Security Bulletin

Data discovery and classification are foundational for data security, data governance, and data protection.

Despite the shutdown of both chatbots — which provided free access to up to 20 data samples from 31.2 million datasets and PDF-based claim documents — more have emerged to distribute the stolen data.

Investigation conducted alongside blockchain security firm SlowMist noted the theft of nearly $44.7 million as a result of the incident although calculations are still ongoing, said BingX, which emphasized its immediate implementation of urgent asset...

Dell had its internal files claimed to be compromised by the threat actor "grep" just days after the same actor admitted to stealing 10,863 employee records from a breach earlier this month.

The misconfiguration revealed more than 106 million records with U.S. citizens' private information and over 2.3 million MC2 Data subscribers' data.

After obtaining initial access via local or domain account exploitation, Twelve proceeds to leverage Remote Desktop Protocol to facilitate further infrastructure penetration, as well as utilize other tools, including Cobalt Strike, Chisel, Mimikatz...

Such a development comes less than a week after the confirmed exploitation of the high-severity operating system command injection bug in CSA, tracked as CVE-2024-8190, which was believed to have been used alongside another vulnerability due to its...

Aside from leveraging spear-phishing emails, Earth Baxia also exploited the recently addressed critical GeoServer GeoTools flaw, tracked as CVE-2024-36401.

Look for large state governments like New York to lead the way in addressing many of healthcare’s cybersecurity issues, not Congress.

While going over a batch of phishing e-mails that were delivered to us here at the Internet Storm Center during the first half of September, I noticed one message which was somewhat unusual. Not because it was untypically sophisticated or because it...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The APT group uses spear-phishing and a vulnerability in a geospatial data-sharing server to compromise organizations in Taiwan, Japan, the Philippines, and South Korea.