Security Week

Medusind, a Florida-based medical and dental billing solutions provider, revealed a data breach affecting over 360,000 individuals, discovered on December 29, 2023.

Veracode, a software code analysis firm based in Burlington, Massachusetts, has acquired key assets from Phylum, a Colorado-based startup specializing in software supply chain security.

Richmond University Medical Center in Staten Island, New York, confirmed that a ransomware attack in May 2023 led to a data breach affecting over 670,000 individuals.

Cybercriminals who hacked Rhode Island’s RIBridges system, which supports health and benefits programs, have released stolen data on the dark web, prompting the state to encourage residents to protect their personal information.

Chinese hackers accessed U.S. Treasury Department workstations and unclassified documents after exploiting a vulnerability in a cloud-based service operated by BeyondTrust, which supports technical operations for the department.

General Dynamics disclosed that a phishing campaign successfully targeted its personnel, compromising 37 employee benefits accounts.

Japan Airlines (JAL) experienced a cyberattack on Thursday that caused delays to 24 domestic flights but posed no threat to flight safety.

American Addiction Centers (AAC) has disclosed a data breach that compromised the personal information of 422,424 individuals.

Ascension Health is notifying approximately 5.6 million individuals of a ransomware attack in May 2024 that compromised their personal, medical, and payment data. The attack occurred on May 8, causing significant service disruptions that led hospitals to revert to downtime procedures and divert emergency services.

McDonald’s India patched critical API vulnerabilities in its McDelivery system that could have enabled free orders, data theft, and driver information leaks.

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to federal agencies to patch a critical vulnerability in BeyondTrust's remote access products by December 27. The vulnerability, CVE-2024-12356, is a command injection flaw (CVSS score of 9.8) that can be exploited without authentication and has been actively exploited in the wild.

LKQ Corporation, a leading US auto parts provider with 45,000 employees across 1,600 locations globally, disclosed a cyberattack affecting a Canadian business unit. Unauthorized access to IT systems was detected on November 13, causing disruptions for a few weeks, though operations have largely recovered.