Okta hit by third-party data breach exposing employee information
Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was...
News
Your end-users are reusing passwords – that’s a big problem
Password reuse is a difficult vulnerability for IT teams to get full visibility over. The danger is often hidden until...
Boeing confirms cyberattack amid LockBit ransomware claims
Aerospace giant Boeing is investigating a cyberattack that impacted its parts and distribution business after the LockBit ransomware gang claimed...
HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks
The HelloKitty ransomware operation is exploiting a recently disclosed Apache ActiveMQ remote code execution (RCE) flaw to breach networks and encrypt...
New macOS ‘KandyKorn’ malware targets cryptocurrency engineers
A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group,...
Atlassian warns of exploit for Confluence data wiping bug, get patching
Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used...
Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems
U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems,...
BlackCat ransomware claims breach of healthcare giant Henry Schein
The BlackCat (ALPHV) ransomware gang claims it breached the network of healthcare giant Henry Schein and stole dozens of terabytes...
Ace Hardware says 1,202 devices were hit during cyberattack
Ace Hardware confirmed that a cyberattack is preventing local stores and customers from placing orders as the company works to...
US-CERT Vulnerability Summary for the Week of October 23, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info projectworlds_pvt._limited -- online_art_gallery Online Art Gallery v1.0 is vulnerable to multiple...
Iran’s MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign
The Iranian nation-state actor known as MuddyWater has been linked to a new spear-phishing campaign targeting two Israeli entities to...
Mysterious Kill Switch Disrupts Mozi IoT Botnet Operations
The unexpected drop in malicious activity connected with the Mozi botnet in August 2023 was due to a kill switch...
FIRST Announces CVSS 4.0 – New Vulnerability Scoring System
The Forum of Incident Response and Security Teams (FIRST) has officially announced CVSS v4.0, the next generation of the Common...
SaaS Security is Now Accessible and Affordable to All
This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique "freemium"...
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover
As many as 34 unique vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers could be exploited by...
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability
Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message...
Hackers exploit recent F5 BIG-IP flaws in stealthy attacks
F5 is warning BIG-IP admins that devices are being breached by "skilled" hackers exploiting two recently disclosed vulnerabilities to erase...
LayerX Enterprise Browser Security Extension – Secure the Modern Workspace
The browser has become the main work interface in modern enterprises. It’s where employees create and interact with data, and...
Toronto Public Library outages caused by Black Basta ransomware attack
The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. The Toronto Public Library...
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide
Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the...
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online
Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability. Apache...
New CVSS 4.0 vulnerability severity rating standard released
The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common...
Mozi malware botnet goes dark after mysterious use of kill-switch
Mozi malware botnet activity faded away in August after a mysterious unknown party sent a payload on September 27, 2023,...
F5 BIG-IP Remote Code Execution Vulnerability
A vulnerability was identified in F5 BIG-IP. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted...