Security Bulletin

Organizations in the critical national infrastructure sectors had mean and median ransomware payments reach $3.225 million and $2.54 million this year, respectively, representing a sixfold and 41-fold increase over the past year.

Attackers who infiltrated MNGI's systems were able to obtain individuals' names, birthdates, Social Security numbers, passport numbers, driver's license and state ID numbers, biometric information, health insurance details, financial account data...

Included in the compromised information were customers' names, email addresses, and phone numbers, which have been verified to be legitimate by BleepingComputer amid a lack of comment from Life360.

Such a vulnerability, tracked as CVE-2024-20419, could be exploited to facilitate web UI or API access and eventually allow the unauthenticated creation of new user passwords, according to Cisco.

Threat actors leveraged an Apple macOS disk image file spoofing the MiroTalk video call service to facilitate the distribution of BeaverTail.

Exploitation of the security issue could potentially enable sandbox restriction evasion and eventual server takeovers.

CyberScoop reports Interpol's crackdown on West African cyber fraud and organized crime as part of Operation Jackal III aimed at combating mounting financial fraud across the region has led to 300 arrests across five continents.

Attackers leveraged an updated version of the Demodex kernel-level rootkit with more advanced tools and obfuscation techniques to compromise an unnamed organization's network.

Cisco Networking Academy launches Discovering Entrepreneurship to help ignite the entrepreneurial spirit across Latin America. ¡Despierta el espírtu emprendedor en ti!

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Subnet Solutions Inc. Equipment: Subnet PowerSYSTEM Center Vulnerability: Prototype Pollution 2. RISK EVALUATION Successful exploitation of this...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Philips Equipment: Vue PACS Vulnerabilities: Out-of-bounds Write, Deserialization of Untrusted Data, Uncontrolled Resource Consumption, Improper...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: MELSOFT MaiLab Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of...