For providers

Intrusions leveraging mass vulnerability scanning to compromise several organizations have accounted for 91% of all cyberattacks this year, compared with 69% in 2023.

Aside from pushing for increased OMB oversight over the utilization of FedRAMP across agencies, which would strengthen cloud-stored data security, the GAO also called for the development of federal guidelines on data inventory management.

Information leaked by the misconfigured database included individuals' full names, emails, phone numbers, encrypted passwords, and verification tokens, as well as join dates and private chats.

Impacted systems were isolated while others were taken down immediately after the discovery of the breach, said Microchip, a U.S. defense industry chip supplier, in a regulatory filing.

Unauthorized access to CannonDesign's network from Jan. 19 to 25 has prompted attackers to exfiltrate names, Social Security numbers, addresses, and driver's license numbers, said the firm in breach notification letters that emphasized the lack of evidence suggesting misuse of the stolen data.

Such a vulnerability, tracked as CVE-2024-5932, could be leveraged by threat actors to facilitate PHP object injection and subsequent Property Oriented Programming chain abuse involving the manipulation of deserialized objects for remote code execution and arbitrary file deletion, a report from Defiant revealed.

Attackers have used automated voice calls, social media ads, and SMS messages to lure targets into downloading the PWAs, which resemble legitimate apps and enable stealthy compromise of devices' camera, microphone, geolocation, and other browser functions, a report from ESET showed.

Blind Eagle's intrusions commence with the distribution of government and financial organization-spoofing phishing emails with malicious attachments containing links that redirect to a website hosting a compressed ZIP archive as an initial dropper following geographical verification, according to a Kaspersky report.

New AnvilEcho PowerShell trojan distribution has been sought by Iranian state-backed threat operation TA453 in a spear phishing attack campaign against a major Jewish personality that commenced late last month.

Infiltration of vulnerable systems via the security issue, which was addressed by PHP maintainers in early June, was followed by the deployment of Msupedge as a pair of dynamic link libraries, an analysis from Symantec's Threat Hunter Team showed.