Source: www.securityweek.com – Author: Ionut Arghire GitLab has resolved a critical authentication vulnerability allowing attackers to hijack password reset emails. The post GitLab Patches Critical Password...
Author:
Laptop Maker Framework Says Customer Data Stolen in Third-Party Breach – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Device maker Framework is notifying users that their personal information was stolen in a data breach at its external accounting...
New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners. The post New Class of...
Russian Hackers Likely Not Involved in Attacks on Denmark’s Critical Infrastructure – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Researchers find no direct link between Russian APT Sandworm and last year’s attacks on Denmark’s critical infrastructure. The post Russian...
Apple Patches Keystroke Injection Vulnerability in Magic Keyboard – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Apple’s latest Magic Keyboard firmware addresses a recently disclosed Bluetooth keyboard injection vulnerability. The post Apple Patches Keystroke Injection Vulnerability...
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Chinese APT Volt Typhoon appears engaged in new attacks against government entities in the US, UK, and Australia. The post...
CISA Urges Patching of Exploited SharePoint Server Vulnerability – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire CISA has added a critical Microsoft SharePoint Server flaw (CVE-2023-29357) to its Known Exploited Vulnerabilities catalog. The post CISA Urges...
Cisco Patches Critical Vulnerability in Unity Connection Product – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Cisco Unity Connection flaw could allow remote, unauthenticated attackers to upload arbitrary files and execute commands on the system. The...
HMG Healthcare Says Data Breach Impacts 40 Facilities – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire The compromised information includes names, contact information, dates of birth, health information, medical treatment details, Social Security numbers, and employee...
Kyocera Device Manager Vulnerability Exposes Enterprise Credentials – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire An improper input validation flaw in Kyocera Device Manager allows attackers to capture credentials, compromise accounts. The post Kyocera Device...
SAP’s First Patches of 2024 Resolve Critical Vulnerabilities – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire SAP has released patches for critical vulnerabilities in Business Application Studio, Web IDE, and Edge Integration Cell. The post SAP’s...
Android’s January 2024 Security Update Patches 58 Vulnerabilities – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Android’s first security update of 2024 resolves high-severity elevation of privilege and information disclosure vulnerabilities. The post Android’s January 2024...
CISA Warns of Apache Superset Vulnerability Exploitation – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire CISA has added a critical-severity Apache Superset flaw (CVE-2023-27524) to its Known Exploited Vulnerabilities catalog. The post CISA Warns of...
Turkish Hackers Target Microsoft SQL Servers in Americas, Europe – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Researchers at Securonix warn that Turkish threat actors are targeting organizations in the Americas and Europe with ransomware campaigns. The...
LoanDepot Takes Systems Offline Following Ransomware Attack – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Mortgage lending firm LoanDepot has disclosed a cyberattack resulting in data encryption and system disruptions. The post LoanDepot Takes Systems...
Ransomware Gang Claims Attack on Capital Health – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire The LockBit ransomware gang claims to have stolen over 7 terabytes of data from hospital system Capital Health. The post...
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire QNAP has released patches for a dozen vulnerabilities in its products, including several high-severity flaws. The post QNAP Patches High-Severity...
Turkish Cyberspies Targeting Netherlands – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Turkish state-sponsored group Sea Turtle has been targeting multiple organizations in the Netherlands for espionage. The post Turkish Cyberspies Targeting...
Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks. The post...
Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Global law firm Orrick, Herrington & Sutcliffe disclosed a data breach that affects a roughly 600,000 individuals. The post Law...
New ‘SpectralBlur’ macOS Backdoor Linked to North Korea – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire SpectralBlur is a new macOS backdoor that shows similarities with North Korean hacking group’s KandyKorn malware. The post New ‘SpectralBlur’...
Ivanti Patches Critical Vulnerability in Endpoint Manager – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire CVE-2023-39336, a critical vulnerability in Ivanti EPM, may lead to device takeover and code execution on the server. The post...
Nigerian Arrested, Charged in $7.5 Million BEC Scheme Targeting US Charities – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire A Nigerian national arrested in Ghana faces charges in the US for a BEC scheme involving two charitable organizations. The...
Vigilant Ops Raises $2 Million for SBOM Management Platform – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Vigilant Ops receives $2 million seed investment from DataTribe to help organizations manage SBOMs. The post Vigilant Ops Raises $2...
Google Patches Six Vulnerabilities With First Chrome Update of 2024 – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Google has released a Chrome 120 update to resolve six vulnerabilities, including four reported by external researchers. The post Google...
4.5 Million Individuals Affected by Data Breach at HealthEC – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire HealthEC says personal information received from business partners was compromised in a July 2023 data breach. The post 4.5 Million...
Estes Express Lines Says Personal Data Stolen in Ransomware Attack – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Estes Express Lines is informing over 21,000 individuals that their personal information was stolen in a ransomware attack. The post...
Over 900k Impacted by Data Breach at Defunct Boston Ambulance Service – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire The personal information of more than 900,000 individuals was stolen in a data breach at Fallon Ambulance Service. The post...
Several Infostealers Using Persistent Cookies to Hijack Google Accounts – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire A vulnerability in Google’s authentication process allows malware to restore cookies and hijack user sessions. The post Several Infostealers Using...
Palestinian Hackers Hit 100 Israeli Organizations in Destructive Attacks – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire A group of claimed Palestinian state cyber warriors has hit over 100 Israeli organizations with wipers and data theft. The...