27 matches found
EUVD-2014-5872
Malware in sbrugna...
Malicious ad distributes SocGholish malware to Kaiser Permanente employees
On December 15, we detected a malicious campaign targeting Kaiser Permanente employees via Google Search Ads. The fraudulent ad masquerades as the health care company's HR portal used to check for benefits, download paystubs and other corporate related tasks. We believe the threat actors' intent...
Kaiser health insurance leaked patient data to advertisers
Health insurance giant Kaiser has announced it will notify millions of patients about a data breach after sharing patients’ data with advertisers. Kaiser said that an investigation led to the discovery that “certain online technologies, previously installed on its websites and mobile applications...
CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that it...
kaiser-thb.de Cross Site Scripting vulnerability OBB-2799085
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Email compromise leads to healthcare data breach at Kaiser Permanente
At least 69,000 people have been impacted by a data breach at Kaiser Permanente, a long-running managed healthcare consortium. The latest in a long-running series of healthcare attacks, the road to stolen data began on April 5 this year with an email compromise. The direct path to data A...
Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach
Kaiser Permanente suffered a data breach due to email compromise on April 5 that potentially exposed the medical records of nearly 70,000 patients, the company revealed earlier this month. Attackers gained access to the emails of an employee at Kaiser Foundation Health Plan of Washington that...
residency-mas.kaiserpermanente.org Open Redirect vulnerability OBB-2291319
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Customer Care Giant TTEC Hit By Ransomware
TTEC, NASDAQ: TTEC, a company used by some of the worlds largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned. While many companies have been...
kaiser-ee.sk Cross Site Scripting vulnerability OBB-1370208
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
kaiser-eurmark.fi Cross Site Scripting vulnerability OBB-1370206
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
kaiser-immobilien.de Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-946269 Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting kaiser-immobilien.de website...
kernel security and bug fix update
2.6.32-696.20.1.OL6 - Update genkey bug 25599697 2.6.32-696.20.1 - x86 kaiser/efi: unbreak tboot Waiman Long 1519799 1519802 CVE-2017-5754 - x86 pti/mm: Fix trampoline stack problem with XEN PV Waiman Long 1519799 1519802 CVE-2017-5754 - x86 pti/mm: Fix XEN PV boot failure Waiman Long 1519799...
kernel security and bug fix update
3.10.0-693.17.1.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-693.17.1 - s390 locking/barriers: remove old gmb macro definition Denys Vlasenko...
Unbreakable Enterprise kernel security update
4.1.12-112.14.10 - x86/ia32: save and clear registers on syscall. Jamie Iles Orabug: 27355759 CVE-2017-5754 - x86/IBRS: Save current status of MSRIA32SPECCTRL Boris Ostrovsky Orabug: 27355887 - pti: Rename X86FEATUREKAISER to X86FEATUREPTI Pavel Tatashin Orabug: 27352353 CVE-2017-5754 - usb/core:...
Experts Weigh In On Spectre Patch Challenges
The race to patch against the Meltdown and Spectre processor vulnerabilities disclosed last week is on. As of today, there are no known exploits in the wild impacting vulnerable Intel, AMD and ARM devices. Currently, vendors are focused on three main mitigation efforts. Patches that address the...
Oracle Linux 7 : kernel (ELSA-2018-0007)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0007 advisory. - x86 specctrl: Eliminate redundant FEATURE Not Present messages Andrea Arcangeli 1519795 1519798 CVE-2017-5715 - x86 mm/kaiser: inittss is supposed to...
Oracle Linux 6 : kernel (ELSA-2018-0008)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0008 advisory. - x86 specctrl: svm: specctrl at vmexit needs per-cpu areas functional Waiman Long 1519797 1519796 CVE-2017-5715 - x86 specctrl: Eliminate redundnat...
SUSE-SU-2018:0010-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory bnc1068032. - CVE-2017-5753 / 'SpectreAttack': Local attackers...
SUSE-SU-2018:0012-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory bnc1068032. - CVE-2017-5753 / 'SpecŧreAttack': Local attackers...