-
![]()
Law Firm Fined $200K for Data Breach Caused by Cybersecurity Lapses
The Heidell, Pittoni, Murphy & Bach law firm has agreed to pay $200,000 to the state of New York over data security lapses that led to a data breach in 2021. The breach exposed the private data of nearly 115,000 hospital patients, including over 61,000 New Yorkers, due to the firm’s failure to comply with…
-
![]()
French Researchers Win Big at Pwn2Own with Tesla Model 3 Hacks
At the annual Pwn2Own software exploitation contest, French hacking firm Synacktiv successfully demonstrated two exploit chains against Tesla’s newest electric car, the Model 3. The hacks exploited flaws in the car’s Tesla-Gateway and Tesla-Infotainment sub-systems, leading to the “full compromise” of the vehicle. The first hack earned the team $100,000 and the second, which used…
-
![]()
Dole Food Company Confirms Employee Data Breach Following Ransomware Attack
Dole Food Company, a leading global supplier of fresh fruits and vegetables, has acknowledged that the ransomware attack it suffered in February 2023 led to unauthorized access to employee information. The company employs around 38,000 people worldwide and serves customers in over 75 countries. In its annual report submitted to the U.S. Securities and Exchange…
-
![]()
Student Loan Servicers Expose Data of Over 2.5 Million Borrowers
EdFinancial and the Oklahoma Student Loan Authority announced that personal information for more than 2.5 million student loan borrowers was exposed in a breach at their servicing provider, Nelnet. According to notices mailed to affected customers, the breach targeted Nelnet Servicing and impacted its servicing system and web portal. Nelnet revealed the incident on July…
-
![]()
Oakland, California Falls Victim to Ransomware Attack by LockBit 3.0
The city of Oakland, California is the latest victim of a ransomware attack, with LockBit 3.0 claiming responsibility. The cybercriminals have threatened to release sensitive data if the ransom is not paid by April 10, 2023. This development has put the residents of Oakland at risk, with the possibility of their personal information being leaked…
-
![]()
CISA Issues Urgent Warning on Critical Adobe ColdFusion Vulnerability Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical security vulnerability affecting Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, indicating evidence of active exploitation. The vulnerability, identified as CVE-2023-26360 (CVSS score: 8.6), enables a threat actor to achieve arbitrary code execution due to an improper access control issue in…
-
![]()
Rubrik confirms attack exploiting GoAnywhere zero-day vulnerability
Rubrik, a cloud data management and security provider, has confirmed that it fell victim to an attack exploiting a GoAnywhere zero-day vulnerability. Rubrik was named on the leak website of the ransomware group Cl0p. In early February, Fortra, previously known as HelpSystems, had warned its GoAnywhere managed file transfer software users about a remote code…
-
![]()
Bitwarden Password Manager Vulnerability Allows for Credential Theft via Malicious iFrames
Security researchers at Flashpoint have identified a flaw in the autofill feature of Bitwarden, a popular open-source password management service. The vulnerability could allow malicious iframes embedded in trusted websites to steal users’ credentials and send them to an attacker. Bitwarden was first made aware of the problem in 2018 but chose to allow it…
-
![]()
Bone & Joint Clinic, S.C. notifies patients of potential data security incident.
Bone & Joint Clinic, S.C. has announced that it has experienced a data security incident that may have involved personal and protected health information of current and former employees, as well as current and former patients. The clinic has notified potentially affected individuals and offered resources to assist them. The personal information potentially involved in…
-
![]()
Ring, an Amazon-owned company, reportedly hit by ransomware attack by Russia-linked ALPHV group
Ring, a home security and smart home company owned by Amazon, has reportedly fallen victim to a ransomware attack by the Russia-linked ALPHV ransomware group, according to a tweet by VX-Underground Ring LLC, the home security and smart home company owned by Amazon, has been ransomed by ALPHV ransomware group. They left a simple message…
