cybersecurity

Vulnerabilities

Issued by: Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Roundcube Webmail Persistent Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2023-43770, to its Known Exploited Vulnerabilities (KEV) catalog. Roundcube is an open-source web-based email client. It provides a user-friendly interface for accessing email accounts via a web browser. Users can send and receive emails, manage their…

Vulnerabilities

Issued by: Dark Reading

The United States Cybersecurity and Infrastructure Security Agency (CISA) has given Federal Civilian Executive Branch agencies 48 hours to rip out all Ivanti appliances in use on federal networks, over concerns that multiple threat actors are actively exploiting multiple security flaws in these systems. The order is part of the supplemental direction accompanying last week’s…

News

Issued by: DataBreach Today

Thousands of students in New Jersey were unable to attend school Monday after a cybersecurity incident caused technical difficulties across the Freehold Township School District, administrators said. Superintendent of Schools Neal Dickstein sent an email to families late Sunday night announcing that classes were canceled for the entire district, which includes an early childhood learning…

Malware & Threats

Issued by: CSO Online

A fast rising ransomware outfit is escalating its activities and has launched a new blog offering victims a variety of payoff options, according to a report released Thursday by Palo Alto Networks’ Unit 42. The new Medusa Blog is used by the group to post stolen data with the threat of exposing the data if…

News

Issued by: DataBreach Today

The European Union adopted a regulation on mandatory cyber hygiene intended to beef up cybersecurity at EU government agencies amid concerns that trading bloc institutions have failed to keep pace with mounting digital threats. Proposed by the European Commission in 2022, the Cybersecurity Regulation lays down uniform cyber compliance requirements for EU institutions, bodies, offices…

Application Security

Issued by: CSO Online

The password manager vendor totally embraces passwordless technology. A top-tier password manager maker is ditching the use of master passwords and offering its users a totally passwordless experience. Dashlane made the announcement Wednesday, saying the feature allows new users to create an account without having to set up and remember a master password. It added…

News

Issued by: Dark Reading

Expect governments to impose greater levels of cybersecurity regulation if businesses cannot defend against major attacks and stop breaches from happening. That’s a prediction from Black Hat founder Jeff Moss, speaking at Black Hat Europe in London this week. He believes that eventually, the world will come to a tipping point where too many highly…

Malware & Threats

Issued by: Dark Reading

DNA testing company 23andMe has released further details surrounding an October data breach, where user profile information had been accessed and downloaded at the hands of a threat actor. On Oct. 1, a threat actor made a post on the Dark Web claiming to possess profile information of 23andMe users; later, the perpetrators released 4…

News

Issued by: Dark Reading

Critical infrastructure in multiple US states may have been compromised by Iran-affiliated attackers targeting programmable logic controllers (PLCs). A warning from the FBI, Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), the Environmental Protection Agency (EPA), and the Israel National Cyber Directorate comes after an attack was detected on a Pennsylvania water authority…