AI/MLTensorFlow AI models at risk due to Keras API flawLaura FrenchApril 23, 2024Arbitrary code in Lambda Layers may be unsafely executed in older versions of Keras.
RansomwareA ‘substantial proportion’ of Americans exposed in Change Healthcare cyberattackSteve ZurierApril 23, 2024Change Healthcare owner UnitedHealth Group acknowledges some customer protected health information leaked on dark web.
Network SecurityRussian group exploits Windows print spooler bug via ‘GooseEgg’ malwareSimon HenderyApril 23, 2024Microsoft says the launcher application is unique to Russia’s APT28 threat group and can lead to remote code execution.
Network Security6.2K Palo Alto firewalls still at risk as exploits increaseLaura FrenchApril 22, 2024Proof-of-concept exploits for CVE-2024-3400 are now publicly available.
Network SecurityMITRE research and prototyping network breached via Ivanti zero-daysSteve ZurierApril 22, 2024Security pros say while the target was an unclassified network, the research it manages on emerging technologies could be of interest to adversaries.
Network SecurityAuthorities investigate LabHost users after phishing service shut downSimon HenderyApril 22, 2024The alleged creator of the phishing-as-a-service malware was among those apprehended in the international operation.
Identity5.3M World-Check records may be leaked; how to check your recordsLaura FrenchApril 19, 2024Hackers claim to have obtained the records by breaching a third party with access to the database.
RansomwareAkira takes in $42 million in ransom payments, now targets Linux serversSteve ZurierApril 19, 2024Security pros say threat actors gravitate towards Linux because it’s the OS of choice for many critical server functions.
Cloud SecurityMicrosoft finds Kubernetes clusters targeted by OpenMetadata exploitsLaura FrenchApril 18, 2024A cryptominer campaign leveraged five vulnerabilities in OpenMetadata to infect environments.
Vulnerability Management‘MadMxShell’ leverages Google Ads to deploy malware via Windows backdoorSteve ZurierApril 18, 2024Security pros say using Windows backdoor in a malvertising campaign could expose companies to other malware attacks.