DNA-screening company Veritas Genetics has suffered a security incident in which a hacker accessed and potentially stole customer information. The company declined to specify what sort of information was compromised as a result of the data breach, although did clarify that no genetic data, DNA-test results or health records were accessed.
Network-attached storage (NAS) maker QNAP urges customers to secure their NAS devices against an ongoing malicious campaign that infects them with QSnatch malware capable of stealing user credentials. QNAP advises users to install the latest version of the Malware Remover app for the QTS operating system running on the company's NAS devices as soon as possible. Malware Remover 3.5.4.0 and 4.5.4.0 versions are now capable of removing QSnatch after new rules were added by the company updated it on November 1.
Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, a new study posits. Health industry experts say the findings should prompt a larger review of how security — or the lack thereof — may be impacting patient outcomes.
When a data breach hits, the compromised company will scramble to minimize the after-effects of the incident. This includes overhauling security systems, notifying customers, and limiting damage not only to its bottom line, but also to some less tangible assets, notably brand reputation and consumer trust. In many cases, the ripple effects of the security calamity may go as far as the company’s stock value.
The Microsoft Defender ATP Research Team says that the BlueKeep attacks detected on November 2 are connected with a coin mining campaign from September that used the same command-and-control (C2) infrastructure. BlueKeep is an unauthenticated remote code execution vulnerability affecting Remote Desktop Services on Windows 7, Windows Server 2008, and Windows Server 2008 R2, and patched by Microsoft on May 14.
Nvidia has issued fixes for high-severity flaws in two popular gaming products, including its graphics driver for Windows and GeForce Experience. The flaws can be exploited to launch an array of malicious attacks – from denial-of-service efforts (DoS) to escalation of privileges. The majority of the high-severity flaws are in the Windows GPU Display Driver, Nvidia’s graphics driver used in devices targeted to enthusiast gamers. This is the software component that enables the device’s operating system and programs to use its high-level graphics hardware.
Multiple vulnerabilities have been found in Das U-Boot, a universal bootloader commonly used in embedded devices like Amazon Kindles, ARM Chromebooks and networking hardware. The bugs could allow attackers to gain full control of an impacted device’s CPU and modify anything they choose. Researchers at ForAllSecure found the flaws in U-Boot’s file system drivers. They include a recursive stack overflow in the DOS partition parser, a pair of buffer-overflows in ext4 and a double-free memory corruption flaw in ext4.
U.S. prosecutors on Thursday announced charges against a New York company and seven of its current and former employees for allegedly selling Chinese-made surveillance equipment with known cybersecurity flaws while falsely claiming the technology was made in the U.S. Aventura Technologies, which makes security equipment like metal detectors and surveillance cameras, is accused of lying to customers, including the U.S. military, for over a decade.
Cisco has released security updates for a variety of its products – owners of Small Business RV Series Routers, Web Security Appliances and TelePresence devices should pay extra attention. Several series of Cisco Small Business RV Series Routers are vulnerable to remote code execution (via malicious HTTP request) and command injection (through malicious input in the web-based management interface).