November 2024
Mega US healthcare payments network restores system 9 months after ransomware attack
Change Healthcare’s $2 billion recovery is still a work in progress Still reeling from its February ransomware attack, Change Healthcare confirms its clearinghouse services are back up and running, almost exactly nine months since the digital disruption began.…
Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed
OSS-Fuzz is making a strong argument for LLMs in security research Google's OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities, including a critical flaw in the widely used OpenSSL library.…
D-Link tells users to trash old VPN routers over bug too dangerous to identify
Vendor offers 20% discount on new model, but not patches Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.…
Data is the new uranium – incredibly powerful and amazingly dangerous
CISOs are quietly wishing they had less data, because the cost of management sometimes exceeds its value Column I recently got to play a 'fly on the wall' at a roundtable of chief information security officers. Beyond the expected griping and moaning about funding shortfalls and always-too-gullible users,…
Healthcare org Equinox notifies 21K patients and staff of data theft
Ransomware scum LockBit claims it did the dirty deed Equinox, a New York State health and human services organization, has begun notifying over 21 thousand clients and staff that cyber criminals stole their health, financial, and personal information in a "data security incident" nearly seven months ago.…
Palo Alto Networks tackles firewall-busting zero-days with critical patches
Amazing that these two bugs got into a production appliance, say researchers Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week.…
Navigating third-party risks
Strategies for mitigating external access vulnerabilities and safeguarding sensitive data Webinar As organizations increasingly rely on third-party contractors, vendors, and service providers, the security risks associated with third-party access can become a top priority.…
Crook breaks into AI biz, points $250K wire payment at their own account
Fastidious attacker then tidied up email trail behind them A Maryland AI company has confirmed to the Securities and Exchange Commission (SEC) that it lost $250,000 to a misdirected wire payment.…
Join in the festive cybersecurity fun
Get hands-on cybersecurity training this seasonal challenge Sponsored Post Are you ready to pit your wits against the cyber exercises featured in the Holiday Hack Challenge 2024: Snow-maggedon?…
iOS 18 added secret and smart security feature that reboots iThings after three days
Security researcher's reverse engineering effort reveals undocumented reboot timer that will make life harder for attackers Apple's latest mobile operating system, iOS 18, appears to have added an undocumented security feature that reboots devices if they’re not used for 72 hours.…