Security Bulletin

During holidays and slow weeks, teams thin out and attackers move in. Here are strategies to bridge gaps, stay vigilant, and keep systems secure during those lulls.

Growing hesitancy and challenges in conducting immediate intrusion assessments necessary to avoid penalties from the SEC have led to materiality being detailed in only a tenth of incident disclosures this year.

While crypto platforms had already lost $1.5 billion during the first seven months of 2024, cryptocurrency heists have significantly dropped in frequency and size after separate intrusions against DMM Bitcoin and WazirX.

Affected by the vulnerability, which was reported by Horizon3.ai security researcher Zach Hanley.

The misconfigured database also included software development plans, timelines, client interactions, financial records, and communications among Builder.ai's employees.

Details regarding the amount of data stolen from Krispy Kreme have not been provided but Play asserted the theft of the pastry giant's financial information.

More than 30,000 websites were purported to have already been compromised using Araneida.

Investigation into the incident, which was initially detected on Dec. 2, revealed that threat actors leveraged a Remote Support SaaS API key to conduct local app account password resets.

FBI says malware operation is building a botnet out of smart cameras and video boxes.

Cyberattacks against OT/ICS engineering workstations are widely underestimated, according to researchers who discovered malware designed to shut down Siemens workstation engineering processes.

Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files.