Security Bulletin

The threat actors managed to gain access to Sen. Ben Cardin (D-Md.) by posing as a Ukrainian official, before quickly being outed.

By combining agility with compliance, and security with accessibility, businesses will treat their data as a well-prepared traveler, ready for any adventure.

While the legislation has been opposed by Google and OpenAI due to additional burdens, such disapproval from Newsom has been regarded by bill sponsor Sen. Scott Wiener to be a step back in AI regulations.

Check Point Research researchers discovered that installation of the fake WalletConnect app triggers a wallet connection request and the stealthy activation of the MS Drainer toolkit, which then conducts token and NFT scanning and exfiltration...

Passwords should never be kept in plaintext due to potential exploitation, according to Irish DPC Deputy Commissioner Graham Doyle. Meanwhile, Meta noted the prompt remediation of the security issue.

All NVIDIA Container Toolkit versions up to 1.16.1 and GPU Operator instances up to version 24.6.1 are impacted by the flaw, which stems from the absence of secure containerized GPU isolation from the host that exposes sensitive host file system and...

Attacks involved the distribution of malicious Russian-language HTML files impersonating TrueConf and VK Messenger apps, which when opened stealthily downloads a password-protected ZIP file with a nested RarSFX archive that launches DCRat.

Bounties of up to $10 million have also been introduced by the U.S. State Department for any information about the hackers — who were noted by a joint federal statement to have shared stolen Trump campaign materials with individuals previously linked...

With Microsoft AD being mostly targeted via Kerberoasting, AS-REP roasting, and password spraying attacks, as well as Microsoft Entra Connect, GPP password, MachineAccountQuota, and certificate service compromise, organizations should leverage...

Productivity has a downside: A shocking number of employees share sensitive or proprietary data with the generational AI platforms they use, without letting their bosses know.

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-25280 D-Link DIR-820 Router OS Command Injection Vulnerability CVE-2020-15415 DrayTek Multiple Vigor Routers OS...

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its Vulnerability Disclosure Policy (VDP) Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout...