Security Bulletin

Stolen Cyberhaven employee credentials used to steal access tokens and business data from users of Facebook ads.

Nine U.S. telecommunications firms were confirmed by U.S. officials to have been compromised by Chinese state-backed threat group Salt Typhoon as part of its sweeping cyberespionage operation, with the newly-added unnamed entity's networks breached...

More than 15,000 internet-exposed Four-Faith F3x24 and F3x36 routers could potentially be compromised in ongoing intrusions exploiting the high-severity operating system command injection flaw, tracked as CVE-2024-12856, according to The Hacker News.

Hackread reports that Cisco had another 4.84 GB of its 4.5 TB dataset compromised from an October breach of an unsecured DevHub portal exposed on Christmas Eve by IntelBroker, who previously leaked 2.9 GB of files from the same trove.

Security Affairs reports that numerous Italian websites — including those of the country's Ministry of Foreign Affairs, the Turin Transport Group, and the Linate and Malpensa airports — have been compromised as part of a distributed denial-of-service...

Utah-based consumer electronics accessories manufacturer ZAGG had its customers' credit card details compromised following a breach of the third-party FreshClicks app available through software-as-a-service e-commerce platform provider BigCommerce...

Cariad, the automotive software firm of Volkswagen Group, had data from nearly 800,000 Volkswagen, Audi, Skoda, and Seat electric vehicles inadvertently leaked by a misconfigured Amazon cloud storage, according to BleepingComputer.

Attacks with the new VBCloud malware have been deployed by Russian state-backed threat operation Cloud Atlas, also known as Clean Ursa, Oxygen, Inception, and Red October, to facilitate data theft against dozens of users, most of whom are in Russia...

The U.S. Department of Justice has finalized a rule banning the sales of Americans' biometric, geolocation, health, genomic, and financial data, as well as U.S. government data to adversarial nations, including China, Russia, Iran, North Korea...

Cyber insurance should augment your cybersecurity strategy — not replace it.

Proactive defenses, cross-sector collaboration, and resilience are key to combating increasingly sophisticated threats.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-3393 Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability These types of vulnerabilities are frequent...