The computer infrastructure of a Georgia county at the center of an effort to falsely claim that the state's 2020 presidential election was marked by fraud was struck by a cyberattack earlier this month that prompted state officials to sever Coffee County's access to statewide election systems. In a statement Friday, the Coffee County Board of Commissioners said that the county was notified by the Cybersecurity and Infrastructure Security Agency on April 15. READ MORE...
Millions of Kaiser Permanente patients' data was likely handed over to Google, Microsoft Bing, X/Twitter, and other third-parties, according to the American healthcare giant. Kaiser told The Register it has started notifying 13.4 million current and former members and patients that "certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors." READ MORE...
Debt collection agency Financial Business and Consumer Solutions (FBCS) is notifying roughly 2 million individuals that their personal information was compromised in a recent data breach. The incident, the company says, was discovered on February 26, 2024, and involved "unauthorized access to certain systems in its network". FBCS' investigation revealed that a third-party had access to those systems between February 14 and February 26. READ MORE...
A Belarusian hacker activist group claims to have infiltrated the network of the country's main KGB security agency and accessed personnel files of over 8,600 employees of the organization, which still goes under its Soviet name. The authorities have not commented on the claim, but the website of the Belarusian KGB was opening with an empty page on Friday that said it was "in the process of development". READ MORE...
Performanta, the multinational cybersecurity firm specialising in helping companies move beyond security to achieve cyber safety, has uncovered a trend in how developing countries are being targeted by nation state actors. The firm's analysis explored the origins and characteristics of Medusa, a ransomware-as-a-service targeting organisations globally. The patterns suggest that developing countries are hit first with a trend that shows a rising impact on developed countries. READ MORE...
Nearly five months after security researchers warned of the Cactus ransomware group leveraging a set of three vulnerabilities in Qlik Sense data analytics and business intelligence (BI) platform, many organizations remain dangerously vulnerable to the threat. Qlik disclosed the vulnerabilities in August and September. The company's August disclosure involved two bugs in multiple versions of Qlik Sense Enterprise for Windows. READ MORE...
Credential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originating from residential proxies before authentication takes place. "In credential stuffing attacks, adversaries attempt to sign-in to online services using large lists of usernames and passwords obtained from previous data breaches of unrelated entities, or from phishing or malware campaigns," Okta's Moussa Diallo and Brett Winterford explained. READ MORE...
Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-severity vulnerability that allows complete takeover, researchers said. The vulnerability resides in WordPress Automatic, a plugin with more than 38,000 paying customers. Websites running the WordPress content management system use it to incorporate content from other sites. READ MORE...
Researchers have found two novel types of attacks that target the conditional branch predictor found in high-end Intel processors, which could be exploited to compromise billions of processors currently in use. The multi-university and industry research team led by computer scientists at University of California San Diego will present their work at the 2024 ACM ASPLOS Conference. READ MORE...