Network SecurityCheck Point patches VPN 0-day exploited to target enterprisesLaura FrenchMay 29, 2024Exploitation attempts focused mostly on old local accounts with password-only authentication.
RansomwareNorth Korea’s ‘Moonstone Sleet’ targets victims with malicious toolsSteve ZurierMay 29, 2024Microsoft says the group leverages social-engineering techniques and has developed its own malware.
RansomwareRansomHub threatens to leak data of Christie’s auction house clientsLaura FrenchMay 28, 2024The ransomware group claims to have information on at least 500,000 Christie’s clients.
IdentityAttackers target old VPN accounts that relied on passwordsSteve ZurierMay 28, 2024Check Point Software sent a letter to its customers advising them to protect security gateways with certificate-based authentication.
Network SecurityMITRE shares lessons on VMware rogue VMs used in its own cyberattackLaura FrenchMay 24, 2024Attackers used a default account to create hidden VMs and persist in MITRE’s VMware environment.
Application securityGoogle patches fourth zero-day in May, eighth so far of 2024Steve ZurierMay 24, 2024Security pros say because this bug was exploited in the wild, assume threat actors have launched remote code execution attacks.
AI/ML‘Shadow AI’ on the rise; sensitive data input by workers up 156%Laura FrenchMay 23, 2024Up to 95.9% of workplace chatbot use is on personal accounts, risking data exposure.
RansomwareLondon Drugs waiting on LockBit’s next move after ransomware attackSteve ZurierMay 23, 2024The Canadian drug retailer maintains it won’t pay a $25 million ransom, while LockBit allegedly said it would start releasing stolen data.
Cloud SecurityVeeam patches critical flaw that puts enterprise backups at riskLaura FrenchMay 22, 2024The bug enables unauthenticated attackers to log into the Veeam Backup Enterprise Manager.
Critical Infrastructure SecurityRockwell to customers: Remove public-facing ICS devices from internetSteve ZurierMay 22, 2024The move by Rockwell Automation was in response to heightened global tensions and concerns about potential attacks on critical infrastructure.
There are no bad machines – only ones that behave badly because of human errorItzik Alvas May 24, 2024