Security Bulletin

A painful recovery from arguably one of the worst IT outages ever continues, and the focus is shifting to what can be done to prevent something similar from happening again.

An exploit sold on an underground forum requires user action to download an unspecified malicious payload.

In April, an OS command injection vulnerability in various D-Link NAS devices was made public [1]. The vulnerability, %%CVE:2024-3273%% was exploited soon after it became public. Many of the affected devices are no longer supported.

A unified standard is essential for realizing the full potential of SBOMs in enhancing software supply chain security.

Here's a dose of reality from those on the frontlines and how they're coping.

Linx has touted its platform to significantly ease the discovery and removal of unused employee accounts.

While the purchase deal would have increased the startup's $12 billion valuation by almost twofold, Wiz intends to focus more on reaching $1 billion in annual recurring revenue, said Wiz co-founder Assaf Rappaport in a memo to employees.

U.S. sanctions imposed against Russian state-backed hacktivist operation Cyber Army of Russia Reborn's leader Yuliya Pankratova and primary hacker Denis Degtyarenko for their involvement in critical infrastructure cyberattacks were dismissed by...

"This trend might also be perpetuated by the wider availability and increased quality of AI tools that lack prompt filtering, which cybercriminals can use to quickly assemble and debug their code," said Europol.

Installation of AsyncRAT and BOINC occurs at the last part of the multi-stage attack, with the latter facilitating system information exfiltration after establishing a connection with a remote server.