach contained customer order data, including warranty information, service tags, customer names, installed locations, customer numbers, and order numbers. READ MORE...
Widely used modems in industrial IoT devices open to SMS attack
Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. A set of eight separate issues, seven of them with identifiers CVE-2023-47610 through CVE-2023-47616 and another that has yet to be registered, were disclosed last November by security researchers at Kaspersky's ICS CERT division. READ MORE...
Google patches its fifth zero-day vulnerability of the year in Chrome
Google has updated its Chrome browser to patch a high-severity zero-day vulnerability that allows attackers to execute malicious code on end user devices. The fix marks the fifth time this year the company has updated the browser to protect users from an existing malicious exploit. The vulnerability, tracked as CVE-2024-4671, is a "use after free," a class of bug that occurs in C-based programming languages. READ MORE...
How Did Authorities Identify the Alleged Lockbit Boss?
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how they connected him to Khoroshev. This post examines the activities of Khoroshev's many alter egos on the cybercrime forums. READ MORE...
Millions of IoT Devices at Risk From Flaws in Integrated Cellular Modem
Researchers discovered seven vulnerabilities - including an unauthenticated RCE issue - in widely deployed Telit Cinterion modems. Millions of IoT devices in sectors such as financial services, telecommunications, healthcare, and automotive are at risk of compromise from several vulnerabilities in a cellular modem technology the devices use to communicate with each other and with centralized servers. READ MORE...
Critical vulnerabilities take 4.5 months on average to remediate
Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed past CISA's deadlines, according to Bitsight. The report, titled "A Global View of the CISA KEV Catalog: Prevalence and Remediation," analyzes data from 1.4 million organizations globally and highlights the deep challenges that global organizations face in remediating critical, exploited vulnerabilities on time. READ MORE...
- ...in 1880, Thomas Edison performs the first test of his electric railway in Menlo Park, NJ.
- ...in 1939, the first commercial FM radio station is launched in Bloomfield, CT. It would later become WDRC-FM, currently 102.9 The Whale.
- ...in 1950, singer-songwriter Stevland Hardaway Morris, AKA Stevie Wonder, is born in Saginaw, MI.
- ...in 1964, comedian and TV host Stephen Colbert is born in Washington, D.C.
