Servers running software sold by Salesforce are leaking sensitive data managed by government agencies, banks, and other organizations, according to a post published Friday by KrebsOnSecurity. At least five separate sites run by the state of Vermont permitted access to sensitive data to anyone, Brian Krebs reported. The state's Pandemic Unemployment Assistance program was among those affected. READ MORE...
The ALPHV ransomware operation, aka BlackCat, has published screenshots of internal emails and video conferences stolen from Western Digital, indicating they likely had continued access to the company's systems even as the company responded to the breach. The leak comes after the threat actor warned Western Digital on April 17th that they would hurt them until they "cannot stand anymore" if a ransom was not paid. READ MORE...
The Computer Emergency Response Team of Ukraine (CERT-UA) says Russian hackers are targeting various government bodies in the country with malicious emails supposedly containing instructions on how to update Windows as a defense against cyber attacks. CERT-UA believes that the Russian state-sponsored hacking group APT28 (aka Fancy Bear) sent these emails and impersonated system administrators of the targeted government entities to make it easier to trick their targets. READ MORE...
Four vulnerabilities in virtualisation software have been fixed by VMware, including two which were exploited at the 20223 Pwn2Own contest. Three have been given the severity rating "Important", with the last (CVE-2023-20869) is classed as "Critical". All four issues can be addressed by updating to the latest version of the affected software. At the time of writing these are VMware Fusion 13.0.2 and VMware Workstation 17.0.2. READ MORE...
Boffins at McAfee have identified 38 Android apps in the Google Play store that unashamedly rip off the ever-popular gaming sensation Minecraft, but are actually designed to stealthily earn advertising revenue. The apps, which McAfee detects as Android/HiddenAds.BJL, load adverts in the background without the user's knowledge, and are estimated to have been downloaded some 35 million times onto Android devices. READ MORE...
Researchers at dark web monitoring company Cyble recently wrote about a data-stealing-as-a-service toolkit that they found being advertised in an underground Telegram channel. One somewhat unusual aspect of this "service" (and in this context, we don't mean that word in any sort of positive sense!) is that it was specifically built to help would-be cybercriminals target Mac users. READ MORE...
Endpoint detection and response (EDR) has demonstrated clear value in protecting endpoints, and in many ways provides unique visibility into local processes. However, customers and prospects tell us their percentage of EDR coverage on endpoints is in the range of 60-70%. In other words, 40-30% of devices are out of their control. Not only are we blind to many devices currently connected to our networks and new devices being added every day, but also what these devices are doing. READ MORE...
Cisco informed customers this week that it's working on a patch for a vulnerability found in the company's Prime Collaboration Deployment product by a member of NATO's Cyber Security Centre (NCSC). Prime Collaboration Deployment is a tool designed to assist in the management of Unified Communications (UC) applications. The security hole, identified as CVE-2023-20060, is a cross-site scripting (XSS) issue affecting the product's web-based management interface. READ MORE...