The personal data of at least 1.3 million Indonesian residents, stored on two government-developed COVID-19 tracking apps, PeduliLindungi and eHAC, has been leaked online, according to security researchers. President Joko Widodo is among those affected.
Google has identified three critical vulnerabilities affecting several Netgear smart switch products that, if exploited, give the attacker complete control over the compromised device. Netgear has issued a security advisory confirming that it has issued patches for 20 impacted products.
Several security vulnerabilities in infusion pump products from B. Braun could collectively allow malicious actors to modify the dose of medicines delivered to patients, says Douglas McKee, a security researcher on a McAfee Enterprise team that recently discovered the flaws.
Cyber Command and the U.S. Cybersecurity and Infrastructure Security Agency issued alerts Friday warning those using Atlassian's Confluence and Data Center products that attackers are actively exploiting the critical remote code execution vulnerability CVE-2021-26084.
Autodesk, a California-based design software and 3D technology firm, now says it was one of several tech and security companies targeted by a Russian-linked group that carried out the supply chain attack against SolarWinds, according to a financial filing with the SEC.
Security firm Cisco Talos reported this week that cybercriminals have found a new way to make money from their victims, by abusing internet-sharing "proxyware" platforms such as Honeygain and Nanowire to illegally share their victim’s internet connection.
The House began debate Wednesday on legislation that would require companies that own or operate parts of the nation's critical infrastructure to report a cyberattack or breach within 72 hours of confirmation.
After suffering a network systems outage that lasted at least a week in July, DuPage Medical Group, the largest multispeciality group practice in Illinois, is now reporting a data breach affecting more than 655,000 individuals.
Users of OpenSea, a marketplace for blockchain-based digital assets such as crypto collectibles and non-fungible tokens, are being targeted by scammers pretending to be the company's support staff on Discord. The attackers exploited a method OpenSea uses to service support tickets on Discord.
Because a relatively small number of individuals provide the vast majority of services and infrastructure that power cybercrime, they remain top targets for arrest - or at least disruption - by law enforcement authorities, says cybercrime expert Alan Woodward. But of course, geopolitics sometimes gets in the way.
Phishing, ransomware and unauthorized access remain the leading causes of personal data breaches as well as violations of data protection rules, Britain's privacy watchdog reports. The U.K. government has also been caught out by breaches and leaks involving military secrets and CCTV footage from a government building.
The latest edition of the ISMG Security Report features an analysis of the cybercrime-as-a-service model and how law enforcement could potentially disrupt it. Also featured: T-Mobile probes a massive data breach; tackling abuse in the workplace.