Security Bulletin

Widespread adoption of artificial intelligence could substantially change U.S. law, several experts said at the InfoSec World 2024 security conference.

Once again, Cisco will be attending Enlit Europe, the leading smart energy event for utilities, technology providers, and industry leaders.

Such a bill, which comes months after the widespread breach of Change Healthcare stemming from the absence of multi-factor authentication, would not only mandate data security audits from the Department of Health and Human Services but also impose...

At least 117 countries were targeted by ransomware intrusions last year, up from 105 in 2022, with Iran, Pakistan, Brazil, and India having the highest growth in ransomware incidence, while recently disrupted LockBit and ALPHV/BlackCat operations...

All of the flaws, which were reported by cybersecurity researcher Simone Margaritelli, are easily remediated and could only be successfully exploited should CUPS be manually activated and attackers obtain access to servers with local network...

Aside from IP addresses and social media details, more than 1,800 plaintext passwords belonging to staffers have also proliferated across the dark web, findings from a joint Proton and Constella Intelligence report showed.

Infiltration of a Michigan Medicine employee account through a malicious multi-factor authentication prompt has enabled attackers to access and exfiltrate emails containing patients' names and medical record numbers, as well as diagnostic or...

As Superman has kryptonite, software has weaknesses — with misconfigurations leading the pack.

Attackers distributed phishing emails with malicious file download links to facilitate compromise with SnipBot, which includes support for more commands than the previous iteration of RomCom RAT.

Intrusions by Kimsuky involved the delivery of spear-phishing emails luring ZIP file downloads and malicious file extraction to facilitate the deployment of the payloads, which are suspected to be of the same author due to source code similarities.

Thousands of Ukrainian devices have been compromised by Gamaredon between 2022 and 2023, primarily through spear-phishing campaigns, an analysis from ESET showed.