Bad actors exploited RCE in Progress Telerik to hack US agency server
Multiple cyber threat actors exploited a vulnerability that was first documented in 2019 allowed them to access a federal agency’s web server, CISA reported.
MKS Instruments hit with lawsuit following ransomware attack
A former employee leading a class action lawsuit against the semiconductor chipmaker claims the firm’s cybersecurity negligence led to the ransomware attack.
Research indicates humans are still better than ChatGPT at phishing — for now
A study sampling 53,000 email users in more than 100 countries found that professional red teamers crafted phishing emails that generated a click rate of 4.2%, while ChatGPT-generated emails induced just a 2.9% click rate.
Feds fine Florida children’s health insurance site for massive 2020 hack
Jelly Bean Communications didn’t patch known flaws in its website, which led to the hacking of over 500,000 applications of a Florida children’s health insurance site, DoJ argued.
Microsoft March Patch Tuesday fixes two zero-day bugs
Microsoft patches fixes two zero-day bugs as part of March Patch Tuesday roundup.
DC Health Link confirms leak of congressional members’ health data
An update by DC Health Link confirmed some of the stolen congressional members’ data was leaked.
Fewer than 10% of IT organizations fully document their APIs
EMA survey says while the vast majority of companies are confident in their security and API strategies, only a small group does the stringent documentation needed in today’s threat environment.
Three takeaways for cyber pros from the FBI’s 2022 Internet Crime Report
The potential total loss from cybercrime in 2022 increased to over $10.2 billion from $6.9 billion in 2021, despite a 5% decrease in the number of complaints reported to the FBI.
Zoll Medical notifies 1M patients of data breach tied to LifeVest device
This week’s healthcare data breach roundup includes hackers demanding $4.5 million from Barcelona hospital ransomware attack after claiming to steal 4.5TB of patient data.
CISA pilot program scans critical infrastructure for bugs to help thwart ransomware attacks
Critical infrastructure entities gain CISA support to identify and patch known vulnerabilities.