For individuals

CISA has added CVE-2024-40766 to its Known Exploited Vulnerabilities catalog.

Because of the high CVSS score and recent issues at Progress with MOVEit transfer, security pros say teams should patch immediately.

Though the company reports that data was exfiltrated in the breach, it has been remained tightlipped regarding the kind of data that was exposed.

Endpoint security has been around for decades, but changes in device use and the quick evolution of new attacks have triggered the development of new security techniques.

Data broker Whitepages has been sued by a retired West Virginia police officer in a class action after it allegedly published his home address, which constitutes a violation of the state's 2021 statute that prohibits the disclosure of addresses and phone numbers from active and retired law enforcement personnel.

Nearly $561,000 worth of Bitcoin, or less than a third of the demanded ransom, has already been sent by Tosan to IRLeaks' cryptocurrency wallet since both parties began negotiations in early August.

Attacks involved the creation of several ads redirecting to spoofed versions of Lowe's MyLowesLife employee portal in a bid to compromise credentials from current and former workers, according to a report from Malwarebytes Labs.

Despite immediately acting to block the infiltration of the targeted business application, attackers' access between Aug. 3 and Aug. 6 enabled the exfiltration of individuals' names and other sensitive details.

More than 120,000 files and over 1.7 million activity logs leaked by the database revealed Confidant Health patients' psychiatry intake notes, medical histories, disclosures of alcohol and other substance abuse, moods, memory, medications, and overall mental state.

Intrusions leveraging the vulnerability have facilitated the distribution of not only the GOREVERSE reverse proxy server but also the Condi malware, the Mirai botnet variant Jenx, and four other cryptocurrency mining payloads.