Security Bulletin

Aside from IP addresses and social media details, more than 1,800 plaintext passwords belonging to staffers have also proliferated across the dark web, findings from a joint Proton and Constella Intelligence report showed.

Infiltration of a Michigan Medicine employee account through a malicious multi-factor authentication prompt has enabled attackers to access and exfiltrate emails containing patients' names and medical record numbers, as well as diagnostic or...

As Superman has kryptonite, software has weaknesses — with misconfigurations leading the pack.

Attackers distributed phishing emails with malicious file download links to facilitate compromise with SnipBot, which includes support for more commands than the previous iteration of RomCom RAT.

Intrusions by Kimsuky involved the delivery of spear-phishing emails luring ZIP file downloads and malicious file extraction to facilitate the deployment of the payloads, which are suspected to be of the same author due to source code similarities.

Thousands of Ukrainian devices have been compromised by Gamaredon between 2022 and 2023, primarily through spear-phishing campaigns, an analysis from ESET showed.

Both exchanges are associated with Russian Sergey Sergeevich Ivanov, also known as Taleon, who has allegedly provided money laundering services to threat actors in the last 20 years.

The Black Hat Network Operations Center (NOC) provides a high-security, high-availability network in one of the most demanding environments in the world: the Black Hat event. The NOC partners are selected by Black Hat, with Arista, Cisco, Corelight...

These five best practices are the blocking and tackling of network data security that never go out of style.

A 2024. 39. hetére vonatkozó hírválogatás, amely az NBSZ NKI által 2024.09.20. és 2024.09.26. között kezelt incidensek statisztikai adatait is tartalmazza.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

More than half of employees report receiving no training on secure AI use.