Szolgáltatóknak

Threat actors actively exploited 97 zero-day vulnerabilities last year, which is more than 50% higher than in 2022 but lower than in 2021, reports BleepingComputer.

Potential cyberattacks facilitated by covertly installed browser extensions could have been deployed with the exploitation of an already addressed medium-severity privilege escalation vulnerability in Microsoft Edge, according to The Hacker News.

CNBC reports that UnitedHealth Group has already provided more than $3.3 billion in advanced payments to U.S. healthcare providers that experienced financial disruptions following the far-reaching ransomware attack against its payment processor subsidiary Change Healthcare last month attributed to the ALPHV/BlackCat ransomware operation.

Major Turkish car rental service provider Rent Go had data from more than 161,000 customers exposed due to an unsecured Azure Blob Storage instance, reports Cybernews.

India had several of its government agencies and energy industry organizations subjected to cyberespionage attacks delivering the HackBrowserData information-stealing malware as part of the new Operation FlightNight campaign identified earlier this month, according to The Record, a news site by cybersecurity firm Recorded Future.

BleepingComputer reports that Scotland's National Health Service has been threatened by the INC Ransom extortion operation to expose 3 TB of data stolen from an attack this month.

Threat actors have launched a new phishing campaign using fraudulent bank payment notifications to facilitate the deployment of the Agent Tesla information-stealing and keylogging malware, The Hacker News reports.

The Cybersecurity and Infrastructure Security Agency has unveiled a draft cyber incident disclosure rule created under the Cyber Incident Reporting for Critical Infrastructure Act that would mandate organizations part of the 16 designated critical infrastructure sectors to report ransomware incidents and payments within a 72-hour and 24-hour period, respectively, according to CyberScoop.

Cisco released security updates to address vulnerabilities in Cisco IOS, IOS XE, and AP software. A cyber threat actor could exploit some of these vulnerabilities to cause a denial-of-service. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication Cisco Access Point Software Secure Boot Bypass Vulnerability Cisco Access Point Software Denial of Service Vulnerability