Security Bulletin

Investigation into the data possibly compromised in the intrusion is still underway but operations of the agency were not impacted, according to an agency spokesperson, who reassured the safety of flights across the country while adding that...

Infiltration of certain CBIZ databases through the exploitation of a web page vulnerability enabled the theft of individuals' names, birth/death dates, Social Security numbers, contact details, retiree health information, and welfare plan details...

Attackers compromised TDSB's technology testing environment and obtained access to individuals' names, grades, email addresses, birthdates, school names, and student numbers.

Such a flaw, tracked as CVE-2024-4885, stems from improper user input validation of the GetFileWithoutZip method adopted by WhatsUp Gold, noted Summoning Team, which identified and disclosed the issue.

Join KB, Head of Cybersecurity Journalism at KBI.Media, in Cisco Networking Academy's Women Rock-IT webinar this October. Discover how AI is revolutionizing cybersecurity and empowering women in tech.

Data leaked by the threat actor "Satanic" was divided into three CSV files, the first of which contained the full names, phone numbers, phone carriers, country, city, and timezone details, and unique record identifiers for 646,442 individuals around...

Attacks by the first threat actor involved abuse of the flaw to deploy the XMRig miner while the second threat actor leveraged a shell script to facilitate miner delivery across a targeted environment's accessible endpoints.

Threat actors distributed phishing emails with malicious ZIP files containing a Word-spoofing LNK file purporting to be a list of individuals who committed remote control software regulation violations, which facilitates the deployment of a Microsoft...

Attacks by the RaaS operation commence with the infiltration of ScreenConnect via stolen or brute-forced credentials, as well as an IP address previously associated with the Brutus botnet, to facilitate the distribution of the Cicada3301 ransomware.

Social engineering schemes have been leveraged by Citrine Sleet to lure targets into visiting a website that triggered the exploit, which enables not only the deployment of the rootkit but also of a shellcode for the Windows kernel privilege...

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.