News

US-CERT Vulnerability Summary for the Week of September 11, 2023

September 18, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infowibu -- codemeter_runtime A heap buffer overflow vulnerability in Wibu CodeMeter Runtime...

The Week in Ransomware – September 15th 2023 – Russian Roulette

September 16, 2023

This week’s big news is the extortion attacks on the Caesars and MGM Las Vegas casino chains, with one having...

ORBCOMM ransomware attack causes trucking fleet management outage

September 16, 2023

9/15/23 update added below. Trucking and fleet management solutions provider ORBCOMM has confirmed that a ransomware attack is behind recent service...

Retool blames breach on Google Authenticator MFA cloud sync feature

September 16, 2023

Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack....

Google extends security update support for Chromebooks to 10 years

September 16, 2023

Google has announced the Auto Update Expiration (AUE) date will be extended from 5 years to 10 for all Chromebooks, guaranteeing...

Cloud Vulnerabilities Surge 200% in a Year

September 16, 2023

IBM tracked 632 new cloud-related vulnerabilities (CVEs) between June 2022 and June 2023, a 194% increase from the previous year,...

Wake-Up Call as 3AM Ransomware Variant Is Discovered

September 16, 2023

Security researchers have discovered a new ransomware variant which was deployed after LockBit was blocked on a victim organization’s network.Symantec’s...

Elon Musk in Hot Water With FTC Over Twitter Privacy Issues

September 16, 2023

Elon Musk is in the crosshairs of US federal regulators over his handling of privacy and security issues since he...

Lazarus Group Blamed For $53m Heist at CoinEx

September 16, 2023

An infamous threat group connected to the North Korean state has been blamed for a major attack on cryptocurrency exchange...

Manchester Police Officers’ Data Breached in Third-Party Attack

September 16, 2023

A ransomware attack on a third-party supplier to Greater Manchester Police (GMP) has exposed personal data of more UK police...

Caesars Entertainment Reveals Major Ransomware Breach

September 16, 2023

Yet another Nevadan casino and hotel chain giant has been compromised by ransomware threat actors, after Caesars Entertainment reported a...

Iranian Threat Group Hits Thousands With Password Spray Campaign

September 16, 2023

An Iranian state-backed APT group carried out a “wave” of cyber-espionage attacks against thousands of global targets over a six-month...

Cloud to Blame for Almost all Security Vulnerabilities

September 16, 2023

Four out of five (80.3%) security vulnerabilities observed in organizations across all sectors come from a cloud environment, Palo Alto...

China’s Malicious Cyber Activity Informing War Preparations, Pentagon Says

September 16, 2023

China’s malicious cyber activity informs its preparations for a potential military conflict with the US, a new report from the...

Pirated Software Likely Cause of Airbus Breach

September 16, 2023

A major data breach at Airbus revealed earlier this week stemmed from a RedLine info-stealer likely hidden in a pirated...

US-CERT Vulnerability Summary for the Week of September 4, 2023

September 15, 2023

High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocanonical_ltd. -- snapd_for_linuxUsing the TIOCLINUX ioctl request, a malicious snap could inject...

Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors

September 15, 2023

Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new...

NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers

September 15, 2023

An ongoing campaign is targeting Facebook Business accounts with bogus messages to harvest victims' credentials using a variant of the...

The Interdependence between Automated Threat Intelligence Collection and Humans

September 15, 2023

The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are...

Google Agrees to $93 Million Settlement in California’s Location-Privacy Lawsuit

September 15, 2023

Google has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations...

Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads

September 15, 2023

The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread...

DDoS 2.0: IoT Sparks New DDoS Alert

September 15, 2023

The Internet of Things (IoT) is transforming efficiency in various sectors like healthcare and logistics but has also introduced new...

Fake Cisco Webex Google Ads abuse tracking templates to push malware

September 15, 2023

Threat actors use Google Ads tracking templates as a loophole to create convincing Webex software search ads that redirect users...

Criminal IP Elevates Payment Security with PCI DSS Level 1 Certification

September 15, 2023

With payment card information being an enticing target for cyber attackers, the safeguarding of payment card transactions is of utmost...

News

US-CERT Vulnerability Summary for the Week of September 11, 2023

The Week in Ransomware – September 15th 2023 – Russian Roulette

ORBCOMM ransomware attack causes trucking fleet management outage

Retool blames breach on Google Authenticator MFA cloud sync feature

Google extends security update support for Chromebooks to 10 years

Cloud Vulnerabilities Surge 200% in a Year

Wake-Up Call as 3AM Ransomware Variant Is Discovered

Elon Musk in Hot Water With FTC Over Twitter Privacy Issues

Lazarus Group Blamed For $53m Heist at CoinEx

Manchester Police Officers’ Data Breached in Third-Party Attack

Caesars Entertainment Reveals Major Ransomware Breach

Iranian Threat Group Hits Thousands With Password Spray Campaign

Cloud to Blame for Almost all Security Vulnerabilities

China’s Malicious Cyber Activity Informing War Preparations, Pentagon Says

US-CERT Vulnerability Summary for the Week of September 4, 2023

Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors

NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers

The Interdependence between Automated Threat Intelligence Collection and Humans

Google Agrees to $93 Million Settlement in California’s Location-Privacy Lawsuit

Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads

DDoS 2.0: IoT Sparks New DDoS Alert

Fake Cisco Webex Google Ads abuse tracking templates to push malware

Criminal IP Elevates Payment Security with PCI DSS Level 1 Certification

CISA: CISA Releases Fact Sheet Detailing Embedded Backdoor Function of Contec CMS8000 Firmware

CISA: CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

CISA: CISA Releases Nine Industrial Control Systems Advisories

CISA: CISA Partners with ASD’s ACSC, CCCS, NCSC-UK, and Other International and US Organizations to Release Guidance on Edge Devices

You may have missed