UnitedHealth now says 190 million impacted by 2024 data breach
UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure. In October, UnitedHealth reported to the US Department of Health and...
TalkTalk investigates breach after data for sale on hacking forum
UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum. "As part of our regular security monitoring, given our ongoing focus on protecting customers'...
PayPal to pay $2 million settlement over 2022 data breach
New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state's cybersecurity regulations, leading to a 2022 data breach. The Department of Financial Services (DFS) action says that threat actors took advantage...
Mysterious backdoor found on select Juniper routers • The Register
Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023. The devices were infected with what appears to be a variant of cd00r, a publicly available...
UK telco TalkTalk launches probe into alleged data grab • The Register
UK broadband and TV provider TalkTalk says it's currently investigating claims made on cybercrime forums alleging data from the company was up for grabs. An individual using the handle "b0nd" laid claim to a batch of data, which they claimed relates to nearly...
AI startup founder, wife indicted over $60M fraud claims • The Register
The co-founder and former CEO of AI startup GameOn is in a pickle. After exiting the top job last year under a cloud, he's now in court – along with his wife – for allegedly bilking his company and its investors out of more than $60 million. Federal prosecutors...
Zyxel warns of bad signature update causing firewall boot loops
Zyxel is warning that a bad security signature update is causing critical errors for USG FLEX or ATP Series firewalls, including putting the device into a boot loop. "We've found an issue affecting a few devices that may cause reboot loops, ZySH daemon...
Microsoft to deprecate WSUS driver synchronization in 90 days
Microsoft has reminded Windows administrators that driver synchronization in Windows Server Update Services (WSUS) will be deprecated on April 18, 90 days from now. The company first announced the deprecation in June 2024, when it also encouraged customers to...
Subaru Starlink flaw let hackers hijack cars in US and Canada
Security researchers have discovered an arbitrary account takeover flaw in Subaru's Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate. Bug bounty hunter Sam Curry...
Patch this hole or risk Kubernetes Windows node hijackings • The Register
A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster, and thus fully take over those systems, according to Akamai researcher Tomer Peled. Peled...