Security Bulletin

Account tokens obtained through the exploitation of a trio of vulnerabilities within Facebook's "View As" feature have enabled the widespread hijacking of Facebook user accounts, according to the Irish data watchdog.

Aside from leading to the deferral of patient care and prescription processing, such an attack against Change Healthcare has also led to the proliferation of malicious actors purporting to be hospital representatives to obtain credit card numbers, as...

Unauthorized systems access has prompted the exfiltration of names and other personal data, said Regional Care in a filing with the Office of the Maine Attorney General that noted the breach's discovery almost a week after the intrusion commenced.

CISA’s mandate for cloud apps starts with Microsoft 365 and will continue on with Google Workspace in early 2025.

Attacks involved impersonation of a user's client through a call on Microsoft Teams that successfully lured targets into downloading AnyDesk following the failed installation of the Microsoft Remote Support app, a report from Trend Micro revealed.

IntelBroker disclosed that the exposed data trove included Cisco's Identity Services Engine security policy platform, Secure Access Service Edge solution, Webex collaboration platform, Umbrella DNS cloud security platform, IOS XE and XR operating...

Bitter leveraged phishing emails with foreign investment project lures to spread a RAR archive containing a shortcut link, which when opened prompted PowerShell execution in alternative data streams and a scheduled task that facilitates malicious...

Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing financial fraud.

Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe.

Working closely with CISOs, chief financial officers can become key players in protecting their organizations' critical assets and ensuring long-term financial stability.

The Russian-based attack group uses legitimate red-team tools, 200 domain names, and 34 back-end RDP servers, making it harder to identify and block malicious activity.