Cybersecurity
Category Added in a WPeMatico Campaign
The repository has already amassed over 15,000 reports of malicious packages, drawing data from various sources, including the OpenSSF Package Analysis project, Checkmarx security, and exports of malicious packages tracked by GitHub. In a bid to counter the increasing threat of malicious open source packages, the Open Source Security Foundation (OpenSSF) has introduced a new […]
Oct 18, 2023NewsroomCyber Espionage / Malware Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed TetrisPhantom. “The attacker covertly spied on and harvested sensitive data from APAC government entities by exploiting a particular type of secure USB drive, protected by hardware encryption to ensure the secure storage […]
AIDS Alabama has confirmed a data breach in their organization. The breach occurred between October 11, 2021, and August 9, 2022. According to the notification letter, the AIDS Alabama data breach, unfortunately, includes sensitive personal information, including names, addresses, Social Security numbers, medical diagnoses, healthcare providers, health insurance details, email addresses, and services received. AAI […]
Prove Identity, the smartphone-based identity verification startup that originally made its name years ago as Payfone before rebranding in 2020, has raised $40 million. According to sources close to the company, the funding is coming in at a ten-figure valuation, which would pip it past the $1 billion mark (it’s not disclosing an exact figure). […]
Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management IBM Blames ‘Technical Method’ for Allowing Unauthorized Access to Patient Info Marianne Kolbasuk McGee (HealthInfoSec) • October 17, 2023 IBM said nearly 631,000 individuals are affected by a recent database incident involving Johnson & Johnson’s Janssen CarePath service. (Image: IBM, J&J) IBM […]
As cyber threats continue to mount amidst the Israel-Gaza conflict, threat actors have been observed using a malicious version of the ‘RedAlert – Rocket Alerts’ app to spread spyware. The app is popularly used by Israelis and, with the latest Hamas terrorist attacks in South Israel, the number of users for the app has exploded […]
Oct 18, 2023NewsroomVulnerability / Data Security A medium-severity flaw has been discovered in Synology’s DiskStation Manager (DSM) that could be exploited to decipher an administrator’s password and remotely hijack the account. “Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, […]
Oct 18, 2023NewsroomData Breach / Network Security Taiwanese networking equipment manufacturer D-Link has confirmed a data breach that led to the exposure of what it said is “low-sensitivity and semi-public information.” “The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as […]
The US cybersecurity agency CISA last week warned organizations about critical- and high-severity vulnerabilities discovered by researchers in a human-machine interface (HMI) product made by Taiwan-based Weintek. According to CISA, the impacted product, the Weintek cMT HMI, is used worldwide, including in critical manufacturing organizations, which are considered part of critical infrastructure. The vendor has […]