Security Bulletin

The U.S., Russia, and Canada accounted for most of the vulnerable Exim servers, which are on versions 4.97.1 or earlier, according to a report from Censys.

Nearly $15 million of the received payment, which was also confirmed by another source close to the matter, has been reallocated to over 20 addresses across five global exchanges.

While RansomHub admitted to having compromised Rite Aid customers' ID numbers and rewards numbers, Rite Aid emphasized that none of its clients' health information, financial details, and Social Security numbers have been exposed.

Allegedly included in the data dump were messages, files, and data sent by Disney's development team via Slack.

Infiltration of American Golf's systems has purportedly enabled the exfiltration of members' information, user IDs, passwords, and secret keys, as well as emails, licenses, passports, reports, and financial details.

Malicious Microsoft Excel files have been used by threat actors to facilitate the execution of a Samba file share-hosted VBS code.

Several decentralized finance platforms, including Compound Finance, Celer Network, and Pendle, had domains registered with Squarespace impacted by DNS hijacking attacks on Thursday.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-36401 OSGeo GeoServer GeoTools Eval Injection Vulnerability These types of vulnerabilities are frequent attack...

GenAI has created great excitement and promise, but security teams still must grapple with the risks.

I was asked a question about the protection of an .xlsm spreadsheet. I've written before on the protection of .xls spreadsheets, for example in diary entries " Unprotecting Malicious Documents For Inspection" and " 16-bit Hash Collisions in...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Wireshark release 4.2.6 fixes 1 vulnerability ( SPRT parser crash) and 10 bugs.