Fortra recently announced patches for a critical-severity SQL injection vulnerability in FileCatalyst Workflow that could allow attackers to create administrative user accounts.  The company said the vulnerability is tracked as CVE-2024-5276 (CVSS score of 9.8), affecting FileCatalyst Workflow version 5.1.6 Build 135 and earlier.  The company noted that the issue could also be exploited to modify application data.  The company noted that using this vulnerability, data exfiltration via SQL injection is impossible.

TeamViewer, a remote connectivity software provider, has detected a corporate network compromise, and some reports suggest that the Russian group "APT29," also known as "Cozy Bear" and "Midnight Blizzard," is responsible for the attack. APT29 is a Russian state-sponsored threat group known for high-impact attacks on major organizations. This article continues to discuss the TeamViewer corporate network hack and the group believed to be behind it.

Mobile devices are vulnerable to data theft and Denial-of-Service (DoS) attacks due to flaws in 5G technologies. A team of seven Penn State University researchers discovered how hackers can go beyond sniffing a user's Internet traffic by providing the user's Internet connection. The hackers could then conduct phishing, eavesdropping, and more. According to the team, the attack is quite accessible, involving commonly overlooked vulnerabilities and equipment that can be purchased online.

A threat actor called "Unfurling Hemlock" has infected target systems with up to ten pieces of malware. Outpost24's KrakenLabs, who discovered the operation, calls the infection method a "malware cluster bomb" because the threat actor uses one malware sample to spread more on the compromised machine. This method delivers information stealers, botnets, and backdoors. KrakenLabs found over 50,000 "cluster bomb" files that appear to be linked to the Unfurling Hemlock group. This article continues to discuss findings regarding Unfurling Hemlock's attack operation.

Healthcare revenue cycle management services provider Designed Receivable Solutions (DRS) has recently informed authorities that the number of individuals impacted by a recent data breach has increased to 585,000.  The company detected an intrusion in its network on January 22, 2024. An investigation revealed that hackers had accessed and stolen files from its systems, including protected health information and personally identifiable information.

Ann & Robert H. Lurie Children’s Hospital of Chicago recently started to inform hundreds of thousands of individuals that their personal and health information has been compromised due to a ransomware attack.  The children’s hospital took many of its systems offline in late January in response to a cyberattack.  The incident resulted in limited access to medical records, disruptions to a patient portal, and hampered communications.

According to Skybox Security, in 2023, over 30,000 new vulnerabilities were published, with one emerging about every 17 minutes (around 600 per week). The average time to patch was found to be over 100 days, and 75 percent of new vulnerabilities were exploited in 19 days or less. These findings emphasize the need for continuous exposure management and modern vulnerability mitigation to combat cyberattacks. This article continues to discuss key findings from Skybox Security regarding vulnerability and threat trends.

According to a study by the Network Detection and Response (NDR) specialist Corelight, European Information Technology (IT) leaders disagree on the value of generative Artificial Intelligence (GenAI) in cybersecurity. For the report "Generative AI in Security: Empowering or Divisive?," Corelight surveyed 300 IT decision-makers in the UK, France, and Germany, finding that technology inspires optimism and worry almost equally. About 46 percent of respondents are actively exploring how to use the technology in cybersecurity.

A new Bugcrowd report titled "Inside the Mind of a CISO 2024" highlights findings from a survey of 209 security leaders to understand modern Chief Information Security Officers' (CISO) thinking, operations, and motivations. The latest Bugcrowd report shows that only 18 percent of security leaders prioritize "avoiding breaches at all costs," while over 30 percent aim to build a security brand for competitive advantage.

Certain versions of GitLab Community and Enterprise Edition products have a critical vulnerability that enables attackers to run pipelines as any user. GitLab pipelines are a feature of the Continuous Integration/Continuous Deployment (CI/CD) system that allows users to automatically run processes and tasks in parallel or sequence to build, test, or deploy code changes. The last update addressed the security issue that an attacker could use to trigger a pipeline as another user under certain conditions. This article continues to discuss findings regarding the critical GitLab bug.