Cloud Security
VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.
Hi, what are you looking for?
SecurityWeek
Data Breaches
Cisco Duo warns that breach exposed phone numbers, phone carriers, metadata and other logs that could lead to downstream social engineering attacks.
Data Breaches
The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts "presents a grave and unacceptable risk to federal agencies."
Cloud Security
Cyber Safety Review Board, said “a cascade of errors” by Microsoft let state-backed Chinese cyber operators break into email accounts of senior U.S. officials.
Incident Response
Although the attack on the national library of the UK occurred five months ago, the Library’s infrastructure won’t be rebuilt until mid-April 2024, and...
Incident Response
The OODA Loop can be used both by defenders and incident responders for a variety of use cases such as threat assessment, threat monitoring,...
Incident Response
UnitedHealth is testing the last major system it must restore from last month’s Change Healthcare cyberattack, but it has no date yet for finishing...
Data Protection
Adlumin, a startup working on technology to boost security for mid-market firms, has banked $70 million in new funding led by SYN Ventures.
Cyberwarfare
Microsoft says an APT group tracked as Storm-0062 has been hacking Confluence installations since mid-September, three weeks before Atlassian’s disclosure.
Incident Response
Adobe Commerce customers exposed to code execution, privilege escalation, arbitrary file system read, and security feature bypass attacks.
Data Breaches
The fundraising software company Blackbaud has agreed to pay $49.5 million to settle claims brought by the attorneys general of 49 states and Washington,...
Cloud Security
Cisco warns that unauthenticated, remote attackers can log into devices using root account, which has default, static credentials that cannot be changed or deleted.
Incident Response
Rapid7 says attackers are targeting a critical pre-authentication flaw in Progress Software’s WS_FTP server just days after disclosure.
Cloud Security
Israeli security startup Gem Security has raised a total of $34 million to tackle cloud threat detection and incident response.
Incident Response
DHS has published a new set of recommendations to help federal agencies better report cyber incidents and protect critical infrastructure.
Cybercrime
Clorox says the recent cyberattack has been contained, but production is still not fully restored and there is a short supply of products.
Data Breaches
The hijacked data includes driver’s license numbers and/or social security numbers from a Caesars Entertainment loyalty database.
Cybersecurity Funding
Estonian DFIR company Binalyze has raised $19 million in a Series A funding round to grow and improve its product.
Cybercrime
LabHost, a major phishing-as-a-service platform, has been shut down as part of a major law enforcement operation.
Vulnerabilities
Cloud Security
Artificial Intelligence
Application Security
Malicious hackers are targeting SAP applications at an alarming pace, according to warnings from Onapsis and Flashpoint.
Data Protection
