Security Bulletin

Cyber incidents like this highlight the need for tougher action on companies that fail to adequately protect consumer data.

Organizations have been warned by the Cybersecurity and Infrastructure Security Agency regarding ongoing intrusions targeting SolarWinds Web Help Desk instances vulnerable to the critical Java deserialization flaw, tracked as CVE-2024-28986.

While admins could defer MFA enforcement until April 2025 as long as they request to do so between Aug. 15 and Oct. 15, Microsoft warned that such postponement would open admin portals to increased cybersecurity risks.

Information leaked by the misconfigured database included not only individuals' names, birthdates, addresses, and phone numbers, but also their credit amounts, places of payments, and credit utilization data, reported the Cybernews research team.

Investigation into the incident revealed that G-Suite account infiltration was accompanied by discrepancies in corporate accounts, especially among accounting department employees and contractors, and potential access to corporate managers' accounts...

While emergency and public health services, as well as public works activities, continue to be operational, the city's online and credit card systems have been taken down by the ransomware intrusion, noted officials.

Such records — which were initially leaked by USDoD in April — may have included individuals' names, Social Security numbers, phone numbers, email addresses, and mailing addresses that were potentially compromised in a network breach in late December...

Banshee Stealer has been advertised to enable the theft of almost 100 browser extensions' data, iCloud Keychain credentials, and Notes, according to an Elastic Security Labs analysis.

The US needs to seize this moment to set a global standard for responsible and ethical AI, ensuring that technological progress upholds and advances human rights.

Nearly 20 sub-campaigns have been part of Tusk, three of which remain active and leverage a Dropbox-hosted initial downloader to facilitate infostealer infections and personal and financial information compromise, an analysis from Kaspersky revealed.

Attackers also utilized ChatGPT to establish long-form articles and comments regarding Latinx rights in the U.S., the ongoing Israel-Gaza conflict, Israel's Olympic presence, Venezuelan politics, and Scottish independence, all of which have been...

Inadequate protection of the .env files used for web app configuration variable definitions has enabled the compromise of AWS Identity and Access Management and eventual cloud environment access, according to an analysis from Palo Alto Networks.