SecurityWeek

The US cybersecurity agency CISA issues cybersecurity recommendations for the healthcare and public health sector.

NSA has published guidance to help organizations incorporate SBOM to mitigate supply chain risks.

A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms.

Salvador Technologies has raised $6 million for its operational continuity and cyberattack recovery platform for ICS and OT.

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

The SEC has provided some important clarifications on its new cyber incident disclosure requirements, which come into effect on December 18.

3CX tells customers to temporarily disable SQL Database integration to mitigate a potential vulnerability.

MongoDB CISO Lena Smart said the company was not aware of any exposure to the data that customers store in the MongoDB Atlas product. 

The court system in Kansas was hit by a cyberattack that caused outages and affected the courts in 104 counties.

Noteworthy stories that might have slipped under the radar: Ukraine hacks Russia’s federal tax agency, CVE assigned to PLC exploit, security in new Intel CPU.

Zoom launches an open source Vulnerability Impact Scoring System (VISS) tested within its bug bounty program.

Hacktivists stole and leaked online the personal information of 45,000 Idaho National Laboratory employees.

Attackers are attempting to exploit a critical RCE flaw in Apache Struts 2 after researchers publish PoC code.

A ransomware group claims to have breached the systems of Kraft Heinz, but the food giant says it’s unable to verify the claims. 

GambleForce uses SQL injections to hack gambling, government, retail, and travel websites to steal sensitive information.

More often than not, we are grateful for and celebrate the wrong people. It is incumbent on all of us to take the time to appreciate and acknowledge the doers in our lives.

Dell is informing PowerProtect DD product customers about 8 vulnerabilities, including many rated ‘high severity’, and urging them to install patches.

Microsoft disrupts Storm-1152, a cybercrime-as-a-service business facilitating phishing, identity theft, and DDoS attacks.

US, UK, and Poland warn of Russia-linked cyberespionage group’s broad exploitation of recent TeamCity vulnerability.

Major software vendors sign on to a new security initiative to create trusted best practices for artificial intelligence deployments.