Month: October 2023

Malware & Threats

Issued by: SecurityWeek

The charges stem from alleged fraud and internal control failures related to known cybersecurity weaknesses that took place between the company’s October 2018 initial public offering (IPO) and its December 2020 revelation of a sophisticated cyberattack dubbed “SUNBURST.” The software supply chain cyberattack involved Russia-linked threat actors breaching SolarWinds systems in 2019, or possibly even…

Application Security

Issued by: Dark Reading

Researchers have developed a side-channel exploit for Apple CPUs, enabling sophisticated attackers to extract sensitive information from browsers. Side-channel attacks are usually overlooked, often physical counterparts to traditional software hacks. Rather than an unsecured password or a vulnerability in a program, they take advantage of the extra information a computer system or hardware generates —…

Cloud Security

Issued by: Dark Reading

As organizations increasingly move their data and workloads to the cloud, securing cloud identities has become paramount. Identities are the keys to accessing cloud resources, and, if compromised, they enable attackers to gain access to sensitive data and systems. Most attacks we see today are client-side attacks, in which attackers compromise someone’s account and use…

Malware & Threats

Issued by: Dark Reading

“One of the most dangerous financial criminal groups” — and growing in sophistication. That is Microsoft’s assessment of the 0ktapus cyberattack collective, which was most recently in the news for carrying out the strikingly disruptive MGM and Caesars Entertainment ransomware hits. The English-speaking group (aka Scatter Swine, UNC3944 or, as Microsoft calls it, “Octo Tempest”)…

Malware & Threats

Issued by: DataBreach Today

The volume of known ransomware attacks surged last month to record-breaking levels, security researchers report. Ransomware groups collectively listed 514 victims on their data-leak sites in September, breaking the previous record in July of 502 victims, said U.K. cybersecurity firm NCC Group. The firm reports that “major drivers of this activity” include newer groups such…

Vulnerabilities

Issued by: Dark Reading

VMware urged customers to update VMware vCenter Servers against a critical flaw that could potentially lead to remote code execution (RCE) and assigned a CVSS severity score of 9.8. The vCenter Server flaw, tracked under CVE-2023-34048, could allow an attacker with network access the ability to trigger an out-of-bounds write, the VMware advisory explained. Software…

Vulnerabilities

Issued by: DataBreach Today

Vulnerability management plays a critical role in ensuring the security and integrity of telecommunications networks. With the ever-evolving threat landscape and increasing sophistication of cyberattacks, effective vulnerability management is essential for telecommunications companies. But the unique characteristics of the telecommunications industry pose significant challenges to the implementation of robust vulnerability management programs. Vulnerability Management Challenges…

Malware & Threats

Issued by: DataBreach Today

The data leak and negotiation sites for the Ragnar Locker ransomware group went offline Thursday after an international law enforcement operation seized its infrastructure. Law enforcement agencies participating in the crackdown include the FBI, as well as authorities in France, Germany, Italy, Spain and the Netherlands, backed by Europol’s European Cybercrime Center as well as…