The U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to secure patients’ health data following a surge in massive healthcare data leaks. […]
Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents
The United States Treasury Department said it suffered a “major cybersecurity incident” that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents.
“On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based
“On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based
Chinese Hackers Accessed US Treasury Workstations in ‘Major’ Cybersecurity Incident
Chinese hackers remotely accessed US Treasury Department workstations after compromising a cloud-based service operated by BeyondTrust.
The post Chinese Hackers Accessed US Treasury Workstations in ‘Major’ Cybersecurity Incident appeared first on SecurityWeek.
Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation
Cybersecurity researchers have uncovered three security weaknesses in Microsoft’s Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment.
“Exploiting these flaws could allow attackers to gain persistent access as shadow administrators
“Exploiting these flaws could allow attackers to gain persistent access as shadow administrators
US Treasury Department breached through remote support platform
Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency. […]
Hackers exploit Four-Faith router flaw to open reverse shells
Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers. […]
Microsoft issues urgent dev warning to update .NET installer link
Microsoft is forcing .NET developers to quickly update their apps and developer pipelines so they do not use ‘azureedge.net’ domains to install .NET components, as the domain will soon be unavailable due to the bankruptcy and imminent shutdown of CDN provider Edgio. […]
Palo Alto Networks Patches Firewall Zero-Day Exploited for DoS Attacks
Palo Alto Networks has patched CVE-2024-3393, a vulnerability that has been exploited for DoS attacks against the company’s firewalls.
The post Palo Alto Networks Patches Firewall Zero-Day Exploited for DoS Attacks appeared first on SecurityWeek.
Four-Faith Industrial Router Vulnerability Exploited in Attacks
Threat actors are exploiting a command injection vulnerability in Four-Faith industrial routers to deploy a reverse shell.
The post Four-Faith Industrial Router Vulnerability Exploited in Attacks appeared first on SecurityWeek.
New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
The United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients’ data against potential cyber attacks.
The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the
The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the