Security Bulletin

For the second time in a week, a leading tech firm revealed it was compromised by APT29.

Post-SolarWinds, it's no longer enough for chief information security officers to remain compliant and call it a day.

By combining the strengths of the fraud and security teams, companies can get the visibility – and context – they need to keep their users, customers, and business partners safe.

Security should not be treated as one-size-fits all, and that is doubly true when it comes to security awareness education. Training should be customized by age, learning styles, and preferred media if it is to be effective.

Ransomware attack hits Veolia North America Major global water and wastewater system operator Veolia had some of its internal back-end systems at its North America Municipal Water division impacted by a ransomware attack last week, resulting in the...

Global attacks targeting Ivanti Connect Secure VPN appliances vulnerable to both CVE-2023-46805 and CVE-2024-21887, have been underway, with 492 of 26,000 internet-exposed devices being compromised with backdoors, reports Ars Technica. The U.S...

More than 60 different threat operations, including SocGholish and ClearFake actors, have become affiliates of the massive VexTrio malware brokerage program, making the group the most substantial broker of malicious traffic, The Hacker News reports.

Intrusions by the BianLian ransomware operation during the past year have been refocused on specific targets and involved new attack techniques, according to SiliconAngle.

BleepingComputer reports that antivirus systems have been targeted for deactivation by the newly emergent Kasseika ransomware operation in new Bring Your Own Vulnerable Driver attacks exploiting the TG Soft VirtIT Agent System's Martini driver.

Team project management platform Trello was noted by the Have I Been Pwned? breach notification service to have data from more than 15 million users exposed and peddled on a dark web hacking forum following a data scraping incident this month, Forbes...

CyberScoop reports that Microsoft has been accused of negligence by Sen. Ron Wyden, D-Ore., following the recent hack of its corporate email accounts by Russian state-sponsored threat operation APT29, also known as Cozy Bear.