The Breach News

Google Mandiant Discovers MSI Vulnerability in Lakeside Software

3rd Party Risk Management, Governance & Risk Management, Next-Generation Technologies & Secure Development SysTrack LsiAgent Installer Flaw Elevates Local Privileges Akshaya Asokan (asokan_akshaya) • February 7, 2025 Image: Shutterstock A critical vulnerability has been identified in the Microsoft installer for SysTrack LsiAgent, a product by Lakeside Software, enabling users with…

Read MoreGoogle Mandiant Discovers MSI Vulnerability in Lakeside Software

Hewlett Packard Alerts Employees to Data Breach Involving Russian Hackers

Hewlett Packard Enterprise Confirms Data Breach Linked to Russian State-Sponsored Hackers Hewlett Packard Enterprise (HPE) has notified a group of employees that their personal information was compromised during a cyberattack in May 2023, which was conducted by attackers affiliated with the Russian government. This breach specifically targeted HPE’s Office 365…

Read MoreHewlett Packard Alerts Employees to Data Breach Involving Russian Hackers

Ransomware Attackers Target Employees for Data Breach Access

In a concerning development for cybersecurity, everyday employees are being targeted by malicious actors, encouraging them to participate in ransomware operations against their own employers. Recent insights from GroupSense, a cybersecurity firm, reveal that malware operators are not only delivering ransomware notices but are also attempting to recruit victims to…

Read MoreRansomware Attackers Target Employees for Data Breach Access

ACLU Cautions That DOGE’s Unrestricted Access Might Breach Federal Law

The American Civil Liberties Union (ACLU) has raised significant concerns regarding the actions of Elon Musk’s Department of Government Efficiency (DOGE), asserting that it has gained unauthorized control over several federal computer systems that manage sensitive data protected by federal law. In a recent communication to federal lawmakers, the ACLU…

Read MoreACLU Cautions That DOGE’s Unrestricted Access Might Breach Federal Law

DeepSeek’s Urgent Alert on AI Security

AI Safeguards Under Fire: DeepSeek’s Security Oversights DeepSeek, a cutting-edge open-source AI model developed by a Chinese tech firm, has come under intense scrutiny following revelations of significant security lapses and a data breach that compromised user information and API keys. During this week’s ISMG Editors’ Panel discussion, Sam Curry,…

Read MoreDeepSeek’s Urgent Alert on AI Security

Edelson Lechtzin LLP Conducts Investigation

Data Privacy Violations Under Investigation at CODAC Behavioral Health EDELSON, Pa. – February 7, 2025 – Edelson Lechtzin LLP, a prominent national class action law firm, has launched an investigation into potential data privacy violations involving CODAC, Inc. operating as CODAC Behavioral Health. The examination follows the organization’s discovery of…

Read MoreEdelson Lechtzin LLP Conducts Investigation

Exploitation of 7-Zip 0-Day Vulnerability During Russia’s Ongoing Invasion of Ukraine

Zero-Day Vulnerability Discovered in 7-Zip Amid Ongoing Conflict in Ukraine In recent developments, security researchers have identified a zero-day vulnerability in the widely used 7-Zip archiving application, which has reportedly been exploited in connection with Russia’s military operations in Ukraine. The vulnerability poses a significant security risk, as it allows…

Read MoreExploitation of 7-Zip 0-Day Vulnerability During Russia’s Ongoing Invasion of Ukraine

Could Accessing CMS Data via DOGE Result in HIPAA Violations?

Data Governance, Data Privacy, Data Security Experts Express Concern Over Musk’s Team and Health Data Access Marianne Kolbasuk McGee (HealthInfoSec) • February 6, 2025 The White House’s DOGE initiative, spearheaded by Elon Musk, has begun accessing federal IT systems to investigate fraud, raising significant privacy concerns (Image: CMS) Privacy experts…

Read MoreCould Accessing CMS Data via DOGE Result in HIPAA Violations?