Vulnerability ManagementMicrosoft patches 9 zero-days, 6 exploited in the wildSteve ZurierAugust 13, 2024In addition to Microsoft patches, Adobe also addressed 71 CVEs across its products.
Data Security48 types of PII targeted in East Valley Institute of Technology breachSteve ZurierAugust 12, 2024Data of more than 208,000 students potentially impacted in January breach.
IdentityUS charges Nashville man in alleged North Korean fraud schemeSteve ZurierAugust 9, 2024Nashville “facilitator” alleged to help North Korean IT workers make up to $300,000 annually.
Cloud SecuritySEC takes no action on Progress Software for MOVEit Transfer caseSteve ZurierAugust 8, 2024Security pros speculate that Progress Software complied with the SEC’s reporting guidelines and was the victim of a zero-day, not misconduct.
Network SecurityMassive CrowdStrike outage caused by an out-of-bounds memory errorSteve ZurierAugust 7, 2024CrowdStrike admitted in its root cause analysis that a lack of proper testing was part of the cause of the outage.
Black HatNation-state attackers increasingly abuse Microsoft Graph API in espionage campaignsSteve ZurierAugust 7, 2024Black Hat USA 2024: Recent attacks on cloud infrastructure started in South Asia and will spread to North America.
RansomwareSharpRhino RAT tied to Hunters International ransomware gangSteve ZurierAugust 6, 2024Security pros say the Hunters International ransomware group has been targeting IT workers, although not in any specific vertical sector.
Vulnerability ManagementLinux kernel exploitation SLUBStick can read and write memory arbitrarilySteve ZurierAugust 5, 2024Researchers from Graz University of Technology showed how the vulnerability worked across nine CVEs.
Application securityAttackers exploit StackExchange to load malicious packages to PyPISteve ZurierAugust 2, 2024Checkmarx researchers say the infostealer malware exfiltrated sensitive data and drained the crypto wallets of developers.
Application securityFake Google Authenticator ads lure users to download malware on GitHubSteve ZurierAugust 1, 2024Security pros caution users to download apps only from official app stores and websites.