95Articles
7Categories
2023-09-05Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
5 SepInconsistencies in the Common Vulnerability Scoring System (CVSS)Interesting research : Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities Abstract: The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the severity of vulnerabilities in vulnerabili…SCHNEIER.COM
5 SepLFI/RCE Vulnerability in WordPress Media Library Assistant Plugin - CVE-2023-4634 - Patrowlsubmitted by L4s to secops 1 points | 0 comments https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ LFI/RCE Vulnerability in WordPress Media Library Assistant Plugin - CVE-2023-4634 - Patrowl::Discovery of 0-days with Patrowl automation of EASM and PTaaSPATROWL.IO
5 SepNew research reveals most-attacked, most-vulnerable assetsNew research from security company Armis has revealed the riskiest assets introducing threats to global businesses. Armis' research focused on connected assets with the most attack attempts, weaponized Common Vulnerabilities and Exposures (CVEs), and high-risk ratings. Based on d…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
5 SepCommon usernames submitted to honeypots, (Tue, Sep 5th)Based on reader feedback, I decided to take a&#;x26;#;xc2;&#;x26;#;xa0;look at usernames submitted to honeypots. The usernames that are seen on a daily basis look very familiar.&#;x26;#;xc2;&#…ISC.SANS.EDU
5 SepReaper: Open-source reconnaissance and attack proxy workflow automationReaper is an open-source reconnaissance and attack proxy, built to be a modern, lightweight, and efficient equivalent to Burp Suite/ZAP. It focuses on automation, collaboration, and building universally distributable workflows. Reaper is a work in progress, but it’s already capab…HELPNETSECURITY.COM
5 Sep6 free resources for getting started in cybersecurityCybersecurity is not just a career field on the rise – it’s a calling that’s increasingly vital to the infrastructure of our world. But stepping into the universe of threat vectors and intrusion detection systems might sound like a journey for the tech elite. Th…HELPNETSECURITY.COM
5 SepMeta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and RussiaMeta has disclosed that it disrupted two of the largest known covert influence operations in the world from China and Russia, blocking thousands of accounts and pages across its platform. “It targeted more than 50 apps, including Facebook, Instagram, X (formerly Twitter), YouTube…THEHACKERNEWS.COM
5 Sep137: PredatorA new type of mercenary spyware came on the radar called Predator. It’ll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world. In this episode we hear from C…DARKNETDIARIES.COM
5 SepMultiple IBM Sterling Secure Proxy Vulnerabilities Allow Remote Code ExecutionIBM Sterling Secure Proxy has been discovered with multiple vulnerabilities which were mostly related to Denial of Service and Information Disclosure. It also consisted of a code execution vulnerability and an unidentified vulnerability. The severities of these vulnerabilities va…GBHACKERS.COM
5 SepHackers Exploit MinIO Storage System Vulnerabilities to Compromise ServersAn unknown threat actor has been observed weaponizing high-severity security flaws in the MinIO high-performance object storage system to achieve unauthorized code execution on affected servers.THEHACKERNEWS.COM
5 SepHow attackers exploit QR codes and how to mitigate the riskAmong the many technological impacts of the coronavirus pandemic is a rise in the use of QR (Quick-Respons) codes. Naturally, bad actors are taking advantage of this opportunity and the vulnerabilities of this mobile technology to launch attacks. Security teams need to be on top …CSOONLINE.COM
5 SepMeta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and RussiaMeta has disclosed that it disrupted two of the largest known covert influence operations in the world from China and Russia, blocking thousands of accounts and pages across its platform.THEHACKERNEWS.COM
5 SepUnraveling EternalBlue: Inside the WannaCry’s EnablerEternalBlue exploits a vulnerability in the Microsoft implementation of the Server Message Block (SMB) Protocol. This dupes an unpatched Windows machine into allowing illegitimate data packets into the legitimate network.SECURITYAFFAIRS.COM
5 SepDevelopers have security, other generative AI concerns but use it anywayA new software developer survey released today shows a broad understanding of the risks involved in using generative AI to support software development projects, but an equally widespread acceptance that the technology has already proved itself as useful. The survey, which was pu…CSOONLINE.COM
5 SepExpect SQL Server failures as Microsoft disables old TLS in WindowsMicrosoft has decided to disallow Transport Layer Security (TLS) versions 1.0 and 1.1 in the Windows operating system in a bid to increase the security posture of its customers and encourage modern protocol adoption. The company has warned that the move could impact SQL Servers o…CSOONLINE.COM
5 SepZero-day attacks are on the rise. Can patches keep up?That latest cyberattack threatening your organization is likely coming from outside the corporate network. According to Mandiant’s M-Trends 2023 report, 63% of breaches came from an outside entity — a considerable rise from 47% the year before. When it comes to how in…SECURITYINTELLIGENCE.COM
5 SepNorfolk Southern Says a Software Defect — Not a Hacker — Forced It to Park Its Trains This WeekNorfolk Southern believes a software defect — not a hacker — was the cause of the widespread computer outage that forced the railroad to park all of its trains. The post Norfolk Southern Says a Software Defect — Not a Hacker — Forced It to Park Its Trains This Week appeared first…SECURITYWEEK.COM
5 SepNIST’s Planned Updates to Implementing the HIPAA Security Rule: A Cybersecurity Resource GuideBackground: NIST Special Publication (SP) 800-66 Healthcare organizations face many challenges from cybersecurity threats. This can have serious impacts on the security of patient data, the quality of patient care, and even the organization’s financial status. Healthcare organiza…NIST.GOV
5 SepASUS routers vulnerable to critical remote code execution flawsThree critical-severity remote code execution vulnerabilities impact ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers, potentially allowing threat actors to hijack devices if security updates are not installed. [...]BLEEPINGCOMPUTER.COM
5 SepNew BLISTER Malware Update Fuelling Stealthy Network InfiltrationAn updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control (C2) framework called Mythic. “New BLISTER update includes keying feature that allows for precise targeting of victim netw…THEHACKERNEWS.COM
5 SepMITRE and CISA Release Open Source Tool for OT Attack EmulationMITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems. The post MITRE and CISA Release Open Source Tool for OT Attack Emulation appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepCISA Releases Two Industrial Control Systems AdvisoriesCISA released two Industrial Control Systems (ICS) advisories on September 5, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-248-01 Fujitsu Limited Real-time Video Transmission Gear IP series…CISA.GOV
5 SepKingston Digital introduces XS1000 External SSDKingston Digital announced the XS1000 External SSD, a small and sleek file backup solution. XS1000 joins XS2000 as a new product offering in Kingston’s external SSD product portfolio. Both drives are extremely compact and under 29 grams to provide pocket-sized portability. Kingst…HELPNETSECURITY.COM
5 SepAtlas VPN zero-day allows sites to discover users’ IP addressAtlas VPN has confirmed the existence of a zero-day vulnerability that may allow website owners to discover Linux users’ real IP address. Details about this zero-day vulnerability as well as exploit code have been publicly released on Reddit several days ago by the person w…HELPNETSECURITY.COM
5 SepLive API Keys and Source Code Leaked in 4,500 of the Top Alexa Sitessubmitted by L4s to secops 1 points | 0 comments https://trufflesecurity.com/blog/4500-of-the-top-1-million-websites-leaked-source-code-secrets/ Live API Keys and Source Code Leaked in 4,500 of the Top Alexa Sites::undefinedTRUFFLESECURITY.COM
5 SepAtlas VPN zero-day vulnerability leaks users' real IP addressAn Atlas VPN zero-day vulnerability affecting the Linux client leaks a user's real IP address simply by visiting a website. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 14[−]
5 SepIndia warns of malware attacks targeting its Android usersIndia has warned its citizens of an advanced malware targeting Android users, capable of accessing sensitive data and allowing hackers control over infected devices. The Controller General of Defence Accounts, a department in India’s Defense Ministry, released the advisory …TECHCRUNCH.COM
5 SepHornetsecurity releases 365 Total Protection Plan 4 for Microsoft 365 to protect email communicationsHornetsecurity has launched its Plan 4 “Compliance & Awareness” solution of 365 Total Protection Suite, offering a higher level of defence and compliance with new AI tools, security awareness service, and permission management for Microsoft 365. This new plan covers a broade…HELPNETSECURITY.COM
5 SepCISA Hires ‘Mudge’ to Work on Security-by-Design PrinciplesPeiter ‘Mudge’ Zatko joins the US government's cybersecurity agency to preach the gospel of security-by-design and secure-by-default development principles. The post CISA Hires ‘Mudge’ to Work on Security-by-Design Principles appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepProactively Prepare for AI Regulation: ReportMounting Regulation Will Add Complexity to Compliance, Says KPMG Regulatory scrutiny over artificial intelligence will only mount, warns consultancy KPMG in a report advising companies to proactively set up guardrails to manage risk. Even in the absence of regulatory regimes, "co…DATABREACHTODAY.CO.UK
5 SepFeds Publicly Name 130 Healthcare Firms Using Web TrackersFTC, HHS Warn Hospitals, Telehealth Firms of Privacy Violations With Tracker Use The Federal Trade Commission and the Department of Health and Human Services have publicly named 130 hospitals and telehealth companies that were recently warned that the use of online tracking tools…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 17[−]
5 SepAnalyzing a Facebook Profile Stealer Written in Node.jsWe analyze an information stealer written in Node.js, packaged into an executable, exfiltrated stolen data via both Telegram bot API and a C&C server, and employed GraphQL as a channel for C&C communication.TRENDMICRO.COM
5 SepHow Ducktail Capitalizes on Compromised Business, Ad AccountsQuite some money can be made from selling compromised business and ad accounts on social media platforms, and the threat actor behind Ducktail has specialized in just that.HELPNETSECURITY.COM
5 SepRansomware Attack on Fencing Systems Maker Zaun Impacts UK Military DataBritish mesh fencing systems maker Zaun discloses LockBit ransomware attack potentially impacting data related to UK military and intelligence sites. The post Ransomware Attack on Fencing Systems Maker Zaun Impacts UK Military Data appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepWays to protect WordPress sites and blogs from hacking | Kaspersky official blogHow and why corporate websites get hacked, and what businesses can do to protect them.KASPERSKY.COM
5 SepHackers Push Anti-Iranian Government Messages to Millions via Breached AppAn Iranian-focused hacking group known as Black Reward, with a history of going after the Iranian government, announced a new attack late Thursday, this time targeting a financial services app used by millions of Iranians for digital transactions.CYBERSCOOP.COM
5 SepKey Cybersecurity Tools That Can Mitigate the Cost of a BreachIBM's 2023 installment of their annual "Cost of a Breach" report has thrown up some interesting trends. Of course, breaches being costly is no longer news at this stage! What’s interesting is the difference in how organizations respond to threats and which technologies are helpin…THEHACKERNEWS.COM
5 SepLockBit ransomware gang steals data related to security of UK military basesAn attack by the notorious LockBit ransomware gang stole 10 GB of data from a company that provides high-security fencing for military bases.GRAHAMCLULEY.COM
5 SepChipmaker NXP confirms data breach involving customers’ informationDutch chipmaker NXP Semiconductors has alerted customers to a data breach involving their personal information. The data breach was first flagged by Troy Hunt, the owner of Have I Been Pwned, who tweeted a copy of the email NXP had sent to customers affected by the breach. Those …TECHCRUNCH.COM
5 Sep7 Million Users Possibly Impacted by Freecycle Data BreachFreecycle.org is prompting millions of users to reset their passwords after their credentials were compromised in a data breach. The post 7 Million Users Possibly Impacted by Freecycle Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepLockBit leaks sensitive data from maximum security fence manufacturerThe LockBit ransomware group has breached Zaun, a UK-based manufacturer of fencing systems for military sites and critical utilities, by compromising a legacy computer running Windows 7 and using it as an initial point of access to the wider company network. The Zaun breach The c…HELPNETSECURITY.COM
5 SepMore UK Schools Hit by Cyberattacks Before Term BeginsHighgate Wood School in Crouch End will now begin accepting pupils on September 11 rather than September 5 as originally intended. The secondary school, which serves local students aged 11–16, appears to have escaped the worst of the attack.INFOSECURITY-MAGAZINE.COM
5 SepSuspected ALPHV Ransomware Attack on Melbourne Pathology Clinic Possibly Exposed Patient DataThe Australian government is aware of the data breach as well as potential incidents affecting real estate firm Barry Plant and owners corporation management company Strata Plan, national cybersecurity coordinator Darren Goldie said in a statement.THEGUARDIAN.COM
5 SepLockBit Breaches Fence ManufacturerRansomware Group Accessed Out-of-Support 'Rogue Windows 7 PC' to Steal Data A high-security fence manufacturer Zaun, which supplies military bases and prisons, said its cybersecurity barriers were breached by the LockBit ransomware group, which subsequently leaked stolen data. Za…DATABREACHTODAY.CO.UK
5 SepReflectiz offers remote solution to battle Magecart attacksReflectiz, a cybersecurity company specializing in continuous web threat management, offers a remote solution to battle Magecart web-skimming attacks, a cyberattack involving injecting malicious code into the checkout pages. As the holiday season approaches, online retailers face…HELPNETSECURITY.COM
5 SepCrypto casino Stake.com loses $41 million to hot wallet hackersOnline cryptocurrency casino Stake.com announced that its ETH/BSC hot wallets had been compromised to perform unauthorized transactions, with over $40 million in crypto reportedly stolen. [...]BLEEPINGCOMPUTER.COM
5 SepCoffee Meets Bagel says recent outage caused by destructive cyberattackThe Coffee Meets Bagel dating platform confirms last week's outage was caused by hackers breaching the company's systems and deleting company data. [...]BLEEPINGCOMPUTER.COM
5 SepNews Alert: Reflectiz declares war on Magecart web-skimming attacks as holidays approachTel Aviv, Israel, Sept. 5, 2023 — Reflectiz , a cybersecurity company specializing in continuous web threat management offers an exclusive, fully remote solution to battle Magecart web-skimming attacks, a popular type of cyberattacks involving injecting malicious code into the &#…LASTWATCHDOG.COM
🕵️ THREAT INTELLIGENCE 21[−]
5 SepTraining Tuesday - Discussions for certs, training and learning-at-homesubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss industry certifications, trainings and other courses/learning. Ask questions, share your experiences and help others!INFOSEC.PUB
5 SepISC Stormcast For Tuesday, September 5th, 2023 https://isc.sans.edu/podcastdetail/8644, (Tue, Sep 5th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
5 SepWhy end-to-end encryption mattersIn this Help Net Security video, Kayne McGladrey, IEEE Senior Member and Field CISO at Hyperproof, discusses end-to-end encryption (E2EE). E2EE ensures that only two parties – a sender and a receiver – can access data, and helps to protect consumers and businesses from prying eye…HELPNETSECURITY.COM
5 SepThe misconceptions preventing wider adoption of digital signaturesIn this Help Net Security interview, Thorsten Hau, CEO at fidentity, discusses the legal validity of qualified digital signatures, demonstrating their equivalence to handwritten signatures when backed by robust identity verification. Opting for certified providers that adhere to …HELPNETSECURITY.COM
5 SepConnected cars and cybercrime: A primerOriginal equipment suppliers (OEMs) and their suppliers who are weighing how to invest their budgets might be inclined to slow pedal investment in addressing cyberthreats. To date, the attacks that they have encountered have remained relatively unsophisticated and not especially …HELPNETSECURITY.COM
5 SepSTEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the roadNew government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. Related: The need for supply chain security This is to be expected. After all, government mandates … (more…)LASTWATCHDOG.COM
5 SepBroadening What We Call AppSec - Christien Rioux - ASW VaultCheck out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on January 10, 2022. There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take to broaden what we call appse…YOUTUBE.COM
5 Sep8×8 Omni Shield protects users from fraudulent SMS activity8×8 announced the 8×8 Omni Shield solution, allowing enterprises to proactively safeguard their customers from fraudulent SMS activity. The new SMS fraud prevention communication API is part of the 8×8 CPaaS portfolio, which helps enterprises drive business growth …HELPNETSECURITY.COM
5 SepDevelopers Warned of Malicious PyPI, NPM, Ruby Packages Targeting MacsMalicious packages uploaded to PyPI, NPM, and Ruby repositories are targeting macOS users with information stealing malware. The post Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepCybersecurity M&A Roundup: 40 Deals Announced in August 2023Forty cybersecurity-related merger and acquisition (M&A) deals were announced in August 2023. The post Cybersecurity M&A Roundup: 40 Deals Announced in August 2023 appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepHacker Group Disguised as Marketing Company to Attack Enterprise TargetsIn a recent development, NSFOCUS Security Labs has detected a fresh APT34 phishing attack. During this operation, APT34, believed to originate from Iran and also known as OilRig or Helix Kitten, assumed the identity of a marketing services company named Ganjavi Global Marketing S…GBHACKERS.COM
5 SepLiveWire allows users to export their data and use it with the AIsLiveAction announces that users can now leverage LiveWire in concert with Artificial Intelligence (AI) to better refine network operations. LiveWire will now allow users to export their network packet data for use in AIs to find patterns that human operators might otherwise miss.…HELPNETSECURITY.COM
5 SepResearchers Warn of Cyber Weapons Used by Lazarus Group's Andariel ClusterThe North Korean threat actor known as Andariel has been observed employing an arsenal of malicious tools in its cyber assaults against corporations and organizations in the southern counterpart. “One characteristic of the attacks identified in 2023 is that there are numerous mal…THEHACKERNEWS.COM
5 SepBattery Ventures Buys GrammaTech's Application Security UnitResearch Services Business Will Keep GrammaTech Name, Five Points Capital Ownership GrammaTech has separated its security software products and cyber research services divisions, and venture capital firm Battery Ventures has acquired the former and renamed it CodeSecure. The Wash…DATABREACHTODAY.CO.UK
5 Sep9 Vulnerabilities Patched in SEL Power System Management ProductsNine vulnerabilities patched in SEL electric power management products, adding to the 19 other flaws fixed earlier this year. The post 9 Vulnerabilities Patched in SEL Power System Management Products appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepOkta Says US Customers Targeted in Sophisticated AttacksOkta says some of its US-based customers have been targeted in social engineering attacks whose goal was to disable MFA and obtain high privileges. The post Okta Says US Customers Targeted in Sophisticated Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepTeams are Built around Key Players Performing Great Functions - Ralston Simmons - CSP 138Skills can be evolved and provide teams with the necessary talent. Join Ralston as he shares his experiences in recruiting, rotational programs, and supporting the key players with the right support system. This segment is sponsored by Google Chrome Enterprise. Visit https://secu…YOUTUBE.COM
5 SepResearchers Warn of Cyber Weapons Used by Lazarus Group's Andariel ClusterSome of the malware families employed by Andariel in its attacks include Gh0st RAT, DTrack, YamaBot, NukeSped, Rifdoor, Phandoor, Andarat, Andaratm, TigerRAT (and its successor MagicRAT), and EarlyRAT.THEHACKERNEWS.COM
5 SepQuantum Computing - SWN VaultCheck out this interview from the SDL Vault, hand picked by main host Doug White! This segment was originally published on January 22, 2019. Today, we begin the journey to the quantum realm on SDL. Marketing is telling us, everything is quantum now, don't be fooled, let us tell y…YOUTUBE.COM
5 SepX to Collect Biometric Data For Premium Users to Add Verification LayerThe social network formerly known as Twitter, X, has released its latest data-gathering policy announcement. This includes collecting user information, such as educational history and biometric data. According to the policy, X may collect and use user biometric information for sa…GBHACKERS.COM
5 SepIronNet Furloughs Almost All Employees, Curtails OperationsClosure Comes Less Than Eight Weeks After C5 Capital Agreed to Take IronNet Private IronNet's board authorized the company to furlough nearly all its workers and substantially curtail business operations as the board evaluates seeking bankruptcy protection. The furlough and cessa…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 4[−]
5 SepExploring the Traits of Effective Chief Audit ExecutivesChief audit executives (CAEs) have identified risk orientation, stakeholder management, and team leadership as the top three characteristics of the most effective individuals, according to Gartner.HELPNETSECURITY.COM
5 SepNew Python Variant of Chaes Malware Targets Banking and Logistics IndustriesBanking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes. "It has undergone major overhauls: from being rewritten entirely in Python, which resulted in lower detection rates by traditional defense systems, to a comprehensive redesig…THEHACKERNEWS.COM
5 SepNew Chaes Malware Variant Targeting Financial and Logistics CustomersThis new variant, primarily targeting logistics and financial sectors, has undergone significant changes, including being rewritten in Python, enhanced communication protocols, and new modules.MORPHISEC.COM
5 SepChaes malware now uses Google Chrome DevTools Protocol to steal dataThe Chaes malware has returned as a new, more advanced variant that includes a custom implementation of the Google DevTools protocol for direct access to the victim's browser functions, allowing it to steal data using WebSockets. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 12[−]
5 SepThetaRay nabs $57M for AI tools to ID and fight money launderingMoney laundering — the process of transferring assets around in order to disguise the illicit origin of the money behind them — has been a huge and growing business for years, used by terrorists to finance their work, criminals to wash their spoils, (some) fat cats to…TECHCRUNCH.COM
5 SepAttackers Access Military Data Through Attack on Fencing Supplier ZaunWhile the supplier, Zaun, said it believed that no classified information was downloaded, reports indicated that attackers were able to obtain data that could be used to gain access to some of the UK's most sensitive military and research sites.THEREGISTER.COM
5 SepGerman Financial Agency Site Disrupted by DDoS Attack Since FridayThe German Federal Financial Supervisory Authority (BaFin) announced today that an ongoing distributed denial-of-service (DDoS) attack has been impacting its website since Friday.BLEEPINGCOMPUTER.COM
5 SepWay Too Vulnerable: Join this Webinar to Understand and Strengthen Identity Attack SurfaceIn today's digital age, it's not just about being online but how securely your organization operates online. Regardless of size or industry, every organization heavily depends on digital assets. The digital realm is where business takes place, from financial transactions to confi…THEHACKERNEWS.COM
5 SepCybercriminals Use Research Contests to Create New Attack MethodsThe contests mirror legitimate security conference ‘Call For Papers’ and provide the winners considerable financial rewards, recognition from peers, and also, potential jobs.HELPNETSECURITY.COM
5 SepSwedish Insurer Trygg-Hansa Fined $3M for Exposing Data of 650,000 Clients for Two YearsAbout 650,000 customers have been impacted. The information exposed included personal data, health information, condition details, financial information, contact details, Social Security numbers, and insurance details.BLEEPINGCOMPUTER.COM
5 SepContinuous Security: PTaaS Bridges the Gap within Application SecurityHow do you choose between Penetration Testing as a Service (PTaaS) or traditional web application pen testing? Learn more from Outpost24 on the differences between both pentesting methods. [...]BLEEPINGCOMPUTER.COM
5 SepHacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-upsThanks to a popular and relatively cheap hacking tool, hackers can spam your iPhone with annoying pop-ups prompting you to connect to a nearby AirTag, Apple TV, AirPods, and other Apple devices. A security researcher who asked to be referred to as only Anthony demonstrated this a…TECHCRUNCH.COM
5 SepWhy Tenable Is Eyeing Security Vendor Ermetic at Up to $350MErmetic Is in Line for a 9-Figure Deal Just 40 Months After Emerging From Stealth A startup founded by the longtime leader of Secdo and backed by the likes of Qumra Capital and Accel could soon be acquired by Tenable. The company is in advanced negotiations to purchase cloud infr…DATABREACHTODAY.CO.UK