A critical authentication bypass flaw affecting Fortinet’s FortiOS, FortiProxy, and FortiSwitchManager appliances now has proof-of-concept exploit code available. Attackers can get around the authentication process on the administrative interface of FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager (FSWM) on-premise management instances thanks to this security flaw (CVE-2022-40684). Last Thursday, Fortinet released security updates to… Continue reading Critical Fortinet auth bypass bug has an exploit available; apply the patch now
Category: News
Organizations in Poland and Ukraine are affected by the new “Prestige” ransomware.
The Microsoft Threat Intelligence Center (MSTIC) has found evidence of a novel ransomware campaign using a hitherto unidentified ransomware payload that targets businesses in the logistics and transportation sectors in Poland and Ukraine. On October 11, we saw the introduction of this new ransomware, which refers to itself in its ransom note as “Prestige ransomware,”… Continue reading Organizations in Poland and Ukraine are affected by the new “Prestige” ransomware.
Best Cloud SaaS Governance Practices from the CSA Cloud Security Alliance
IntroductionInfrastructure as Service security is almost always the focus when discussing cloud security. platforms as a service (PaaS) and infrastructure as a service (IaaS). In spite of the fact that Organizations typically use 2-3 IaaS providers and frequently use tens to hundreds of SaaS products. A standard set of guidelines called the SaaS Governance Best… Continue reading Best Cloud SaaS Governance Practices from the CSA Cloud Security Alliance
A CyberRisk Alliance Resource, MSSP Alert – TOP 250 MSSPs Services Providers 2022 edition
A succinct summary The Top 250 MSSPs and associated survey respondents continue to expand more quickly than the managed security market as a whole. In fact, respondents to the survey anticipate that annual MSSP revenues will increase by 26% in 2022 compared to 2021, or nearly twice the market growth rate. MSSP growth is being… Continue reading A CyberRisk Alliance Resource, MSSP Alert – TOP 250 MSSPs Services Providers 2022 edition
Threat actors gained access to the personal data of tens of thousands of Revolut customers as a result of a cyberattack
Over the weekend, the financial technology company Revolut was the victim of a “highly targeted” cyberattack in which threat actors gained access to the personal data of 0.16% of its users (approximately 50,000 users).The business claims to have already spoken with the affected customers. A cyberattack on Revolut resulted in unauthorised access to the personal… Continue reading Threat actors gained access to the personal data of tens of thousands of Revolut customers as a result of a cyberattack
$3,500 for Starbucks Cofee Data with Name, Gender, DoB, Mobile No., Email and Address
The Straits Times discovered that 330,000 Singaporean Starbucks customers’ personal information had been compromised and sold on an online forum since September 10. On Friday, the coffee chain sent an email to the affected customers informing them of a data breach that had exposed their names, addresses, and email addresses. Upon being questioned about whether… Continue reading $3,500 for Starbucks Cofee Data with Name, Gender, DoB, Mobile No., Email and Address
Beta Mobile Sub-Techniques, Structured Detections, and ICS Join the Band as ATT&CK Upgrades to Version 11
The most recent ATT&CK release is now available, and this time They have upgraded to version 11! There shouldn’t be any major surprises if you’ve been following their roadmap, but they wanted to take this opportunity to go over their most recent updates. A beta version of the sub-techniques for ATT&CK for Mobile and ATT&CK… Continue reading Beta Mobile Sub-Techniques, Structured Detections, and ICS Join the Band as ATT&CK Upgrades to Version 11
Uber employees believed the alleged teen hacker attack was a joke.
The world’s largest ride-hailing company, Uber, shut down a portion of its operations late on Thursday after learning that its internal systems had been compromised. According to the company, the attacker was able to socially engineer his way into a worker’s Slack account before making a deeper foray into the network. While the full scope… Continue reading Uber employees believed the alleged teen hacker attack was a joke.
Portuguese NATO documents discovered for sale online
The National Security Office is still determining the extent of the damage, but EMGFA, secret military, and MDN computers are suspected of being involved in the security lapse that made it possible for secret NATO documents to be exfiltrated. In order to receive and send classified documents, the General Staff of the Armed Forces has… Continue reading Portuguese NATO documents discovered for sale online
A significant data breach on the streaming service Brand New Tube exposed users’ names and IP addresses.
A significant security flaw has been discovered on BrandNewTube, a YouTube alternative that was founded in the UK.Several users who received an email that revealed their names, genders, emails, and IP addresses have gotten in touch with us.The email also specifically criticizes Mohammad Butt and Sonia Poulton for failing to take the appropriate action in… Continue reading A significant data breach on the streaming service Brand New Tube exposed users’ names and IP addresses.