Security Bulletin

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

I previously used Power BI [ 2] to analyze DShield sensor data and this time I wanted to show how it could be used by selecting certain type of data as a large dataset and export it for analysis. This time, I ran a query in Elastic Discover and...

According to a CRA survey, 50% of healthcare organizations are already using AI tools in their cybersecurity practices.

Malicious apps previously in the Google Play Store enabled theft of messages, files and more.

XCSSET variant features enhanced stealth features that can lead to the exfiltration of sensitive financial information.

Mandiant researchers found the routers of several unnamed organizations (likely telcos and ISPs) were hacked by UNC3886, and contained a custom backdoor called "TinyShell."

The National Institute of Standards and Technology (NIST) released updated differential privacy guidelines for organizations to follow to protect personally identifiable information when sharing data.

Quantum computers could arrive any day, yet it'll take years to swap out vulnerable encryption algorithms for "quantum-safe" replacements. Here's why and how to start the transition now.

A threat actor leveraged the vulnerability in an "extremely sophisticated" attack on targeted iOS users, the company says.

The prolonged attack, which lasted 300+ days, is the first known compromise of the US electric grid by the Voltzite subgroup of the Chinese APT; during it, the APT attempted to exfiltrate critical OT infrastructure data.

In the past, the vulnerability was exploited to drop Mirai botnet malware. Today, it's being used once more for another botnet campaign with its own malware.