The Breach News

Major Vulnerabilities Put 25,000 SonicWall Devices at Risk of Hacking

Critical Flaws Leave Thousands of SonicWall Devices Vulnerable to Cyberattacks Recent investigations have revealed that many SonicWall network security devices are at risk due to critical vulnerabilities, with an alarming number being unsupported or lacking necessary security patches. A report from Bishop Fox has identified over 25,000 SonicWall SSLVPN devices…

Read MoreMajor Vulnerabilities Put 25,000 SonicWall Devices at Risk of Hacking

Congress Once More Unable to Restrict Spy Powers in Latest Defense Legislation

The U.S. Senate has approved the National Defense Authorization Act (NDAA), circumventing previous efforts to attach amendments aimed at curtailing excessive government surveillance practices. This legislation, deemed essential by its proponents, is now poised for President Joe Biden’s signature, thereby enshrining significant enhancements to the contentious Section 702 of the…

Read MoreCongress Once More Unable to Restrict Spy Powers in Latest Defense Legislation

IntelBroker Publishes Data on Cisco Breach from Cloud Instance

In recent developments within the cybersecurity landscape, the Serbian hacker group, IntelBroker, has made headlines for its audacious breaches of major corporations, including Apple Inc., Facebook Marketplace, AMD, and Zscaler. They have recently claimed to have compromised Cisco’s infrastructure, reportedly releasing around 2.9 GB of data purporting to originate from…

Read MoreIntelBroker Publishes Data on Cisco Breach from Cloud Instance

Sonar Enhances Code Security for Third Parties with Tidelift Acquisition

Third-Party Risk Management, Governance & Risk Management Sonar Targets Open-Source Library Risks, Enhancing DevSecOps Michael Novinson (@MichaelNovinson) • December 17, 2024 Harry Wang, Vice President of Growth and New Ventures at Sonar (Image: Sonar) Sonar, a Geneva-based code security provider, has announced its intention to acquire Tidelift, a startup with…

Read MoreSonar Enhances Code Security for Third Parties with Tidelift Acquisition

Regional Care Data Breach Affects 225,000 Individuals – SecurityWeek

Data Breach at Regional Care Affects 225,000 Individuals Source: SecurityWeek A significant data breach has occurred at Regional Care, impacting approximately 225,000 individuals. The breach has raised alarms regarding the security of sensitive personal information contained within the healthcare sector, highlighting persistent vulnerabilities in data protection mechanisms. This incident underscores…

Read MoreRegional Care Data Breach Affects 225,000 Individuals – SecurityWeek

Androxgh0st Botnet Aims at IoT Devices by Exploiting 27 Security Flaws

KEY POINTS The Androxgh0st botnet has made significant advancements in its operations, now exploiting a total of 27 vulnerabilities that impact web servers, Internet of Things (IoT) devices, and various technologies, including prominent platforms like Cisco ASA, Atlassian JIRA, and TP-Link routers. This development underscores the urgency for cyber defense…

Read MoreAndroxgh0st Botnet Aims at IoT Devices by Exploiting 27 Security Flaws

Ransomware Assaults Target Texas University and Namibia Telecom

Interlock Ransomware Attacks Texas Tech University Health Sciences Center A lesser-known ransomware group, Interlock, has launched a significant cyberattack against the Texas Tech University Health Sciences Center, jeopardizing the personal data of nearly 1.46 million patients. This group claims to have breached the university’s network in September 2024, exfiltrating over…

Read MoreRansomware Assaults Target Texas University and Namibia Telecom

Vulnerable Cleo Managed File Transfer Software Without Updates

Attack Surface Management, Governance & Risk Management, Patch Management Over 200 Vulnerable Servers Targeted by Ransomware Group Amid Growing Exploits Mathew J. Schwartz (euroinfosec) • December 18, 2024 Recent reports indicate over 200 Cleo managed file-transfer servers remain publicly accessible and without necessary updates, posing significant risks in light of…

Read MoreVulnerable Cleo Managed File Transfer Software Without Updates