Security Bulletin

Security pros say it will take “days” to fix the recent CrowdStrike outage.

Private sector organizations are "hesitant" to seek guidance from the Coast Guard, which isn't sufficiently equipped to help them yet.

As threat actors get smarter about how they target employees, the onus is on organizations to create a strong line of defense — and the human element is a critical component.

According to Mandiant, among the many cyber espionage tools the threat actor is using is a sophisticated new dropper called DustTrap.

Attackers are more likely to target critical infrastructure industries and, when they do, they cause more disruption and ask higher ransoms, with the median payment topping $2.5 million.

Such a significant increase in victimization comes amid a 14% increase in the number of data breaches, as well as a 23% growth in driver's license data exfiltration between the first half of 2023 and the first half of 2024, according to a report from...

However, allegations of SolarWinds' securities fraud based on its security statement were sustained by the judge.

Attackers were noted by WazirX to have compromised the platform's security defenses before proceeding with the asset siphoning activities.

Transport, broadcasters, and financial systems reportedly affected by Microsoft outage.

Aside from performing code injections into remote processes, the distributed kernel driver also allows system data exfiltration to a remote server connected to Hubei Dunwang Network Technology Co., Ltd, according to an ESET analysis.

The U.S. Postal Service has confirmed halting the sharing of its online customers' postal addresses with Meta, Snap, and LinkedIn following a TechCrunch report detailing its disclosure of customer details via tracking pixels across its website.

Most domains created by Revolver Rabbit contained at least one dictionary word and a five-digit number separated from each other by a dash, a report from Infoblox showed.