Change Healthcare parent company UnitedHealth Group has revealed that the personal information of 100 million individuals was compromised in the February 2024 ransomware attack. Disclosed on February 21, the attack resulted in widespread network disruptions that impacted over 100 Change Healthcare applications across clinical, dental, medical record, patient engagement, pharmacy, and payment services. Thousands of pharmacies and healthcare providers were affected. READ MORE...
Schubert Jonckheer & Kolbe LLP is investigating a cyberattack and data breach potentially affecting the private information of up to 14 million customers of American Water Works Company, Inc., a New Jersey-based water and wastewater utility company that operates in 14 states and manages 500 water systems. On October 7, 2024, American Water announced in a Form 8-K filed with the Securities and Exchange Commission that it experienced a cybersecurity incident. READ MORE...
Insurance administrator Landmark Admin is notifying over 800,000 individuals that their personal information was stolen in a ransomware attack earlier this year. Landmark discovered the unauthorized access to its systems on May 13, and the attackers regained entry to its network on June 17, while the investigation into the incident was ongoing. The threat actors exfiltrated and encrypted data, the company noted in a notification letter to the impacted individuals. READ MORE...
Henry Schein has finally disclosed a data breach following at least two back-to-back cyberattacks in 2023 by the BlackCat Ransomware gang, revealing that over 160,000 people had their personal information stolen. Henry Schein is a healthcare solutions provider and a Fortune 500 company with operations and affiliates in 32 countries and revenue of over $12 billion in 2022. On October 15, the company disclosed that it was forced to take some systems offline to contain a cyberattack. READ MORE...
The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875. Pwn2Own, a global hacking competition, challenges top security researchers to exploit a range of software and hardware devices, with the ultimate goal of earning the prestigious "Master of Pwn" title and claiming up to $1 million in rewards. READ MORE...
Cisco has patched an already exploited security hole in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that miscreants have been brute-forcing in attempted denial of service attacks. The bug, CVE-2024-20481, is a medium-severity flaw that's due to resource exhaustion, earning a 5.8 CVSS rating. According to Cisco, it only affects devices that have the remote access VPN (RAVPN) service enabled. READ MORE...
Historically, Mac users haven't had to worry about malware as much as their Windows-using cousins. Although malware targeting Apple devices actually predates viruses written for PCs, and there have been some families of malware that have presented a significant threat for both operating systems (for instance, the Word macro viruses that hit computers hard from 1995 onwards), it is generally the case that you're simply a lot less likely to encounter malware on your Mac. READ MORE...
Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google's Chrome browser (CVE-2024-4947). In the past few days, Cisco has released fixes for a slew of vulnerabilities affecting the software powering its security appliances. SharePoint is Microsoft's enterprise-grade solution for content/knowledge management. READ MORE...
Attackers are actively exploiting a critical zero-day vulnerability in Fortinet's network and security management tool FortiManager, according to security researchers and federal authorities. The earliest exploitation was on June 27, and at least 50 organizations across various industries have been impacted to date, Mandiant said in a Wednesday blog post. READ MORE...