US State Department Investigating Another Data Leak
Five Eyes data was stolen from right under their nose. The threat actor stole and leaked documents from tech consulting firm Acuity, which specializes in cybersecurity, DevSecOps, data analytics, and operations support services. Read More
White House And EPA Warn Of Hackers Breaching Water Systems
EPA Administrator Michael Regan warned governors today that hackers are "striking" critical infrastructure across the country's water sector. Read More
Organizations Are Knowingly Releasing Vulnerable Applications
92% of companies had experienced a breach in the prior year due to vulnerabilities of applications developed in-house. Read More
Vmware Pushes Admins To Uninstall Vulnerable, Deprecated Vsphere Plugin
The vulnerabilities haven’t been and won’t be fixed. Instead, VMware is urging admins to remove the EAP plugin. Read More
Critical Shim Bug Impacts Every Linux Boot Loader Signed In The Past Decade
There are currently 5 vulnerabilities in Shim that could allow a network attacker to bypass secure boot and take over a vulnerable Linux system. Read More
Biggest Data Leak in History Exposes 26B Records
Most of the exposed data, found on an open instance likely owned by a threat actor or data broker, was from the Chinese instant messaging app Tencent QQ. At the same time, Weibo, MySpace, Twitter, and Wattpad also had hundreds of millions of leaked credentials and other information. Read More
Massive Comcast Xfinity Data Breach Impacts 36 Million Customers
Comcast disclosed that hackers exploited a Citrix vulnerability between October 16 and October 19, 2023. Read More
Happy New Year and Thank You to Our 7,000+ Readers!
Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day
China-linked hackers continue to target Barracuda Email Security Gateway (ESG) appliances, with recent attacks involving the exploitation of a new zero-day vulnerability. Read More
FBI Explains How Companies Can Delay Sec Cyber Incident Disclosures
The FBI worked with the Department of Justice to create a guidance document for victims about how companies can “request disclosure delays for national security or public safety reasons.” Read More
Staples Confirms Cyberattack Behind Service Outages, Delivery Issues
Reported Staples internal operation problems including an inability to access Zendesk, VPN employee portals, print email, use phone lines, and more. Read More
Topics
- Cyber Threat Report (79)
- Business Resilience (17)
- Data Breach Protection (12)
- Employee Security Awareness Training (11)
- Incident Response (10)
- Managing Cyber Risks (6)
- Penetration Testing (5)
- Ransomware (5)
- Cyber Insurance (4)
- Business Continuity & Disaster Recovery (BCDR) (3)
- CIO & CISO Services (3)
- Case Study (3)
- AI and Cybersecurity (2)
- Attack Surface Discovery (ASD) (2)
- Cybersecurity Maturity Model Certification (CMMC) (2)
- Enterprise Risk & Compliance (2)
- Information Security (InfoSec) (2)
- Vulnerability Assessments (2)
- Cybersecurity Education (1)
