British Library Confirms Ransomware Attack Caused Outages
After announcing that it had experienced a major outage at the beginning of the month, The British Library confirmed on Nov. 14 that the disruption was due to a ransomware attack. And recovery has been slow. Three weeks after the attack, the library’s website is still offline. The IT outage affects the library’s online systems,…
Zimbra zero-day exploited to steal government emails by four groups
Google Threat Analysis Group (TAG) researchers revealed that a zero-day vulnerability, tracked as CVE-2023-37580 (CVSS score: 6.1), in the Zimbra Collaboration email software was exploited by four different threat actors to steal email data, user credentials, and authentication tokens from government organizations. The experts observed that most of the attacks took place after the public…
CISA, FBI Issue New Warning Following Las Vegas Cyberattack
The FBI and U.S. Cybersecurity and Infrastructure Security Agency are urging critical infrastructure organizations to implement mitigation techniques to thwart a cybercriminal group known as Scattered Spider that targets major companies and their IT help desks. A joint advisory describes the hacking group, also known as Octo Tempest and UNC3944, as having expertise in social…
Rackspace Ransomware Costs Soar to Nearly $12M
Financial disclosures filed over the past year show that Rackspace Technology has continued to rack up expenses and losses following last year’s December ransomware attack on one of its hosted Microsoft Exchange servers. So far, the incident costs have soared well into eight figures. Rackspace is a Texas-based, cloud computing services provider, largely for small…
EU Tightens Cybersecurity Requirements for Critical Infrastructure and Services
The European Union’s NIS2 Directive 2022/2555 is legislation aimed at improving the security and resilience of network and information systems across the EU. Although the legislation is already in effect, EU members have until October 2024 to transpose the directive into national law. Each organization encompassed by the directive will be legally obligated to live…
21 Vulnerabilities Discovered in Crucial IT-OT Connective Routers
Researchers have discovered 21 vulnerabilities in a popular brand of industrial router. On Dec. 7 at Black Hat Europe, analysts from Forescout will reveal the bugs — including one of 9.6 “Critical” severity on the CVSS scale, and nine “High” severity — affecting a brand of operational technology (OT)/Internet of Things (IoT) routers especially common…
Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion
As part of its scheduled Patch Tuesday updates, Adobe documented 72 distinct security bugs and called special attention to code-execution defects in the widely deployed Adobe Acrobat and Reader software. In a critical-severity bulletin, Adobe documented at least 17 Acrobat and Reader bugs that expose unpatched Windows and macOS systems to arbitrary code execution and…
‘Hunters International’ Cyberattackers Take Over Hive Ransomware
The FBI may have successfully disrupted the destructive Hive ransomware operation earlier this year, but the group’s malware code continues to present a threat to organizations everywhere. In October, a security researcher’s analysis of a ransomware used by new group called Hunters International showed substantial code overlaps with Hive ransomware. A subsequent analysis by Bitdefender…
Cohesity taps Amazon for generative AI, cloud-based security
Bringing its security and data analysis capabilities to a new potential audience, data security and multicloud data management provider Cohesity is now taking signups for access to its Turing generative AI features via Amazon’s Bedrock front-end for cloud-based AI. Cohesity Turing’s AWS-available features, the company announced Monday, will center on three main areas. The first…
McLaren Health Care revealed that a data breach impacted 2.2 million people
McLaren Health Care (McLaren) disclosed a data breach that occurred between late July and August. The security breach exposed the sensitive personal information of 2,192,515 people. McLaren Health Care is a nonprofit health care organization based in Grand Blanc, Michigan, USA. It is a $6.6 billion, fully integrated health care delivery system committed to quality,…
