The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent directive on Friday, advising Federal Civilian Executive Branch (FCEB) agencies to take immediate action against two zero-day vulnerabilities found in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS). These threats have already been actively exploited by various malicious…
As the date of the US presidential election, November 5, approaches, the Microsoft Threat Analysis Center (MTAC) has issued a stark warning regarding evolving foreign influence operations. Despite the perception of these activities as inevitable, MTAC stresses that the sustained efforts from adversaries in Russia, China, and Iran must not…
Proposal for HIPAA Security Rule Updates Moves to Public Comment Phase: Implications and Next Steps The Department of Health and Human Services (HHS) has officially submitted long-anticipated updates to the 20-year-old HIPAA Security Rule for review by the White House. These modifications aim to enhance the cybersecurity measures in place…
Yahoo Exposed to Major Data Breach: 500 Million User Accounts Compromised On Thursday, Yahoo confirmed that it has fallen victim to what may be one of the largest data breaches in history, with a staggering 500 million user accounts reportedly accessed by a state-sponsored attacker. This incident comes as a…
Cybersecurity experts have uncovered a new, previously unrecorded Windows backdoor, identified as BITSLOTH, which exploits a built-in feature of Windows known as Background Intelligent Transfer Service (BITS) for its command-and-control (C2) operations. Discovered by Elastic Security Labs on June 25, 2024, the malware is linked to a cyber assault on…
Data Breach Affects Over 940,000 Medicare Beneficiaries The Centers for Medicare & Medicaid Services (CMS) and its contractor, Wisconsin Physicians Service Insurance Corporation (WPS), have recently disseminated notifications to more than 940,000 Medicare beneficiaries regarding a significant data breach that potentially compromised their protected health information (PHI) and personally identifiable…
Heightened Security Concerns for Software Supply Chains Amid Growing Attacks The increasing scrutiny from regulators and the rising legal requirements on software development organizations highlight a crucial responsibility—the need to safeguard their software supply chains effectively. Recent years have seen a marked rise in attacks targeting these supply chains, with…
In a concerning development for users of Atlassian Confluence Data Center and Confluence Server, a critical security vulnerability has emerged. This flaw, designated as CVE-2023-22527 with a CVSS score of 10.0, affects versions of the software released prior to December 5, 2023, as well as version 8.4.5. Exploiting this vulnerability…
In a significant cybersecurity oversight, Meta disclosed a failure to adequately protect the passwords of hundreds of millions of users, raising alarms about its data protection practices. The incident, which came to light in 2019, highlights the critical importance of employing robust hashing algorithms in safeguarding sensitive user information. Hashing,…
