Network SecurityBrute-force attacks surge worldwide, warns Cisco Talos Steve ZurierApril 17, 2024While a longstanding method, the scale and systematic execution of the attacks signify an escalation, security pros said.
RansomwareAtlassian Confluence Linux instances targeted with Cerber ransomware Laura FrenchApril 17, 2024Attackers exploited a critical vulnerability to create a new administrator account.
Application securityScammers offer cash to phone carrier staff to swap SIM cardsSimon HenderyApril 17, 2024T-Mobile and Verizon workers report receiving text messages offering them up to $300 for each illegal SIM swap they complete.
RansomwareRansomHub says Change Healthcare data now up for saleLaura FrenchApril 16, 2024The ransomware group posted screenshots of alleged insurer and patient information Monday.
RansomwareOmni Hotels confirms data compromise in apparent ransomware attack Steve ZurierApril 16, 2024Security pros say the hospitality sector represents a new attack vector for the Daixin Team ransomware gang.
IdentityCisco Duo customer MFA message logs stolen in supply chain hackSimon HenderyApril 16, 2024A social-engineering attack against one of the company’s telephony suppliers led to the breach.
AI/MLMicrosoft’s ‘AI Watchdog’ defends against new LLM jailbreak methodLaura FrenchApril 15, 2024The “Crescendo” attack uses a chain of seemingly benign prompts to achieve an adverse output.
Network SecurityDelinea patches API vulnerability in Secret Server CloudSteve ZurierApril 15, 2024If left unpatched, the API flaw could let attackers bypass authentication, gain admin access, and steal company secrets.
IdentityRoku activates 2FA for 80M users after breach of 576K accountsSimon HenderyApril 15, 2024The streaming service enables 2FA on all accounts following its second credential-stuffing attack this year.
Network SecurityPalo Alto Networks PAN-OS critical 0-day exploited; hotfixes availableLaura FrenchApril 12, 2024The max severity (CVSS 10) bug enables command injection through the GlobalProtect feature.