DNA Tester 23andMe Hit By Credential Stuffing Campaign
A leading genetics testing firm has confirmed that customers had their profile information accessed by threat actors following a credential...
News
Blackbaud Settles Ransomware Breach Case For $49.5m
Software provider Blackbaud has reached a multimillion-dollar agreement with 49 states over charges connected to a massive 2020 ransomware breach...
US-CERT Vulnerability Summary for the Week of September 25, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaccusoft -- imagegearAn out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of...
US-CERT Vulnerability Summary for the Week of September 25, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaccusoft -- imagegearAn out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of...
Bounty offered for secret NSA seeds behind NIST elliptic curves algo
A bounty of $12,288 has been announced for the first person to crack the NIST elliptic curves seeds and discover...
US-CERT Vulnerability Summary for the Week of September 25, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaccusoft -- imagegearAn out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of...
D.C. Board of Elections confirms voter data stolen in site hack
Image: Lorie Shaull (CC BY 2.0 DEED) The District of Columbia Board of Elections (DCBOE) is currently probing a data leak...
Blackbaud agrees to $49.5 million settlement for ransomware data breach
Cloud computing provider Blackbaud reached a $49.5 million agreement with attorneys general from 49 U.S. states to settle a multi-state...
MGM Resorts ransomware attack led to $100 million loss, data theft
MGM Resorts reveals that last month's cyberattack cost the company $100 million and allowed the hackers to steal customers' personal...
Genetics firm 23andMe says user data stolen in credential stuffing attack
23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes...
FTC warns of ‘staggering’ losses to social media scams since 2021
The Federal Trade Commission says Americans have lost at least $2.7 billion to social media scams since 2021, with the...
GoldDigger Android Trojan Drains Victim Bank Accounts
Security researchers have discovered a prolific new Android Trojan designed to covertly harvest user information including banking app credentials, with...
US Government Proposes SBOM Rules for Contractors
Three US government agencies have proposed new rules for federal contractors which would require them to develop and maintain a...
CISA and NSA Tackle IAM Security Challenges in New Report
The CISA and the National Security Agency (NSA) have published new guidelines in a report called "Identity and Access Management:...
Scammers Impersonate Companies to Steal Cryptocurrency from Job Seekers
Security researchers have discovered a major new scam operation designed to trick job seekers into parting with cryptocurrency, by getting...
China Poised to Disrupt US Critical Infrastructure with Cyber-Attacks, Microsoft Warns
Chinese threat actors are positioning themselves to deploy major cyber-attacks against US critical national infrastructure (CNI) in the event of...
Critical Glibc Bug Puts Linux Distributions at Risk
Security researchers from the Qualys Threat Research Unit (TRU) have uncovered a new buffer overflow vulnerability within the GNU C...
CISA and NSA Publish Top 10 Misconfigurations
Two leading US government security agencies have shared the top 10 most common cybersecurity misconfigurations, in a bid to improve...
Apple Issues Emergency Patches for More Zero-Day Bugs
Apple has been forced to issue more emergency updates to fix two new zero-day vulnerabilities impacting iOS and iPadOS users.An...
AWS to Mandate Multi-Factor Authentication from 2024
Amazon Web Services (AWS) said it will require multi-factor authentication (MFA) for all privileged accounts starting mid-2024, in a bid...
Qakbot Gang Still Active Despite FBI Takedown
Despite the takedown of the Qakbot threat gang’s infrastructure by the FBI in late August, some of the group’s affiliates...
US-CERT Vulnerability Summary for the Week of September 25, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaccusoft -- imagegearAn out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of...
North Korea’s Lazarus Group Launders $900 Million in Cryptocurrency
As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group...
GitHub’s Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack
GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon...
