Security Bulletin

Meanwhile, illicit transactions on three of the leading Russian dark web markets totaled $1.4 billion last year, an increase from 2022, compared with only $100 million amassed by all of the Western dark web markets, which was lower than in 2022, a...

All Telerik Report Server instances before version 10.1.24.709 are affected by the bug, which could be leveraged to facilitate remote code execution, according to Progress Software.

France and Europol's joint operation to dismantle the PlugX worm botnet, which has impacted millions of devices worldwide, involved the usage of a disinfection solution from Sekoia.io.

Included in the impacted data were names, mobile numbers, and SMS opt-out preferences, said BMW Concessionaires in a statement to Hong Kong's Office of the Privacy Commissioner for Personal Data.

While Summerville noted that operations of its municipal departments have not been impacted by the incident, which was immediately contained, the Embargo group admitted to having stolen 1.71 TB of data from the town's Police Department.

Such a package, which has been taken down after accumulating 59 downloads, initially verifies targeted systems to be macOS before checking the machines' Universally Unique Identifier and infiltrating files that have Google Cloud authentication...

Infiltration of the third-party provider's systems between June 3 and 7 allowed threat actors to exfiltrate the customers' certain banking details, including full names, bank account numbers, and routing numbers leveraged for ACH fund transfers.

The campaign lured targets into downloading a fraudulent CrowdStrike Crash Reporter tool as a ZIP file with a trojanized InnoSetup installer.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4879 ServiceNow Improper Input Validation Vulnerability CVE-2024-5217 ServiceNow Incomplete List of Disallowed...

Security teams have to face that the attackers also have AI – here are three ways to more effectively operate in this new environment.

A large text-message phishing attack campaign attributed to the China-based Smishing Triad employs malicious iMessages.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.