2023 Anna Jaques Hospital data breach impacted +310K people
Anna Jaques Hospital revealed that the ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients.
Black Basta ransomware gang hit BT Group
BT Group (formerly British Telecom)'s Conferencing division shut down some of its servers following a Black Basta ransomware attack.
China-linked APT group Salt Typhoon compromised some US ISPs
China-linked threat actors compromised some U.S. internet service providers as part of a cyber espionage campaign code-named Salt Typhoon. The state-sponsored hackers aimed at gathering intelligence from the targets or carrying out disruptive cyberattacks. The Wall Street Journal reported that experts are investigating into the security breached to determine if the attackers gained access to Cisco Systems routers, which are core network components of the ISP infrastructures.
Qilin ransomware attack on Synnovis impacted over 900K patients
The personal information of a million individuals was leaked online following a ransomware attack that in June hit NHS hospitals in London.
SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager
SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager.
Hackers breached MDM firm Mobile Guardian and wiped thousands of devices
Threat actors breached the UK-based mobile device management (MDM) firm Mobile Guardian and remotely wiped thousands of devices.
BIND updates fix high-severity DoS bugs in the DNS software suite
The Internet Systems Consortium (ISC) released BIND security updates that fixed remotely exploitable DoS bugs in the DNS software suite.
New P2Pinfect version delivers miners and ransomware on Redis servers
Researchers warn that the P2Pinfect worm is targeting Redis servers with ransomware and cryptocurrency mining payloads.
Multiple flaws in Fortinet FortiOS fixed
Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution security issue.
+92,000 Internet-facing D-Link NAS devices can be easily hacked
A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models.
Researchers found multiple flaws in ChatGPT plugins
Researchers from Salt Security discovered three types of vulnerabilities in ChatGPT plugins that can be could have led to data exposure and account takeovers. ChatGPT plugins are additional tools or extensions that can be integrated with ChatGPT to extend its functionalities or enhance specific aspects of the user experience. These plugins may include new natural language processing features, search capabilities, integrations with other services or platforms, text analysis tools, and more. Essentially, plugins allow users to customize and tailor the ChatGPT experience to their specific needs.
Police seized Crimemarket, the largest German-speaking cybercrime marketplace
German police seized the largest German-speaking cybercrime marketplace Crimemarket and arrested one of its operators.
Multiple XSS flaws in Joomla can lead to remote code execution
Joomla maintainers have addressed multiple flaws in the popular content management system (CMS) that can lead to execute arbitrary code
ESET fixed high-severity local privilege escalation bug in Windows products
Cybersecurity firm ESET has addressed a high-severity elevation of privilege vulnerability in its Windows security solution.
Zoom fixed critical flaw CVE-2024-24691 in Windows software
Zoom fixed 7 flaws in its desktop and mobile applications, including a critical bug (CVE-2024-24691) affecting the Windows software
AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web
Resecurity identified bad actors offering a significant number of AnyDesk customer credentials for sale on the Dark Web.
Hundreds of network operators’ credentials found circulating in Dark Web
Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and LACNIC available on the dark web, Resecurity warns.
Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic
Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware.
Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania
Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania, a government agency reported.