US-CERT Vulnerability Summary for the Week of December 11, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
News
Are We Ready to Give Up on Security Awareness Training?
Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is...
New Malvertising Campaign Distributing PikaBot Disguised as Popular Software
The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate...
Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide
The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according...
8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware
The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to...
Former It Manager Pleads Guilty To Attacking High School Network
Conor LaHiff, a former IT manager for a New Jersey public high school, has admitted to committing a cyberattack against...
Mortgage Giant Mr Cooper Data Breach Affects 147 Million People
Mr. Cooper is sending data breach notifications warning that a recent cyberattack has exposed the data of 14.7 million customers...
Fbi Play Ransomware Breached 300 Victims Including Critical Orgs
The Federal Bureau of Investigation (FBI) says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022...
Microsoft Discovers Critical Rce Flaw In Perforce Helix Core Server
Four vulnerabilities, one of which is rated critical, have been discovered in the Perforce Helix Core Server, a source code...
Vans And North Face Owner Vf Corp Hit By Ransomware Attack
American global apparel and footwear giant VF Corporation, the owner of brands like Supreme, Vans, Timberland, and The North Face,...
Xfinity Discloses Data Breach After Recent Citrix Server Hack
Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in...
Active Exploitation of Zero-Day Vulnerability in QNAP VioStor Network Video Recorder (NVR)
QNAP has released security updates to address a zero-day vulnerability (CVE-2023-47565) in their NVR products. The vulnerability is reportedly being...
Critical Vulnerability in WordPress Backup Migration Plugin
WordPress has released updates addressing a critical vulnerability (CVE-2023-6553) in their Backup Migration plugin. The vulnerability has a Common Vulnerability...
Technology Manufacturers Urged to Eliminate Passwords
The US Cybersecurity and Infrastructure Security Agency (CISA) has published a two-point plan urging technology manufacturers to get rid of...
MongoDB Investigates Customer Account Data Breach
Database provider MongoDB has alerted customers to a data breach in which some account and contact information was compromised.An email...
ALPHV Second Most Prominent Ransomware Strain Before Reported Downtime
ALPHV was the second-most leveraged ransomware strain in North America and Europe between January 2022 and October 2023, just before...
Insurer’s UK Honeypots Attacked 17 Million Times Per Day
Legacy vulnerabilities and Remote Desktop Protocol (RDP) endpoints are being singled out by attackers, according to new data based on...
MOVEit Vulnerability Hits Delta Dental: 7 Million Records Exposed
Delta Dental of California and affiliates disclosed a data breach following a global security incident linked to the vulnerability in MOVEit...
Qakbot’s Low-Volume Resurgence Targets Hospitality
Cybersecurity researchers spotted new Qakbot activity targeting the hospitality industry last week.According to a Saturday post on X (formerly Twitter)...
Top 7 Trends Shaping SaaS Security in 2024
Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices,...
Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges
The developers of the information stealer malware known as Rhadamanthys are actively iterating on its features, broadening its information-gathering capabilities...
Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits
Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to...
Unmasking the Dark Side of Low-Code/No-Code Applications
Low-code/no-code (LCNC) and robotic process automation (RPA) have gained immense popularity, but how secure are they? Is your security team...
Active Exploitation of Zero-Day Vulnerability in QNAP VioStor Network Video Recorder (NVR)
QNAP has released security updates to address a zero-day vulnerability (CVE-2023-47565) in their NVR products. The vulnerability is reportedly being...
