Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users. The first Microsoft zero-day this month is CVE-2024-38080, a bug in the Windows Hyper-V component that affects Windows 11 and Windows Server 2022 systems. READ MORE...
Fujitsu confirms that information related to some individuals and customers' business has been compromised during the data breach detected earlier this year. The Japanese tech giant states that the attack did not involve ransomware but relied on a sophisticated mechanism to evade detection while exfiltrating data. In March, the company discovered that several of its systems had been infected with malware and noted the possibility of sensitive customer information being compromised. READ MORE...
The City of Philadelphia revealed that a May 2024 disclosed in October impacted more than 35,000 individuals' personal and protected health information. The investigation found that attackers gained access to multiple email accounts between May 26, 2023, and July 28, 2023. When it disclosed the data breach in October, the City also revealed the types of information exposed for impacted individuals. READ MORE...
A ransomware attack against South Africa's National Health Laboratory Service (NHLS) has put lives at risk and created chaos for healthcare services across the country. On June 22, the BlackSuit ransomware group hit NHLS, leaving it unable to process millions of blood tests. This means serious conditions have been left undiagnosed and lives endangered. This included details of tests that screened for diseases like tuberculosis and HIV/AIDS. READ MORE...
Major industrial control systems (ICS) providers on Tuesday released security advisories to warn customers of vulnerabilities found and addressed in their products. Siemens published 17 new security advisories describing over 50 vulnerabilities and released patches and mitigations for the flaws. Additionally, the company updated 21 previously released advisories with additional information. READ MORE...
Once again, cyberattackers are targeting JavaScript developers - this time in a "complex and persistent supply chain attack" that's distributing Trojanized packages for the popular JavaScript library jQuery across GitHub, Node Package Manager (npm), and jsDelivr repositories. Each package contains a copy of jQuery with one small difference: the end function, a part of the jQuery prototype, is modified to include additional malicious code designed to extract website form data. READ MORE...
Threat actors affiliated with RT (formerly Russia Today), a Russian government-backed media organization, have used artificial intelligence (AI) features of the Meliorator software to create fake online personas used to disseminate disinformation to and about the US, Germany, Israel, the Netherlands, Poland, Spain, and Ukraine, reads a joint advisory from the government agencies. Meliorator was designed to create seemingly authentic social media personas en masse and post content like authentic users. READ MORE...
Microsoft has given administrators plenty of work to do with July's security update that contains patches for a brutal 139 unique CVEs, including two that attackers are actively exploiting and one that's publicly known but remains unexploited for the moment. The July update contains fixes for more vulnerabilities than the previous two monthly releases combined and addresses issues that left unmitigated could enable malicious activities. READ MORE...
One of the most widely used network protocols is vulnerable to a newly discovered attack that can allow adversaries to gain control over a range of environments, including industrial controllers, telecommunications services, ISPs, and all manner of enterprise networks. Short for Remote Authentication Dial-In User Service, RADIUS harkens back to the days of dial-in Internet and network access through public switched telephone networks. READ MORE...