Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare
HCA Healthcare on Monday announced that the personal information of roughly 11 million patients was stolen in a data breach. The incident, the healthcare services provider says, was discovered on July 5, after a threat actor posted on an underground forum information allegedly stolen from HCA Healthcare. The threat actor posted a list containing names, addresses, birth dates, gender information, phone numbers, email addresses, service dates, and appointment dates, HCA Healthcare says in an incident notice. READ MORE...
Razer investigates data breach claims, resets user sessions
Gaming gear company Razer reacted to recent rumors of a massive data breach with a short statement on Twitter, letting users know that they started an investigation into the matter. Razer is a popular American-Singaporean tech firm focusing on gaming hardware, selling high-quality peripherals, powerful laptops, and apparel. The company also sells services that give registered account holders access to extensive game collections, special in-game item offers, exclusive rewards, and more. READ MORE...
Threat group testing more sophisticated DDoS hacks, authorities warn
Weeks after suspected Russia-linked hacktivists disrupted key Microsoft services, including Azure and OneDrive, U.S. authorities are warning organizations about potential new threats involving distributed denial of service attacks. The Cybersecurity and Infrastructure Security Agency in late June urged organizations to monitor their systems to determine whether outages were related to maintenance or, potentially, deliberate attacks. READ MORE...
Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450)
Apple has patched an actively exploited zero-day vulnerability (CVE-2023-37450) by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems. The vulnerability has also been fixed with a regular security update in Safari (16.5.2), so users running macOS Big Sur and macOS Monterey can also implement the fix. As per usual, Apple doesn't say much about the fixed vulnerability. READ MORE...
Malware delivery to Microsoft Teams users made easy
A tool that automates the delivery of malware from external attackers to target employees' Microsoft Teams inbox has been released. As noted by Jumpsec researchers Max Corbridge and Tom Ellson, Microsoft Teams' default configuration lets external tenants (i.e., M365 users outside the organization) message an organization's employees. The same configuration doesn't allow external tenants to send files, but that restriction can be bypassed by switching the internal and external recipient ID on the POST request. READ MORE...
APT35 Develops Mac Bespoke Malware
The Iran-linked advanced persistent threat (APT) known as APT35 (aka Charming Kitten, TA453, and Tortoiseshell) has developed specially crafted Mac malware in order to carry out targeted cyberattacks on civil society members. According to recent research by Proofpoint, the Mac malware, dubbed "NokNok," was discovered after the state-sponsored cyber espionage group sent a conversation lure to a public media contact for a nuclear security expert at a US-based think tank. READ MORE...
JumpCloud abruptly initiates mass API key reset
JumpCloud invalidated and reset the API keys for all administrators, the company said on a support page posted last week. The company told customers to update all third-party integrations with newly established keys due to what it described as an ongoing incident. "Out of an abundance of caution relating to an ongoing incident, JumpCloud has decided to rotate all API keys for JumpCloud admins," the company said in a support post posted Wednesday and updated Friday. READ MORE...
Exploit Code Published for Remote Root Flaw in VMware Logging Software
Virtualization technology giant VMware on Monday warned that exploit code has been publicly released for a pre-authentication remote code execution flaw in its enterprise-facing VMware Aria Operations for Logs product. In an update to a critical-level advisory originally released in April this year, VMware said it has confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches. READ MORE...
- ...in 1656, Ann Austin and Mary Fisher become the first Quakers to immigrate to the American colonies when the ship carrying them lands at Boston.
- ...in 1804, Treasury Secretary Alexander Hamilton is shot and killed in a duel by his long-time political adversary, Vice President Aaron Burr.
- ...in 1914, in his major league debut, George Herman "Babe" Ruth pitches seven strong innings to lead the Boston Red Sox over the Cleveland Indians, 4-3.
- ...in 1979, five years after its last manned mission, parts of the Skylab space station re-enter Earth's atmosphere, crash-landing in Australia and the Indian Ocean.
