LATEST POST
Fresenius discloses breach affecting more than 500,000 patients and employees
On December 6, Fresenius Medical Care AG filed Form 6-K with the Securities and Exchange Commission. The filing disclosed a data breach: On September 29, 2023, Cardiovascular Consultants, Ltd. (CVC), a subsidiary of Fresenius Medical Care AG (the Company) located in the United States (U.S.), became aware that some of its computer systems in the U.S. were […]
CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion
From CISA, December 5: Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in […]
Britain says no evidence of Sellafield nuclear site hacking
Reuters reports: Britain has no records or evidence to suggest that networks at the Sellafield nuclear site were the victim of a successful cyber attack by state actors, the government said on Monday following a report by the Guardian newspaper. The Guardian reported that Sellafield, which carries out nuclear fuel reprocessing, nuclear waste storage and […]
Russian state-sponsored hackers exploiting Outlook vulnerability, Microsoft warns
Cybernews reports: Microsoft is urging Outlook users to patch and update their systems to mitigate a new threat from Russia. Hackers associated with the Kremlin’s military intelligence agency GRU are exploiting the vulnerability to access victim’s emails. Microsoft warned that a nation-state actor tracked as Forest Blizzard is actively exploiting a vulnerability to provide secret, […]
How sweet it isn’t: Hershey’s notifies 2,214 after phishing attack
ABC reports: The Hershey Company headquartered in Pennsylvania is notifying some customers their data may have been compromised. The data breach happened between September 3 and September 4, and it impacted 2,214 people, according to the company’s filing with the Maine Attorney General. This data included first and last names, health and medical information, credit card numbers […]
Investigation continues after Hendersonville City cybersecurity breach
The Hendersonville Times-News in North Carolina reports: A cyber-threat analyst who has been quoted in national news articles believes even more people could be at risk from the cybersecurity incident reported last week that targeted Hendersonville city employees. On Nov. 29, Hendersonville City Manager John Connet sent out a statement to city employees telling them […]
23andMe confirms hackers stole ancestry data on 6.9 million users
TechCrunch reports: On Friday, genetic testing company 23andMe announced that hackers accessed the personal data of 0.1% of customers, or about 14,000 individuals. The company also said that by accessing those accounts, hackers were also able to access “a significant number of files containing profile information about other users’ ancestry.” But 23andMe would not say how […]
Update on Cyber Incident Reporting for Critical Infrastructure Act of 2022
Constangy, Brooks, Smith & Prophete, LLP writes: As we near the end of another year, it is time to look ahead to developments in the information security and privacy landscape. One area of particular importance is the development of regulations implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022. CIRCIA, which was signed into […]