Auto insurance companies Geico and Travelers were fined $11 million in New York over data breaches that impacted the personal information of over 120,000 individuals. The insurance quoting tools of Government Employees Insurance Company (Geico) were targeted in several cyberattacks starting November 2020, leading to the compromise of a public-facing website’s backend and the theft […]

Two critical vulnerabilities in CleanTalk’s anti-spam plugin for WordPress could allow attackers to execute arbitrary code remotely, without authentication, Defiant warns. The issues, tracked as CVE-2024-10542 and CVE-2024-10781 (CVSS score of 9.8), affect the ‘Spam protection, Anti-Spam, FireWall by CleanTalk’ plugin, which has more than 200,000 active installations. Both flaws could allow remote, unauthenticated attackers […]

A ransomware attack on supply chain management software provider Blue Yonder has caused significant disruptions for some of the company’s customers, including several major firms.  Arizona-based Blue Yonder revealed on November 21 that its managed services hosted environment had been experiencing disruptions due to a ransomware attack.  The company immediately launched an investigation and started […]

Zyxel has issued a fresh warning on threat actors exploiting a recently patched command injection vulnerability in its firewalls after security firms have observed a ransomware group targeting the flaw for initial compromise. The bug, tracked as CVE-2024-42057, could allow remote attackers to execute OS commands on vulnerable devices, without authentication. Zyxel announced patches for […]

The myPRO product of Czech industrial automation company mySCADA is affected by several critical vulnerabilities, including ones that can allow a remote, unauthenticated attacker to take complete control of the targeted system.  myPRO is a human-machine interface (HMI) and supervisory control and data acquisition (SCADA) system designed for visualizing and controlling industrial processes. The product […]

Cybersecurity firm Halcyon has closed a $100 million Series C funding round to fuel growth and support its mission to combat ransomware. This latest funding round brings the total amount raised by the Austin, Texas-based company to $190 million, including a $50 million Series A in April 2023 and a $40 million Series B in December […]

Third-party risk management provider Visio Trust has announced raising $7 million in a funding round that brings the total raised by the company to $24 million. The new investment came from Allstate Strategic Ventures, Bain Capital Ventures, Cisco Investments, EnvisionX Capital, Lytical Ventures, Scale Asia Ventures, Sierra Ventures, and Work-Bench. Founded in 2020, the San […]

The North Korean fake IT worker scheme is spread globally, with businesses in China, Russia, and other countries also affected, Microsoft says. Recent reports have shown that hundreds of companies in the US, UK, and Australia have hired fake IT workers from North Korea, who generated millions in revenue for the Pyongyang regime between 2020 […]

UK-based vehicle tracking solutions provider Microlise confirmed last week that data was stolen from its systems during an October cyberattack. Disclosed on October 31, the incident resulted in a large portion of Microlise’s network being disrupted, which impacted tracking systems and panic alarms in the prison vans and courier vehicles of at least two operators, […]

A Russian cyberespionage group was caught entering a targeted organization’s network through a Wi-Fi connection after hacking into the systems of an entity located across the street from the victim. The attack, discovered in 2022, was investigated by cybersecurity firm Volexity, which identified the victim as Organization A. The attack was discovered right before Russia’s […]