Millions of GitHub repositories are vulnerable to a repository renaming flaw that could enable supply chain attacks, a new report by security firm Aqua said. It found 36,983 GitHub repositories vulnerable to repo jacking attacks, including Google and Lyft.
The number of victims affected by a campaign that targeted a zero-day vulnerability in Progress Software's MOVEit file transfer product continued to grow as insurer Genworth Financial reported that up to 2.7 million of its customers and agents appear to have been affected by the breach.
Every week, ISMG rounds up cybersecurity incidents around the world. This week, attackers hit European Investment Bank; a California pension fund suffered a cyberattack related to MOVEit; UPS Canada disclosed a data breach; and a new Android malware campaign spread GravityRAT spyware.
A proposed federal class action lawsuit alleges that patient debt collection software firm Intellihartx was negligent in its handling of third-party risk, contributing to a breach affecting nearly 490,000 individuals and involving a recent hack on its file transfer software vendor Fortra.
British law firms are at increased risk of being hacked due to a growing number of cybercrime-as-a-service groups, the country's top cybersecurity agency warned in a new advisory. Lawyer are under attack from cybercriminals, nation-state groups and ransomware gangs.
Fallout for Progress Software continues as hundreds of private and public sector organizations that use its MOVEit file transfer software face data breaches due to a zero-day attack. Some victims have filed a proposed class action suit in federal court, alleging poor security controls at Progress.
A surging Sonatype and Snyk joined stalwart Synopsys atop Forrester's software composition analysis rankings, while Mend.io tumbled from the leaders category. SCA historically didn't get as much attention as application security testing but that’s changing, said Forrester's Janet Worthington.
The potential for cybercriminals to reverse-engineer generative AI tools, the rise of geopolitical threats and increased cloud complexity are among the top new threats facing security teams in 2023, according to Forrester's Top Cybersecurity Threats In 2023 report.
In the latest weekly update, ISMG editors discuss how cyber risk is becoming more closely tied to the economic health of nations, why a rural U.S. healthcare provider is closing due in part to ransomware attack woes, and why some cybersecurity companies have laid off staff this month.
A company that makes patient debt collection software is the latest healthcare sector entity to report a hacking breach related to a flaw in Fortra's GoAnywhere secure file transfer software. To date, the GoAnywhere vulnerability has affected the health information of 4.4 million individuals.
CISOs need to bridge the gap between security concerns and business outcomes to ensure everyone plays an active role in third-party risk management. But effectively communicating that risk comes down to knowing your audience - from employees to the board, said CyberGRX's Caitlin Gruenberg.
With the federal government's software bill of materials regulations looming, many organizations are not ready to respond, warned CISO Sean Atkinson of the Center for Internet Security. He provided tips for ensuring transparency in the software supply chain and preparing for SBOM regulations.
The Iowa Department of Health and Human Services has reported to federal regulators its third major health data breach involving a vendor since April. This time, Iowa HHS/Medicaid says the data of nearly 234,000 individuals was compromised in a mega hack recently reported by MCNA Insurance Co.
Synopsys stands head and shoulders above the competition in Gartner's application security testing rankings, with Snyk rising and HCL Software falling from the leaders category. Longtime app security players Veracode, Checkmarx and OpenText joined Synopsys and Snyk atop the Gartner Magic Quadrant.
Healthcare providers are struggling with protecting legacy medical devices against a rising tide of cyberthreats. New Health Sector Coordinating Council guidance can help, said Jessica Wilkerson of the Food and Drug Administration and Mike Powers of Intermountain Health.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.