DataBreaches
Compton and Broomhead Dental Center alleged victim of cyberattack
It’s one thing to ignore ransom demands from threat actors, but how smart — or foolish — is it to be sarcastic or insulting to those who have...
DataBreaches
It’s one thing to ignore ransom demands from threat actors, but how smart — or foolish — is it to be sarcastic or insulting to those who have...
SC Magazine
The critical flaw is an authentication bug could let users compromise the security of the system.
ZDNet
One of the vulnerabilities -- a Microsoft Windows SAM local privilege escalation vulnerability -- has a remediation date of February 24.
DarkReading
Snowballing PoC exploits for CVE-2023-23397 and a massive attack surface means almost business user could be a victim.
SC Magazine
Cencora maintains there’s no connection between its recent incident and the attack on Change Healthcare.
ZDNet
One of them was rated critical and 10 had a high severity rating.
DarkReading
MGM wins big bet that days of operations outages is better business than paying a ransom, following last month's data breach.
The Record
Several vulnerabilities have been found in popular Wyze Cam devices that give threat actors widespread access to camera feeds and SD cards, according to a new report from cybersecurity firm Bitdefender.
Infosecurity News
95% of security leaders are also concerned about phishing attacks via private messaging apps
SecurityWeek
The Anti-Malware Testing Standards Organization (AMTSO) published guidelines for those looking to check the efficiency and functionality of security products designed to protect IoT devices.
DarkReading
The critical flaw in BackupBuddy is one of thousands of security issues reported in recent years in products that WordPress sites use to extend functionality.
Infosecurity News
Scammers typically obtain mobile numbers from data breaches, social media and data brokers
ZDNet
23 "high-impact vulnerabilities" were discovered by security company Binarly.
Infosecurity News
Phosphorus published a report encapsulating five years of security research and device testing.
DarkReading
The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.
DarkReading
Embarrassing crypto hacks on Mandiant and SEC X accounts the result of the social media platform's upcharge for basic cybersecurity protections, experts say.
SecurityWeek
Ukraine said Russia hacked two surveillance cameras and used them to spy on air defense systems and critical infrastructure in Kyiv.
The Record
The Cybersecurity and Infrastructure Security Agency (CISA) added four new vulnerabilities to its catalog of exploited bugs, including the much-discussed “Spring4Shell” remote code execution (RCE) vulnerability.
ThreatPost
Every major Linux distribution has an easily exploited memory-corruption bug that’s been lurking for 12 years – a stunning revelation that’s likely to be followed soon by in-the-wild exploits. Found in polkit’s pkexec – a tool for controlling system-wide privileges in Unix-like operating systems that allows a user to execute commands as another user, serving
ZDNet
A record 18,378 vulnerabilities were reported in 2021 but the number of high severity vulnerabilities was lower than 2020.
ThreatPost
An oversight in a WordPress plug-in exposes PII and authentication data to malicious insiders.
DarkReading
Incident prompts Ukraine's security service to ask webcam operators in country to stop live broadcasts.
DarkReading
Event organizers should be exercising various cyberattack scenarios to ensure they have the proper checks and balances in place to respond accordingly and maintain resilience.
CyberSecurity Dive
For enterprises, the security priority remains doing more with less and finding tools that offer greater areas of coverage and integration.
Infosecurity News
The breach was discovered on February 21 2024, according to an SEC filing published on the same day
ThreatPost
Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable.
Infosecurity News
The Doctor Web team unveiled information about the malware in an advisory published on Monday
ZDNet
Collectively, ICS-CERT scored these vulnerabilities a 10.0, its highest criticality score.
DarkReading
The bug affects several Aiphone GT models using NFC technology and allows malicious actors to potentially gain access to sensitive facilities.
Infosecurity News
Unauthorized actors breached health data, including details related to dental procedures and claims
ZDNet
One of the vulnerabilities can be exploited to escalate privilege to gain root privileges, according to Qualys.
ThreatPost
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.
DarkReading
Ambient light sensors on smart-device screens can effectively be turned into a camera, opening up yet another path to snooping on unwitting victims.
DarkReading
Cybercrime group that often uses smishing for initial access bypassed traditional OS targeting and evasion techniques to directly gain access to the cloud.
The Record
Palo Alto Networks is urging customers to patch a line of firewall products after finding that the vulnerability was used in a DDoS attack.
DarkReading
Ransomware and other financially motivated threat actors joined nation-state-backed groups in leveraging unpatched flaws in attack campaigns, new data shows.
DarkReading
The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice.
The Record
Microsoft is denying reports from a cybersecurity firm that there are issues with the Electronic Codebook (ECB) mode within Microsoft Office 365 Message Encryption.
DarkReading
The growing use of mobile devices for MFA and the proliferation of 5G and VoIP in general could result in more attacks in future, experts say.
ThreatPost
Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access.