Security Bulletin

Organizations are struggling to enforce security policies outside of traditional office environments, particularly concerning identity and access management, which is further complicated by the use of unsecured home networks and personal devices.

More robust identity and access management practices are crucial, especially as remote work environments often lack the security measures found in corporate settings.

Infiltration of the vendor's systems between October and November exposed not only individuals' names, ages, and addresses, but also photographs, medical cannabis cards, driver's license numbers, and passport numbers, said STIIIZY in a breach notice...

The communications industry logged the highest increase in CyHy enrollment between 2022 and 2024, followed by the emergency services, critical manufacturing, and water and wastewater sectors, the CISA report revealed.

TikTok and its parent firm ByteDance have been accused by U.S. Solicitor General Elizabeth Prelogar of gathering exorbitant amounts of data from its 170 million American users, which could be misused for espionage and extortion during a Friday...

Telefónica, which is Spain's leading multinational telecommunications firm, has acknowledged unauthorized access to its internal ticketing system following the exposure of the company's Jira database on a hacking forum by threat actors DNA, Pryx...

Additional information has been scant but the intrusion, which comes amid growing Slovakia-Ukraine hostility, was found to be strongly linked to Ukraine, according to Takac, who noted the use of backups to recover impacted systems while reassuring...

Numerous Italian organizations had their websites disrupted in distributed denial-of-service attacks launched by pro-Russian hacktivist operation NoName057(16) over the weekend in retaliation to Italy's continued support to Ukraine.

Attacks by RedDelta commence with spear-phishing emails using Mongolian flood protection, Taiwanese presidential candidate Terry Gou, and an Association of Southeast Asian Nations meeting as lures that contain malicious MSI, MSC, and LNK files to...

New year, same story. Despite Ivanti's commitment to secure-by-design principles, Chinese threat actors are exploiting its edge devices for the nth time.

New year, same story. Despite Ivanti's commitment to secure-by-design principles, threat actors — possibly the same ones as before — are exploiting its edge devices for the nth time.