Security Bulletin

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21412 Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability CVE-2024-21351 Microsoft...

Ransomware expert warns public disclosure gives Rhysida opportunity to strengthen encryption.

Here’s three ways we can create more diversity into cybersecurity and fulfill the staffing needs the industry desperately requires.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The developers behind a widespread worm are nesting further into networks by exploiting Windows escalation opportunities faster than organizations can patch them.

TechCrunch reports that Oklahoma-based casino and hotel resort WinStar had its customers' sensitive data inadvertently leaked by an exposed database owned by Nevada software startup Dexiga, which developed the casino resort giant's My WinStar app.

Updated Raspberry Robin malware emerges Several updates have been introduced to the Raspberry Robin malware, also known as QNAP worm, including its usage of two new exploits for one-day vulnerabilities, tracked as CVE-2023-36802 and CVE-2023-29360...

Three command-and-control servers previously linked to the ALPHV/BlackCat and Black Basta ransomware operations have been leveraged to support the novel Rust-based RustDoor backdoor, which spoofed Visual Studio to facilitate compromise file...

Federal Trade Commission Chair Lina Khan has noted that more aggressive actions will be taken by the agency against data misuse by big tech companies after it was sued by Meta to reverse a rule preventing the monetization of children's information...

More than $10 billion in fraud-related losses were reported by U.S. consumers for the first time in 2023, representing a 14% growth over 2022, even though the number of individuals who reported being targeted by fraud held steady at over 2.6 million...