IdentityKaiser Permanente notifies 13.4M patients of potential data exposureSteve ZurierApril 26, 2024Patient data may have been transferred via apps to third-party vendors like Google, Microsoft and X.
Cloud SecurityRubrik IPO signals potential cybersecurity-led tech market revivalLaura FrenchApril 25, 2024Market experts say a resurgence of successful cybersecurity IPOs is likely on the way.
Application securityAfter a 19-month saga, Broadcom finally patches Brocade SANnav bugsSteve ZurierApril 25, 2024Security pros say given the complexity of SAN management tools, it’s understandable the patches took so long.
Network SecurityCisco firewalls targeted in sophisticated nation-state espionage hackSimon HenderyApril 25, 2024Security agencies sound alarm over campaign aimed at Cisco’s Adaptive Security Appliance software.
Network SecurityCoralRaider leverages CDN cache domains in new infostealer campaignLaura FrenchApril 24, 2024A new CryptBot variant targets password managers and authentication apps in the new campaign.
Vulnerability ManagementGoogle patches critical type-confusion flaw in Chrome browserSteve ZurierApril 24, 2024Security pros say there’s a high potential that attackers could launch arbitrary code execution.
Network SecurityElusive group ToddyCat refines techniques for large-scale data theftSimon HenderyApril 24, 2024The stealthy threat group is particularly focused on exfiltrating data from Asia-Pacific government and defense organizations.
AI/MLTensorFlow AI models at risk due to Keras API flawLaura FrenchApril 23, 2024Arbitrary code in Lambda Layers may be unsafely executed in older versions of Keras.
RansomwareA ‘substantial proportion’ of Americans exposed in Change Healthcare cyberattackSteve ZurierApril 23, 2024Change Healthcare owner UnitedHealth Group acknowledges some customer protected health information leaked on dark web.
Network SecurityRussian group exploits Windows print spooler bug via ‘GooseEgg’ malwareSimon HenderyApril 23, 2024Microsoft says the launcher application is unique to Russia’s APT28 threat group and can lead to remote code execution.
Five ways security leaders can demonstrate the business value of cybersecuritySteve DurbinApril 26, 2024