Security Bulletin
17 Jul 2024
Biztonsági szemle
Training at Black Hat to Focus on Equipping Cybersecurity Leaders With Soft Skills
A two-day presentation will examine the social-behavioral aspects of cybersecurity leadership to drive team success.
17 Jul 2024
Biztonsági szemle
Snowflake Account Attacks Driven by Exposed Legitimate Credentials
Credential management gets a boost with the latest infostealers' extortion campaign built on info stolen from cloud storage systems.
17 Jul 2024
Biztonsági szemle
Disparities in SEC breach disclosure rules evident in CDK Global attack
Recorded Future threat intelligence analyst Allan Liska questioned the lack of materiality determined by Brookfield Business Partners considering the extent of the incident.
17 Jul 2024
Biztonsági szemle
Updated Druva data protection platform bolsters incident response
Druva's introduction of such functionality has been accompanied by the expansion of its free Managed Data Detection and Response service to customers around the world.
17 Jul 2024
Biztonsági szemle
Widespread AT&T breach subjected to bipartisan inquiry
AT&T has been sought by Sens. Richard Blumenthal, D-Conn., and Josh Hawley, R-Mo., to respond to questions concerning the widespread breach of 109 million customers' call detail records stemming from the compromise of its Snowflake environment.
17 Jul 2024
Biztonsági szemle
RansomHub attack against Rite Aid compromises 2.2M
Attackers leveraged stolen employee credentials to infiltrate Rite Aid's network and facilitate the theft of customer data from June 6, 2017, to July 30, 2018.
17 Jul 2024
Biztonsági szemle
Ransomware disrupts Bassett Furniture Industries
In a filing with the Securities and Exchange Commission, Bassett Furniture disclosed that while the operations of its retail stores and e-commerce platforms continue, order fulfillment activities have been affected by the ransomware incident.
17 Jul 2024
Biztonsági szemle
AI Consortium Plans Toolkit to Rate AI Model Safety
An AI consortium consisting of top tech companies will release a toolkit later this year for measuring the safety of generative AI models.
17 Jul 2024
Biztonsági szemle
Accelerating SaaS solution delivery to the U.S. Federal Government
The Federal Operational Security Stack is a centralized framework offering efficiencies when deploying SaaS solutions and services to the U.S. Federal market.
17 Jul 2024
Biztonsági szemle
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-34102 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability CVE-2024-28995 SolarWinds Serv-U Path Traversal Vulnerability CVE-2022-22948 VMware vCenter Server Incorrect Default File Permissions Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Pagination
- Previous page ‹‹
- Page 14
- Next page ››