An American chain of addiction clinics has leaked the data of more than 422,000 patients. This includes name, address information, telephone number, date of birth, medical file number, social security number and health insurance information that have come into the hands of attackers, American Addiction Centers said in a letter to affected patients. Treatment information […]

A critical path traversal vulnerability in the Fortinet Wireless Manager (FortiWLM) could allow an unauthenticated attacker to gain access to sensitive files. The impact of the vulnerability is rated 9.6 on a scale of 1 to 10. Fortinet has released security updates to fix the problem. Through the Fortinet Wireless Manager, an ‘application suite’, organizations

The British regulator ICO is not happy with a decision by Google to allow fingerprinting for advertisements. “Our response is clear: companies do not have free rein to use fingerprinting as they wish. Like any advertising technology, it must be applied lawfully and transparently and if it is not, the ICO will take action,” said

A critical vulnerability in Apache Tomcat allows remote code execution. The Apache Foundation released a security update last week, but it did not appear to completely solve the problem, and a new patch has now been made available. Tomcat is software for running a web server. Last Tuesday, the Apache Foundation warned about a vulnerability

Millions of people do not know how to delete data from an old device, according to the British privacy regulator ICO based on research it conducted among almost 2,200 Britons. Nearly 30 percent of survey participants do not know how to delete personal information, which equates to around 14 million Britons, the ICO said. According

This year, criminals have managed to steal $2.2 billion from crypto platforms, mainly due to compromised private keys, according to blockchain analysis company Chainalysis based on its own research. The $2.2 billion is an increase of 21 percent compared to the $1.8 billion stolen last year, but less than the record year of 2022, when

McDonald’s India has leaked customer and delivery person data due to a vulnerability in an API (Application Programming Interface) used. In addition, it was possible to hijack customer orders, place orders for just one cent, provide feedback on other customers’ orders, view details of each order, and download invoices. This involved the name, email address,

In short: Key Point Details Company Affected BeyondTrust Type of Attack Break-in into customers’ Remote Support SaaS instances Discovery Date Potentially suspicious behavior noted on December 2, confirmed on December 5 Vulnerabilities Identified Two vulnerabilities found, including CVE-2024-12356 with a severity rating of 9.8/10 Government Warning CISA warns of exploitation of CVE-2024-12356; no confirmation that

About a hundred thousand smart TVs from manufacturer Yandex are supplied with pre-installed Android malware called BadBox, security company Bitsight claims based on its own research. In total, the company counted 192,000 Android devices infected with BaxBox. Once active, the malware can steal two-factor keys, install additional malware and attack other devices on the network,

OpenAI used personal data to train ChatGPT without having a valid basis for doing so. In addition, the organization concealed a data breach, was not transparent towards users, lacked age verification and the mandatory information provision was inadequate, according to the Italian privacy regulator GPDP. It imposed a fine of fifteen million euros on OpenAI