CISA: CISA Adds Two Known Vulnerabilities to Catalog
CISA Adds Two Known Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based...
US-CERT Vulnerability Summary for the Week of July 3, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infosem-cms -- semcmsFile Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers...
CISA: NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing
NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing Today, the National Security Agency (NSA) and CISA published...
HackerOne Bug Bounty Disclosure: an-idor-that-can-lead-to-enumeration-of-a-user-and-disclosure-of-email-and-phone-number-within-cashier-miquinho
Company Name: Unikrn Company HackerOne URL: https://hackerone.com/unikrn Submitted By:miquinhoLink to Submitters Profile:https://hackerone.com/miquinho Report Title:An IDOR that can lead to enumeration...
HackerOne Bug Bounty Disclosure: subscription-check-bypass-of-nordvpn-service-tlsh
Company Name: Nord Security Company HackerOne URL: https://hackerone.com/nordsecurity Submitted By:tlsh1Link to Submitters Profile:https://hackerone.com/tlsh1 Report Title:Subscription check bypass of NordVPN serviceReport...
CISA: CISA Develops Factsheet for Free Tools for Cloud Environments
CISA Develops Factsheet for Free Tools for Cloud Environments CISA has developed and published a factsheet, Free Tools for Cloud...
Akira Ransomware Victim: 4LEAF, Inc
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
LockBit 3.0 Ransomware Victim: test[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Health Tech Vendor to Pay $31m After Kickback Allegations
A US provider of healthcare software has agreed to pay $31m to settle allegations it broke the False Claims Act...
Acting White House Cyber Director Withdraws Nomination
The acting US national cyber director has reportedly withdrawn her name for consideration for the permanent role because she was...
EU Urged to Prepare for Quantum Cyber-Attacks
A new discussion paper has set out recommendations for the European Union (EU) on how to ensure member states are...
Russian Charged with Tech Smuggling and Money Laundering
A Russian security agent has been charged with smuggling ammunition and dual-use technology, including various electronics which helped the Kremlin...
Fewer Than 100 Scammers Responsible For Global Email Extortion
Global email-based extortion scams are the work of just a small group of fraudsters, new research from Barracuda Networks has...
US on Track For Record Number of Data Breaches
This year could be another record breaker for data compromise following 951 publicly reported incidents in the second quarter, a...
White House Publishes Plan to Implement US National Cybersecurity Strategy
The White House has published a plan for the implementation of the US National Cybersecurity Strategy, which was introduced in...
Mandiant Unveils Russian GRU’s Cyber Playbook Against Ukraine
Drawing on its tracking of Russia-backed disruptive operations against Ukraine since the country’s invasion of its neighbor in February 2022,...
NCSC Shares Alternatives to Using a SOC
A leading UK security agency has revealed several approaches that could reduce or eliminate the need for organizations to run...
New CVSS Version Unveiled Amid Rising Cyber Threats
A new version of the Common Vulnerability Scoring System (CVSS 4.0) has been unveiled publicly by the Forum of Incident...
Ransomware Costs Financial Services $32bn in Five Years
Global financial services organizations have lost over $32bn in downtime since 2018 due to ransomware breaches, a new report has...
UK Financial Regulator Urges Banks to Tackle AI-Based Fraud
The UK’s financial services regulator has warned banks that it will be watching closely what steps they put in place...
Chinese APT Favorite Backdoor Found in Pakistani Government App
Trend Micro has discovered a sample of Shadowpad, a sophisticated backdoor used by various Chinese-sponsored threat actors, in an application...
AI Tool WormGPT Enables Convincing Fake Emails For BEC Attacks
A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber-criminals, specifically for launching business...
LokiBot Malware Targets Windows Users in Office Document Attacks
Windows users have been targeted again by the sophisticated malware known as LokiBot, which is spreading through malicious Office documents. According...
New Threat Actor Launches Cyber-attacks on Ukraine and Poland
A new threat actor group has been observed conducting a series of cyber-attacks targeting government entities, military organizations and civilian...
