Security Bulletin

Despite security updates to protect data, 45% of total enterprise instances of the cloud-based IT management platform leaked PII, internal system details, and active credentials over the past year.

Five ransomware gangs dominated the landscape in 2024 – here’s how to keep them at bay.

The U.S. Department of Justice announced that former Aviation Industry Corporation of China employee Song Wu has been indicted with wire fraud and aggravated identity theft due to his alleged spear-phishing campaigns against the several U.S...

While more than 80% of entities expect intrusions — particularly phishing, data theft, and zero-day malware attacks, to hold steady or increase over the next year — more than half of respondents continue to believe the non-malicious nature of email...

Such an intrusion, which has been conducted alongside Ukrainian hacking group BO Team, resulted not only in the defacement of Osnovanie's website but also the destruction of sensitive server-stored data and a database with 1.5 million electronic...

Despite lacking U.S. port permissions, such cellular modems had been installed on port cranes' Linux computers, enabling data gathering and firewall evasion.

Influence operations by Russian threat groups Storm-1516 and Storm-1679, which previously targeted the Paris Olympic Games, involved the dissemination of fake videos — one of which showed alleged Harris supporters attacking an attendee of a Trump...

Ultimately, the goal of businesses and cyber insurers alike is to build more resilient IT environments to avoid cyberattacks and the ransom, downtime, and reputation hit that come along with them.

Aside from curbing the exploitation of more than 70% of vulnerabilities due to load-time function randomization, RunSafe's solutions have also been touted to reduce workloads via automated vulnerability management, as well as enable integration with...

Investigation by the FCC revealed that AT&T had failed to dispose of customer data shared with the unnamed firm it enlisted for billing and marketing efforts dating back to 2017 and 2018 even though several evaluations from 2016 to 2020 purported the...

Inadequate validation of user-supplied data has caused the vulnerability, which was discovered by Trend Micro Zero Day Initiative researcher Piotr Bazyldo within ARM's JsonSerializationBinder.

American Megatrends keys accounted for most of the vulnerable firmware, followed by those from Insidye and Phoenix, a report from Binarly showed.