Apple classified a recently patched Vision Pro vulnerability as a Denial-of-Service (DoS) issue, but it has been proven to be a much scarier bug. Apple recently announced the release of version 1.2 of visionOS, the operating system run by its Vision Pro Virtual Reality (VR) headset. The update fixes several vulnerabilities, but one appears to be the first flaw specific to this product and the "first ever spatial computing hack." The vulnerability stems from the processing of specially crafted web content and can cause a DoS condition.

Threat actors released nearly 400GB of data from the pathology provider Synnovis, including National Health Service (NHS) patient data. The ransomware group "Qilin" accessed the data in the June 2024 attack on the critical NHS supplier Synnovis. On June 20, the gang posted the information on its darknet site and Telegram channel. NHS numbers, patient names, and blood test descriptions were allegedly included. In addition, business account spreadsheets have been uploaded, detailing different arrangements. This article continues to discuss the leak of data stolen from Synnovis.

The US Department of Commerce has announced a US-wide ban on Kaspersky cybersecurity and antivirus software because of the national security risk posed by Kaspersky's ability to gather valuable US business information and US persons' sensitive data for malicious use by the Russian government. Beginning July 20, 2024, Kaspersky is not allowed to enter into any new agreements with US citizens involving its cybersecurity and antivirus products and services. This article continues to discuss the US ban on Kaspersky cybersecurity and antivirus software.

Since August 2023, "SneakyChef," a previously undocumented Chinese-speaking threat actor, has been linked to an espionage campaign targeting government entities in Asia and EMEA (Europe, Middle East, and Africa) with "SugarGh0st" malware. According to Cisco Talos researchers, SneakyChef uses scanned government documents, mostly from different countries' Ministries of Foreign Affairs or embassies, as lures. This article continues to discuss findings regarding SneakyChef's global espionage campaign.

Threat actors are using publicly available Proof-of-Concept (PoC) code in their initial attempts to exploit a recently patched SolarWinds Serv-U vulnerability, according to the threat intelligence company GreyNoise. The exploited flaw is a severe directory traversal vulnerability that enables attackers to read sensitive files on the host machine. This article continues to discuss findings regarding threat actors' exploitation of a recent path traversal vulnerability in SolarWinds Serv-U using public PoC code.

The US subsidiary of the Spain-based bank Santander is notifying over 12,000 employees that a third-party data breach compromised their personal information. According to the bank, the hackers accessed employee names, Social Security numbers, and bank account information. The incident is believed to be related to a data breach disclosed by the global banking group in mid-May, which was later revealed to be associated with the massive attack on improperly protected Snowflake customer accounts. This article continues to discuss the Santander data breach linked to the Snowflake attack.

Change Healthcare just started to notify hospitals, insurers, and other customers that they may have had patient information exposed in a massive cyberattack.  The company also said that it expects to begin notifying individuals or patients in late July.  Change Healthcare, a subsidiary of healthcare giant UnitedHealth Group provides technology used to submit and process billions of insurance claims a year.  Hackers gained access to its system in February and unleashed a ransomware attack that encrypted and froze large parts of it.

The US Cybersecurity and Infrastructure Security Agency (CISA) recently revealed that its Chemical Security Assessment Tool (CSAT) was breached by a malicious actor and warned chemical facilities that sensitive data may have been exfiltrated.  CISA noted that the attackers exploited a zero-day vulnerability in an Ivanti Connect Secure appliance to infiltrate CSAT from January 23 to 26, 2024.