Canadian heart monitoring and medical electrocardiogram solutions provider CardioComm recently announced it has taken systems offline following a cyberattack.  The company stated that the cyberattack impacted its production server environments and…

Security researchers at Check Point have discovered that internet-connected Peloton fitness equipment is plagued with numerous security issues that could allow attackers to obtain device information or deploy malware.  The researchers analyzed the…

According to a study by Rezilion, the new Machine Learning (ML)-based Exploit Prediction Scoring System (EPSS) can help overcome the limitations of existing vulnerability tracking systems. Researchers at Rezilion say that the leading vulnerability…

DepositFiles is a service that claims to be the ideal location to store and share files. However, researchers discovered DepositFiles' publicly hosted environment configuration (config) file, a critical record of how to run software. The file exposed…

The UK’s leading cybersecurity agency NCSC has released new guidance for system owners and technical staff on managing shadow IT in their organization.  Shadow IT refers to the devices and services employees use for work without the IT department…

In the first quarter of 2023, the number of incidents involving infostealer malware more than doubled compared to last year, mainly targeting Windows, Linux, and macOS. According to a recent study by Uptycs, most of the perpetrators behind infostealer…

Now that the cross-sector Cybersecurity Performance Goals (CPGs) have been published, the US Cybersecurity and Infrastructure Security Agency (CISA) is collaborating with Sector Risk Management Agencies (SRMAs) to develop Sector-Specific Goals (SSGs) for…

A cyberattack on an NHS supplier has recently left two ambulance trusts serving millions of people without access to electronic patient records.  Swedish healthcare IT firm Ortivus said in a statement that an attack on July 18 left affected UK…

As part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners, misconfigured and inadequately secured Apache Tomcat servers are being targeted. Over 800 attacks were detected against Aqua's Tomcat server honeypots over…

Two recently introduced Linux vulnerabilities in the Ubuntu kernel make it possible for unprivileged local users to acquire elevated privileges on a large number of devices. Ubuntu is one of the most popular Linux distributions, particularly in the US,…

The Securities and Exchange Commission (SEC) has adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to annually disclose material information regarding their cybersecurity risk management, strategy, and…

Hackers are planting "malvertisements" for widely-used Information Technology (IT) tools on search engines in an attempt to lure IT professionals and conduct ransomware attacks in the future. The scheme involves pay-per-click advertisements on Google and…