Security Bulletin

Major French health provider Hôpital de Cannes - Simone Veil, or CHC-SV, has confirmed dismissing the demands issued by the LockBit ransomware operation following an attack last month, which resulted in the disruption of nearly 30% of non-urgent...

Despite being crucial in bolstering cyber awareness, the Cybersecurity and Infrastructure Security Agency's cyber incident reporting draft rule — which would mandate critical infrastructure entities to make cyber incident and ransomware disclosures...

Australian flag carrier Qantas had their customers' information unintentionally leaked as a result of a technology issue in its mobile app, CNBC reports.

Establishing a robust BYOD security strategy is imperative for organizations aiming to leverage the benefits of a mobile-first workforce while mitigating associated risks.

BleepingComputer reports that major Asian-American restaurant company Panda Restaurant Group, which counts Panda Express and Hibachi-San as its subsidiaries, had the personal data of its current and former associates compromised following a breach of...

Major file hosting service Dropbox had information from users of Dropbox Sign, previously known as HelloSign, compromised following a cyberattack against the e-signature service provider late last month, reports The Record, a news site by...

Security Affairs reports that attacks with the novel Cuttlefish malware have been deployed against enterprise-grade small office/home office routers between October 2023 and April 2024 to facilitate the exfiltration of public cloud authentication...

Reemergent Zloader trojan has been updated once again by its operators to include an anti-analysis feature restricting binary execution to compromised machines, which is similar to one observed in exposed Zeus banking trojan 2.x source code...

Ongoing intrusions targeting GitLab instances impacted by the maximum severity account takeover vulnerability, tracked as CVE-2023-7028, have prompted the flaw's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited...

DMARC adoption is more important than ever following Google's and Yahoo's latest mandates for large email senders. This Tech Tip outlines what needs to be done to enable DMARC on your domain.

Weaponizing Microsoft's own services for command-and-control is simple and costless, and it helps attackers better avoid detection.

A recent campaign targeting Middle Eastern government organizations plays standard detection tools like a fiddle. With cyberattackers getting more creative, defenders must start keeping pace.