North Korean Hackers Exploiting Critical Flaw in DevOps Tool
Source: Data Breach Today
North Korean nation-state threat actors are exploiting a critical remote code execution vulnerability affecting multiple versions of a DevSecOps tool - a high-risk development, especially in light of Pyongyang hackers' recent track record of supply chain hacks.
EPA Turns Off Taps on Water Utility Cyber Regulations
Source: Dark Reading
Facing legal challenges from state AGs and water associations, the EPA decided to give up its fight to mandate cyber-risk assessments for water utilities — for now. Experts warn that the sector is woefully at risk for escalating cyberattacks, and they explain why and offer insights for what utilities should do next.
Unpatched Zero-Day Being Exploited in the Wild, Cisco Warns
Source: Data Breach Today
Cisco on Monday asked customers to urgently disable the HTTP Server feature on internet-facing systems that was discovered to have a critical vulnerability in its modular operating system's web interface. Hackers exploited the IOS XE software web user interface feature to gain administrator-level privileges, effectively taking complete control of compromised devices, Cisco Talos said in a threat advisory.
IBM Says 631K Affected in Johnson & Johnson Database Breach
Source: Info Risk Today
IBM has reported to federal regulators that the personal information of 631,000 people was compromised by a "technical method" that allowed unauthorized access to a third-party database used by a Johnson & Johnson patient medication support platform. IBM said the problem has been fixed, but two lawsuits have already been filed.
Victim Count Doubles in Heart Institute Data Theft Hack
Source: Data Breach Today
The number of people affected by a Tennessee cardiac care clinic hack has more than doubled to 411,000 since the healthcare group first reported the incident to regulators in July. Cybercriminal group Karakurt claimed responsibility for the attack, which has so far triggered five class action suits.
Comments