Security news aggregator

Latest coverage for Compromise

Stay updated on the latest compromise incidents in infosec. Discover how breaches occur and learn strategies to protect your data and networks.

12 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Compromise in information security means unauthorized access or control over a system, network, or data, often resulting from exploiting vulnerabilities like software bugs, weak credentials, or misconfigurations. It indicates that an attacker has bypassed security measures to read, modify, or disrupt resources without permission.

Such compromises pose risks including data theft, unauthorized system manipulation, and persistent attacker presence. Detecting and containing compromises requires monitoring for unusual activity, applying timely patches, and enforcing strong access controls to limit attacker movement and reduce the impact of exploited weaknesses.

Showing 12 most recent headlines Filtered view

The Company Will Start Notifying Individuals Affected by the Breach in Late JulyChange Healthcare says it has begun to notify customers whose data was compromised in the February ransomware attack that affected scores of healthcare providers, health insurance plans and other organizations. The company will begin to notify affected individuals in late July.

Also: Critical Infrastructure Security and Fortinet's Latest AcquisitionIn the latest weekly update, ISMG editors discussed critical infrastructure security challenges, a report on the 2022 Medibank breach compromising personal data for 10 million people, and Fortinet's acquisition to integrate Lacework's cloud-native security into its Security Fabric and SASE platform.

UNC3886 Targeted Edge Devices for Persistence, Mandiant SaysA suspected Chinese hacking group used open-source rootkits to ensure persistence on compromised edge devices such as VMware ESXi servers for espionage campaigns, Google Mandiant said. The hacking group, which Mandiant tracks as UNC3886, is likely a Chinese threat group hacking for Beijing.

Midnight Blizzard Compromised Government Staff Emails for the Attack, French ANSSI SaidA Russian foreign intelligence hacking group attempted to target the French Foreign Ministry using compromised emails of government staffers, the French cyber agency said. It said the group poses a "national security concern" to French and European diplomatic interests.

Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI) files for virtual private networks (VPNs) to deliver a command-and-control (C&C) framework called Winos 4.0

State Is Latest Regulator to Take Action Against Fundraising Software FirmBlackbaud will pay $6.75 million and improve its data security practices under a settlement with California's attorney general. The settlement is the latest between the fundraising software firm and state and federal regulators in the wake of a 2020 hack that compromised sensitive data of millions.