Network Security6.2K Palo Alto firewalls still at risk as exploits increaseLaura FrenchApril 22, 2024Proof-of-concept exploits for CVE-2024-3400 are now publicly available.
Network SecurityMITRE research and prototyping network breached via Ivanti zero-daysSteve ZurierApril 22, 2024Security pros say while the target was an unclassified network, the research it manages on emerging technologies could be of interest to adversaries.
Network SecurityAuthorities investigate LabHost users after phishing service shut downSimon HenderyApril 22, 2024The alleged creator of the phishing-as-a-service malware was among those apprehended in the international operation.
Identity5.3M World-Check records may be leaked; how to check your recordsLaura FrenchApril 19, 2024Hackers claim to have obtained the records by breaching a third party with access to the database.
RansomwareAkira takes in $42 million in ransom payments, now targets Linux serversSteve ZurierApril 19, 2024Security pros say threat actors gravitate towards Linux because it’s the OS of choice for many critical server functions.
Cloud SecurityMicrosoft finds Kubernetes clusters targeted by OpenMetadata exploitsLaura FrenchApril 18, 2024A cryptominer campaign leveraged five vulnerabilities in OpenMetadata to infect environments.
Vulnerability Management‘MadMxShell’ leverages Google Ads to deploy malware via Windows backdoorSteve ZurierApril 18, 2024Security pros say using Windows backdoor in a malvertising campaign could expose companies to other malware attacks.
Critical Infrastructure SecurityRussia’s Sandworm APT linked to attack on Texas water plantSimon HenderyApril 18, 2024The threat group is best known for its sustained campaign against Ukrainian targets and infrastructure.
Network SecurityBrute-force attacks surge worldwide, warns Cisco Talos Steve ZurierApril 17, 2024While a longstanding method, the scale and systematic execution of the attacks signify an escalation, security pros said.
RansomwareAtlassian Confluence Linux instances targeted with Cerber ransomware Laura FrenchApril 17, 2024Attackers exploited a critical vulnerability to create a new administrator account.
Will the Change Healthcare case finally make providers do a business impact analysis?Toby Gouker April 22, 2024
In memoriam: Steven Young, respected CISO and former Cybersecurity Collaborative VPBill BrennerApril 19, 2024