News
-
"New Gangs and New Tactics Mean More Victims of Ransomware"According to the latest 2022 Bi-Annual Cyber Threat Report from Deep Instinct, ransomware actors have been forming affiliate gangs and employing new tactics to draw more victims. The report reveals changes in ransomware gangs such as LockBit, Hive,…
-
"US Agencies Issue Guidance on Responding to DDoS Attacks"The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have recently released joint guidance for responding to distributed denial-of-…
-
"FTC Orders Chegg to Improve Security Following Multiple Data Breaches"The Federal Trade Commission (FTC) recently announced that it has reached an agreement with education technology provider Chegg over the company’s cybersecurity failures leading to several data breaches. Chegg is based in California and provides…
-
"ESF Partners, NSA, and CISA Release Software Supply Chain Guidance for Suppliers"The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and Office of the Director of National Intelligence (ODNI) have released Securing the Software Supply Chain: Recommended Practices Guide for Suppliers. The…
-
"Researchers: 'CosMiss' Vulnerability Affecting Microsoft Azure Cosmos DB Could Give Attacker RCE Privileges"Researchers at Orca Security discovered a critical vulnerability in Azure Cosmos DB, a Microsoft-owned NoSQL database used for app development, in which authentication checks were missing from Cosmos DB Notebooks. According to the researchers, the "…
-
"Samsung Galaxy Store Flaw Could Have Allowed Installing Malicious Apps on Target Devices"A now-patched vulnerability in Samsung's Galaxy Store app could have resulted in remote command execution on affected phones. The flaw is a cross-site scripting (XSS) bug that can be triggered when certain deep links are handled. The flaw affected Galaxy…
-
"Bed Bath & Beyond Investigating Data Breach After Employee Falls for Phishing Attack"Bed Bath & Beyond recently revealed in an SEC filing that it suffered a data breach after an employee fell victim to a phishing attack. The retailer has only shared a few details as the investigation is ongoing. The company stated that it…
-
"OT/ICS Cybersecurity Threats Remain High"Organizations' security postures have significantly matured in response to Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity threats. According to the SANS 2022 OT/ICS Cybersecurity Report, a Nozomi Networks-sponsored SANS…
-
"Cyberattacks in Healthcare Sector More Likely to Carry Financial Consequences"Netwrix released additional findings from its global 2022 Cloud Security Report for the healthcare sector, revealing that 61 percent of respondents in the healthcare industry experienced a cyberattack on their cloud infrastructure in the previous 12…
-
"Hackers Selling Access to 576 Corporate Networks for $4 Million"According to a new report, hackers are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000. The findings come from the Israeli cyber-intelligence firm KELA, which published its Q3 2022 ransomware report,…
-
"Cyberattack Strikes Global Copper Conglomerate"Aurubis, a global recycler and provider of copper, has assured its customers that a cyberattack on October 28 did not halt production, but it did temporarily shut down the entire company's systems. According to the Aurubis corporate website, the company…
-
"Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution"ConnectWise, an IT service management software platform, has released software patches to address a critical security vulnerability in Recover and R1Soft Server Backup Manager (SBM). The vulnerability, defined as the neutralization of Special Elements in…