FTC orders non-bank financial firms to report breaches in 30 days
The U.S. Federal Trade Commission (FTC) has amended the Safeguards Rules, mandating that all non-banking financial institutions report data breach...
News
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked
Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as...
RCE exploit for Wyze Cam v3 publicly released, patch now
A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and...
US-CERT Vulnerability Summary for the Week of October 23, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info projectworlds_pvt._limited -- online_art_gallery Online Art Gallery v1.0 is vulnerable to multiple...
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware
A pro-Hamas hacktivist group has been observed using a new Linux-based wiper malware dubbed BiBi-Linux Wiper, targeting Israeli entities amidst...
Malvertising via Dynamic Search Ads delivers malware bonanza
Most, if not all malvertising incidents result from a threat actor either injecting code within an existing ad, or intentionally...
ServiceNow Data Exposure: A Wake-Up Call for Companies
Earlier this week, ServiceNow announced on its support site that misconfigurations within the platform could result in "unintended access" to...
New Webinar: 5 Must-Know Trends Impacting AppSec
Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file...
EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub
A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management...
Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware
A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as...
Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes
Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by...
New Hunters International ransomware possible rebrand of Hive
A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the...
Pirate IPTV network in Austria dismantled and $1.74 million seized
The Austrian police have arrested 20 people across the country linked to an illegal IPTV network that, between 2016 and...
US-CERT Vulnerability Summary for the Week of October 16, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info1e -- platformAffected 1E Platform versions have a Blind SQL Injection vulnerability...
Hackers email stolen student data to parents of Nevada school district
Image: CCSD The Clark County School District (CCSD) in Nevada is dealing with a potentially massive data breach, as hackers...
HackerOne paid ethical hackers over $300 million in bug bounties
HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability...
US-CERT Vulnerability Summary for the Week of October 16, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info1e -- platformAffected 1E Platform versions have a Blind SQL Injection vulnerability...
Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
New findings have shed light on what's said to be a lawful attempt to covertly intercept traffic originating from jabberru...
Lazarus hackers breached dev repeatedly to deploy SIGNBT malware
The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings...
F5 fixes BIG-IP auth bypass allowing remote code execution attacks
A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the...
The Week in Ransomware – October 27th 2023 – Breaking Records
Ransomware attacks are increasing significantly, with reports indicating that last month was a record month for ransomware attacks in 2023....
Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto
The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug...
CISO Best Practices for Managing Cyber Risk
Leading CISOs have offered best practices for security leaders on how to manage cyber risks effectively during the ISC2 Security...
CISOs Can Elevate Their Role with New Cyber Regulations
New cybersecurity rules and regulations offer security leaders a great opportunity to elevate their role at their organizations, boosting security...
