Ionut Arghire

Kyocera Device Manager Vulnerability Exposes Enterprise Credentials

An improper input validation flaw in Kyocera Device Manager allows attackers to capture credentials, compromise accounts.

January 10, 2024

SAP’s First Patches of 2024 Resolve Critical Vulnerabilities

SAP has released patches for critical vulnerabilities in Business Application Studio, Web IDE, and Edge Integration Cell.

January 10, 2024

Android’s January 2024 Security Update Patches 58 Vulnerabilities

Android’s first security update of 2024 resolves high-severity elevation of privilege and information disclosure vulnerabilities.

January 10, 2024

CISA Warns of Apache Superset Vulnerability Exploitation

CISA has added a critical-severity Apache Superset flaw (CVE-2023-27524) to its Known Exploited Vulnerabilities catalog.

January 9, 2024

Turkish Hackers Target Microsoft SQL Servers in Americas, Europe

Researchers at Securonix warn that Turkish threat actors are targeting organizations in the Americas and Europe with ransomware campaigns.

January 9, 2024

LoanDepot Takes Systems Offline Following Ransomware Attack

Mortgage lending firm LoanDepot has disclosed a cyberattack resulting in data encryption and system disruptions.

January 9, 2024

Ransomware Gang Claims Attack on Capital Health

The LockBit ransomware gang claims to have stolen over 7 terabytes of data from hospital system Capital Health.

January 9, 2024

QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products

QNAP has released patches for a dozen vulnerabilities in its products, including several high-severity flaws.

January 8, 2024

Turkish Cyberspies Targeting Netherlands

Turkish state-sponsored group Sea Turtle has been targeting multiple organizations in the Netherlands for espionage.

January 8, 2024

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack

Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks.

January 8, 2024

Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected

Global law firm Orrick, Herrington & Sutcliffe disclosed a data breach that affects a roughly 600,000 individuals.

January 5, 2024

New ‘SpectralBlur’ macOS Backdoor Linked to North Korea

SpectralBlur is a new macOS backdoor that shows similarities with North Korean hacking group’s KandyKorn malware.

January 5, 2024

Ivanti Patches Critical Vulnerability in Endpoint Manager

CVE-2023-39336, a critical vulnerability in Ivanti EPM, may lead to device takeover and code execution on the server.

January 5, 2024

Nigerian Arrested, Charged in $7.5 Million BEC Scheme Targeting US Charities

A Nigerian national arrested in Ghana faces charges in the US for a BEC scheme involving two charitable organizations.

January 5, 2024

Vigilant Ops Raises $2 Million for SBOM Management Platform

Vigilant Ops receives $2 million seed investment from DataTribe to help organizations manage SBOMs.

January 5, 2024

Google Patches Six Vulnerabilities With First Chrome Update of 2024

Google has released a Chrome 120 update to resolve six vulnerabilities, including four reported by external researchers.

January 4, 2024

4.5 Million Individuals Affected by Data Breach at HealthEC

HealthEC says personal information received from business partners was compromised in a July 2023 data breach.

January 4, 2024

Estes Express Lines Says Personal Data Stolen in Ransomware Attack

Estes Express Lines is informing over 21,000 individuals that their personal information was stolen in a ransomware attack.

January 4, 2024

Over 900k Impacted by Data Breach at Defunct Boston Ambulance Service

The personal information of more than 900,000 individuals was stolen in a data breach at Fallon Ambulance Service.

January 3, 2024

Several Infostealers Using Persistent Cookies to Hijack Google Accounts

A vulnerability in Google’s authentication process allows malware to restore cookies and hijack user sessions.

January 3, 2024

SECURITYWEEK NETWORK:

ICS:

Ionut Arghire

Kyocera Device Manager Vulnerability Exposes Enterprise Credentials

SAP’s First Patches of 2024 Resolve Critical Vulnerabilities

Android’s January 2024 Security Update Patches 58 Vulnerabilities

CISA Warns of Apache Superset Vulnerability Exploitation

Turkish Hackers Target Microsoft SQL Servers in Americas, Europe

LoanDepot Takes Systems Offline Following Ransomware Attack

Ransomware Gang Claims Attack on Capital Health

QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products

Turkish Cyberspies Targeting Netherlands

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack

Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected

New ‘SpectralBlur’ macOS Backdoor Linked to North Korea

Ivanti Patches Critical Vulnerability in Endpoint Manager

Nigerian Arrested, Charged in $7.5 Million BEC Scheme Targeting US Charities

Vigilant Ops Raises $2 Million for SBOM Management Platform

Google Patches Six Vulnerabilities With First Chrome Update of 2024

4.5 Million Individuals Affected by Data Breach at HealthEC

Estes Express Lines Says Personal Data Stolen in Ransomware Attack

Over 900k Impacted by Data Breach at Defunct Boston Ambulance Service

Several Infostealers Using Persistent Cookies to Hijack Google Accounts

Featured

Vulnerabilities

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

Funding/M&A

Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push

Data Breaches

Kodak Admits Data Breach After ShinyHunters Hack Claims

Vulnerabilities

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

Vulnerabilities

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

Hacker Conversations

Hacker Conversations: Isira Adithya, the Evolution of an Ethical Hacker

Artificial Intelligence

AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask

Latest News

Malware & Threats

CryptoBandits Malware Doubles as a Backdoor, Abuses Tor

Malware & Threats

FortiBleed: 86,000 Fortinet Device Credentials Compromised

Supply Chain Security

Cybersecurity Firms Impacted by Klue Supply Chain Attack

Funding/M&A

Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC

Malware & Threats

15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown

Vulnerabilities

Majority of Internet-Accessible REDCap Servers Outdated

Funding/M&A

Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push

Daily Briefing Newsletter