Security Bulletin

For modern applications built on Kubernetes and microservices, platform engineering is not just about building functional systems but also about embedding security into the fabric of those systems.

Episode 3: On September 11, 2019, two cybersecurity professionals were arrested in Dallas County, Iowa and forced to spend the night in jail -- just for doing their jobs. Gary De Mercurio and Justin Wynn. Despite the criminal charges against them...

While Avis has provided the total number of individuals affected by the incident in its filing with the Office of the Maine Attorney General, it has not specified the nature of the intrusion as well as its impact on employees.

UltraAV touts its antivirus software to include not only zero-day threat detection, application control, ransomware defense, USB drive protection, and anti-phishing defense but also high-risk transaction tracking and real-time authentication...

Washington state K-12 school district Highline Public Schools had all of its schools' operations disrupted by a cyberattack against its technology systems.

Suspected Russia- and Belarus-linked cyber sabotage operation Beregini, which has touted itself as a Ukrainian hacking group, has been dismantled by Poland's security services following an attack against the country's anti-doping agency POLADA last...

Blind Eagle's attacks commence with the distribution of Colombia tax authority-spoofing phishing emails luring recipients into clicking embedded links redirecting to a Google Drive folder-hosted ZIP archive that facilitates BlotchyQuasar execution.

Attackers leveraged a malicious DLL from the Microsoft Word app to retrieve from open-source remote desktop and remote admin software UltraVNC a launcher that would facilitate injections of the CXCLNT malware and CLTEND remote access tool.

Comparable tactics, techniques, and procedures have been leveraged by North Korean threat group Konni, which has been tied to Kimsuky, in its escalating cyberespionage operations against Russia and South Korea.

Mustang Panda leveraged the embedded reverse shell functionality of Visual Studio Code to facilitate command execution, file creation, and malware distribution, as well as reconnaissance and data exfiltration activities.

Thousands of TP-Link and ASUS routers have already been part of Quad7's major 'xlogin' and 'alogin' clusters, while nearly 300 Ruckus wireless devices have been compromised to be included in the 'rlogin' cluster that commenced in June.

Researchers flagged a pair of Gallup site XSS vulnerabilities.