RailWorks Corporation, one of North America's leading railroad track and transit system providers, disclosed a ransomware attack that led to the exposure of personally identifiable information of current and former employees, their beneficiaries and dependents, as well as that of independent contractors. RailWorks is a privately held provider of rail infrastructure solutions that builds and maintains rail transportation infrastructure across the United States and Canada. READ MORE...
Pharmacy store chain Walgreens has started informing some users of its mobile application that their personal and health-related information may have been seen by other customers. The Walgreens mobile application allows users to shop, refill their prescriptions, get pill reminders, consult a doctor or pharmacist via a live chat feature, print photos in stores, obtain rewards, and store coupons. READ MORE...
Outside security researchers alerted the Pentagon about more software vulnerabilities in its networks than ever before, according to statistics released by a Department of Defense unit focused on cyber operations. The Cyber Crime Center (DC3) on Friday released its annual numbers from the Vulnerability Disclosure Program (VDP), in which the Pentagon asks ethical hackers, known as "white hats," to probe its networks for weaknesses, then tell the government what they found. READ MORE...
The operators behind Sodinokibi Ransomware published download links to files containing what they claim is financial and work documents, as well as customers' personal data stolen from giant U.S. fashion house Kenneth Cole Productions. Sodinokibi (aka REvil) is a Ransomware-as-a-Service operation where the operators manage development of the ransomware and the payment portal used by victims to pay the ransoms, while third-party 'affiliates' are in the business of distributing the ransomware to the targets' systems. READ MORE...
Unsettling news for anyone who relies on smartphone voice assistants: researchers have demonstrated how these can be secretly activated to make phone calls, take photos, and even read back text messages without ever physically touching the device. Dubbed SurfingAttack by a US-Chinese university team, this is no parlor trick and is based on the ability to remotely control voice assistants using inaudible ultrasonic waves. READ MORE...
A serious vulnerability affecting Apache Tomcat can be exploited to read files from a server and in some cases even to achieve remote code execution. Dubbed Ghostcat and tracked as CVE-2020-1938, the flaw was discovered by researchers at Chinese cybersecurity firm Chaitin Tech, who reported their findings to the Apache Software Foundation on January 3. READ MORE...
Last week was a big one for non-profit digital certificate project Let's Encrypt - it issued its billionth certificate. It's a symbolic milestone that shows how important this free certificate service has become to web users. Publicly announced in November 2014, Let's Encrypt offers TLS certificates for free. These certificates are integral to the encryption used by HTTPS websites. READ MORE...