The car manufacturer has disclosed that a breach discovered last November has exposed personal data of more than 53,000 current and former employees of the company.
This breach occurred during a hit on its external VPN by a threat actor who then demanded a ransom.
The company states that none of its systems was encrypted during the attack.
The employee data accessed included names and Social Security numbers but not financial details.
This attack is different from that of Nissan Oceania, which occurred at roughly the same time.
The fixes apply to four flaws in its Workstation and Fusion desktop hypervisors, three of which had been demonstrated at Pwn2Own Vancouver 2024.
In an advisory published Wednesday, which describes the workaround and fixes for the four flaws, VMware thanked the Pwn2Own participants by name, as well as the companies they worked for, StarLabs and Theori.
A link to the advisory is available in the show notes to this episode.
Researchers from Nozomi Networks have discovered 11 flaws in the Vivid T9 Ultrasound series of products, including its pre-installed Common Service Desktop web application.
These flaws could result in the installation of malware, manipulation of patient data, and could also affect a software program called EchoPAC, installed on a doctor's Windows workstation to access the ultrasound images.
According to Nozomi, successful exploitation of these flaws does require prior access to the hospital environment through stolen VPN credentials or physical insertion of an infected USB device.
The announcement, made Wednesday, means that IBM will expand its internal use of Palo Alto Networks security platforms internally, and will make it its preferred partner for network, cloud, and SOC offerings.
The two companies will work closely on DevSecOps and threat management.
Palo Alto Networks will make IBM Consulting a preferred MSSP for its customers and has agreed to acquire IBM's QRadar SaaS assets-technology.
This union is expected to be complete by the end of September.
Manufacturing, technology, and healthcare verticals suffered the greatest number of attacks, and the U.S., Canada, and the UK were the most attacked countries in terms of ransomware.
A link to the report is available in the show notes to this episode.
This has all the makings of a classic heist movie: two brothers who were educated in mathematics and computer science at MIT, then plotted for months to steal $25 million in Ethereum cryptocurrency, which they did in just 12 seconds.
This Cyber News was published on cisoseries.com. Publication date: Fri, 17 May 2024 10:43:06 +0000