Recent warnings from cybersecurity experts indicate that a significant security vulnerability in Apache ActiveMQ, an open-source message broker service, is being actively exploited, potentially allowing remote code execution. This vulnerability, identified as CVE-2023-46604, has drawn attention due to its critical nature. The cybersecurity firm Rapid7 reported that attackers have made…
Data Privacy , Data Security , Healthcare 2022 Ransomware Attack, Data Theft Affected 3.4 Million Patients Marianne Kolbasuk McGee (HealthInfoSec) • October 17, 2025 Regal Medical Group is among nine physician practices affiliated with Heritage Provider Network paying nearly $50 million to settle litigation involving a 2022 hacking…
When Transparency Hurts: The Emerging Ethics of Acknowledging Failure In an era where data integrity and cybersecurity are paramount, recent discussions have arisen around the ethics of transparency in admitting organizational failures. As businesses navigate the complex landscape of cybersecurity threats, recognizing and disclosing data breaches or vulnerabilities can be…
A significant security vulnerability has been identified in the Attended Sysupgrade (ASU) feature of OpenWrt. If exploited, this flaw could enable the distribution of compromised firmware packages, posing a threat to users of this popular open-source Linux-based OS. The vulnerability, assigned the identifier CVE-2024-54143, has a critical CVSS score of…
Cybersecurity experts are raising alarms over ongoing attempts by both nation-state actors and commodity attackers to exploit vulnerabilities in the Log4j open-source logging framework, a situation that poses significant risks to organizations worldwide. Microsoft has reported a surge in exploitation attempts aimed at deploying malware on susceptible systems, highlighting the…
Cybersecurity Alert: North Korean Cyber Operatives Exploit Smart Contracts for Malware Deployment Recent investigations by Google have uncovered a sophisticated malware delivery system leveraging smart contracts on the Ethereum and BNB Smart Chain blockchains. The cost-effectiveness of creating or modifying these contracts—often below $2 per transaction—marks a stark contrast to…
The cybercriminal group associated with Kinsing has commenced attempts to exploit a newly identified Linux privilege escalation vulnerability known as Looney Tunables. This initiative appears to be part of an experimental campaign targeting cloud environments. According to cloud security firm Aqua, Kinsing is also expanding its attack vectors by extracting…
Cybercrime, Fraud Management & Cybercrime Internet-Exposed Call Center Software Under Attack; Patch Tuesday Update Anviksha More (AnvikshaMore) • October 16, 2025 Image: Shutterstock/ISMG This week, the Information Security Media Group covers a range of cybersecurity incidents: Chinese hackers exploiting ArcGIS, vulnerabilities in internet-exposed call center software, and the latest Patch…
On October 8, the Federal Court of Australia ruled that Australian Clinical Labs (ACL) must pay a substantial penalty for a data breach linked to its Medlab Pathology business, which occurred in February 2022. This ruling marks a significant moment in the enforcement of data protection laws, highlighting the increasing…
