Security Bulletin

Attacks involved the distribution of malicious Russian-language HTML files impersonating TrueConf and VK Messenger apps, which when opened stealthily downloads a password-protected ZIP file with a nested RarSFX archive that launches DCRat.

Bounties of up to $10 million have also been introduced by the U.S. State Department for any information about the hackers — who were noted by a joint federal statement to have shared stolen Trump campaign materials with individuals previously linked...

With Microsoft AD being mostly targeted via Kerberoasting, AS-REP roasting, and password spraying attacks, as well as Microsoft Entra Connect, GPP password, MachineAccountQuota, and certificate service compromise, organizations should leverage...

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its Vulnerability Disclosure Policy (VDP) Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout...

Productivity has a downside: A shocking number of employees share sensitive or proprietary data with the generational AI platforms they use, without letting their bosses know.

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-25280 D-Link DIR-820 Router OS Command Injection Vulnerability CVE-2020-15415 DrayTek Multiple Vigor Routers OS...

Disinformation spread by deepfakes are rampant in this election cycle – and that’s why the industry needs to help foster AI literacy.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Gmail emails, Google Slides and Google Drive files could be used to manipulate the LLM.

Four vulnerabilities in the Common Unix Printing System (CUPS) could allow for RCE.

The vulnerability is the latest discovered in connected vehicles in recent years, and it points out the cyber dangers lurking in automotive APIs.

Companies that commit to risk management have a strong cybersecurity foundation that makes it easier to comply with the SEC's rules. Here is what you need to know about 8K and 10K filings.