In late 2024, a significant third-party data breach was discovered involving Nationwide Recovery Services (NRS) – a debt collection agency based in Cleveland, Tennessee – that impacted multiple local governments in the region. Sensitive information from the City of Chattanooga and neighboring counties (including Hamilton County and Bradley County) was exposed when NRS’s systems were […]
A recently disclosed vulnerability in the Next.js framework (CVE-2025-29927) highlights a familiar but serious problem: small implementation details can have big security consequences. This particular issue carries a CVSS score of 9.1 and allows attackers to bypass middleware-based authorization checks in self-hosted Next.js apps — meaning requests could reach protected endpoints without ever triggering the […]
American Water Works, the largest regulated water provider in the United States, recently suffered a cyberattack that forced the company to shut down its MyWater app and pause billing services. With a reach spanning over 14 million people across 24 states, American Water supplies essential water and wastewater services to residential, commercial, and industrial clients, […]
Even the most jaded cybersecurity veterans are finding it hard to ignore Barracuda Networks’ latest security advisory, thanks to its peculiar remediation guidance. The advisory pertains to a rather nasty vulnerability in their Email Security Gateway (ESG) products, a flaw so severe it’s like leaving your front door wide open with a neon sign saying […]
GiveSendGo was started in 2013 as a small company designed to service the niche market of fundraisingfor Christian causes. As GoFundMe started to react to political pressures in regards to some of itscontroversial campaigns, GiveSendGo began receiving more attention as a possibility for crowdfundingneeds. The trickle of interest became a groundswell when GoFundMe refused to […]
Understanding your world better “My favorite benefit of IoT is the learning paths it unlocks for people who get interested in it,” says Dana Wills, information security consultant for Asteros. Wills explains that IoT devices allow people to get more familiar with the things in their house and how they work. “It’s amazing to see […]
A newly discovered vulnerability in a incredibly popular Java logging library, log4j, was made public today. The ease of exploitation appears to be relatively low while the severity is critical, with successful exploitation resulting in remote code execution. The issue has been assigned the CVE number CVE-2021-44228 and is being called Log4Shell. What is affected?Apache […]
3. Employees Dana Wills, information security consultant at Asteros, says the top data security threat comes from lack of proper employee security awareness training. Untrained employees are more likely to fall victim to social engineering and phishing attacks, which are the most common ways attackers breach organizations. “All employees and contractors should undergo training on […]
“Attribution for the reported attack on REvil will be difficult, said Dana Wills, an information security consultant for Asteros, a cybersecurity vendor. “In this case, with Russia under pressure to act, threats from the U.S. government to take down the group, incentives of rival hacking groups, and possible insider threats within the organization, it may never […]