Security Bulletin

Attacks commenced with the delivery of malicious emails with PDF attachments linking to file-sharing site-hosted documents, which when opened fetches an MSI installer-containing ZIP archive that prompts Atera Agent installation.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Data memory-dependent prefetching can enable side-channel extraction of cryptographic secrets.

Curious about environmental reporting? Learn how it helps increase transparency and trust, and helps promote best practices.

Solutions Engineer Marcio Costa created a Q&A bot in Webex by integrating it with ChatGPT using OpenAI APIs. Follow along as Marcio explains how he learned the basics of APIs, practiced with Cisco DevNet Learning Labs, and used Webex Connect to...

The Red Report shows the growing sophistication of threat actors to disable a target’s defenses.

Last week, Apple published updates for iOS and iPadOS. At that time, Apple withheld details about the security content of the update. This is typical if future updates for other operating systems will fix the same vulnerability. Apple's...

Security pros say StrelaStealer uses control flow obfuscation — a technique that lets the threat actor better evade detection and reverse engineering.

Dark web marketplace Nemesis Market, which peddles cybercrime services in addition to illegal drugs and illicit goods, was reported by the German Federal Crime Police Office, or BKA, to have been dismantled following a more than a year-long law...

Federal organizations and other entities have been urged by the FBI, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center to proactively combat distributed denial-of-service attacks and be...

Health providers across the U.S. impacted by cyberattacks would be able to receive advanced payments from the Centers for Medicare & Medicaid Services as long as they meet minimum cybersecurity standards under new legislation introduced by Senate...

Nearly 60 cryptocurrency heists conducted by North Korean state-sponsored threat operations, including Lazarus Group, Kimsuky, and Andariel, from 2017 to 2023 that resulted in nearly $3 billion in losses have been subjected to a probe by a United...