Security Bulletin

Cyberattacks on critical infrastructure targeting IoT and OS networks are increasing in sophistication, while ICS vulnerabilities surge, new data shows.

Conti-linked Akira and Phobos-related 8Base were the most prolific ransomware groups among the 25 new operations that emerged last year, according to The Register.

External cybersecurity solutions provider ZeroFox has agreed to a nearly $350 million all-cash acquisition deal from tech-oriented private equity firm Haveli Investments, which is poised to be finalized by the first six months of the year...

Volt Typhoon is positioning itself to physically disrupt and cripple US critical infrastructure by gaining access to operational technology networks in the energy, water, communications, and transportation sectors, according to CISA.

AnyDesk has emphasized the safety of all its remote monitoring software versions obtained from legitimate sources, as well as noted the lack of any evidence suggesting any customer data compromise following a cyberattack last week, which it said only...

Microsoft Azure HDInsight has been identified to have its third-party Apache Hadoop, Kafka, and Spark services affected by three security flaws, which stem from Apache Ambari and Oozie software and have already been remediated by Microsoft in updates...

Mozilla has unveiled its new Monitor Plus subscription service that facilitates the automated scanning and removal of personal information from data broker sites, reports TechCrunch.

CyberScoop reports that increasingly prevalent deepfake threats have prompted the White House to strengthen efforts at identifying digitally altered media.

Attacks leveraging fraudulent Facebook job ads have been launched to facilitate the distribution of the new Ov3r_Stealer information-stealing malware that targets credentials, Microsoft Office documents, browser extensions, cryptocurrency wallets...

Potentially significant health data breach hits Viamedis BleepingComputer reports that French healthcare services company Viamedis, which manages payments for 20 million insured individuals across the country, has confirmed having its systems...

More than 2 million jobseekers' personal data and email addresses have been exfiltrated by the ResumeLooters threat operation following SQL injection and cross-site scripting attacks against at least 65 websites, most of which are in the retail and...

However, not everyone agrees with the NVD's assessment of CVE-2023-40547 being a near-maximum severity bug.