SecurityWeek

A class action lawsuit was filed against Geisinger for failing to properly secure patients’ personal and health information.

Vulnerability in Ghostscript (CVE-2024-29510) allows attackers to bypass sandbox for remote code execution.

With Living Off the Cloud (LOTC) attacks, hackers abuse APIs of trusted cloud services to remotely control botnets but also to make malicious traffic appear as trusted cloud traffic.

Baptiste Robert, a French cybersecurity expert, called on his government – and especially lawmakers – to prepare for the digital threats to come.

ChatGPT maker OpenAI was breached in 2023, but the company says source code and customer data were not accessed.

The Olympic Games is only 29 days long, so set up and take down is a very intense period, where the threat actors can take advantage.

Noteworthy stories that might have slipped under the radar: Microsoft details Rockwell HMI vulnerabilities, smart grills hacked, Predator spyware activity drops. 

OVHcloud says it mitigated the largest ever DDoS attack leveraging packet rate, which peaked at 840 Mpps.

Alabama’s education superintendent said some data was breached during a hacking attempt at the State Department of Education.

Lawmakers voted to advance legislation that would require AI companies to test their systems and add safety measures to prevent them from being potentially manipulated for malicious purposes.

Twilio has confirmed a data breach after hackers leaked 33 million phone numbers associated with the Authy app.

European law enforcement agency announces the takedown of nearly 600 Cobalt Strike servers linked to criminal activity.

Censys has discovered more than 380,000 hosts, including major platforms, still referencing the malicious polyfill.io domain.

Enterprise data security platform Odaseva raises $54 million in a Series C funding round led by Silver Lake Waterman.

Roundup of the more than two dozen cybersecurity-related merger and acquisition (M&A) deals announced in June 2024.

Brazil’s national data protection authority has determined that Meta cannot use data originating in the country to train its artificial intelligence.

Florida Community Health Centers says the information of 300,000 individuals was stolen in a June 2023 ransomware attack.

Patelco Credit Union shuts down banking systems and suspends electronic operations in response to a ransomware attack.

Researchers disclosed a new high-precision Branch Target Injection attack method named Indirector, but Intel says no new mitigations are needed.

The critical OpenSSH vulnerability tracked as regreSSHion and CVE-2024-6387 may already be targeted by attackers, but mass exploitation is unlikely.