Security Bulletin

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The first half of 2024 recorded an increase in ransomware payouts.

The vulnerability affects Veeam Backup for Salesforce, AWS, Microsoft Azure, Google Cloud and more.

While infostealers are often seen as less dangerous compared with trojans, they can exfiltrate sensitive data, leading to data breaches.

Phishing is always a "whack the mole" like game. Attackers come up with new ways to fool victims. Security tools are often a step behind. Messages claiming to collect unpaid tolls are one current common theme among phishing (smishing?) messages. I...

New research highlights how bad actors could abuse deleted AWS S3 buckets to create all sorts of mayhem, including a SolarWinds-style supply chain attack.

Teams need to adapt their vulnerability management programs to the reality that most of their business today runs on the internet.

Cisco IOS XE offers advanced programmability and automation capabilities that simplify network management and reduce complexity. By utilizing open standards-based APIs such as NETCONF, RESTCONF, and… Read more on Cisco Blogs

Aside from obtaining access to the Treasury Department's payment system for managing federal system, DOGE was also alleged by Office of Personnel Management employees of having installed an improperly vetted private server that could potentially...

Included in the affected CPE Series router models were VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300, and SBG3500, according to Zyxel.

A sophisticated cyberattack campaign is targeting organizations that still rely on Active Directory Federation Services (ADFS) for authentication across applications and services.