Latest Cybersecurity News and Articles


Cisco Warns of Password-Spraying Attacks Targeting Secure Firewall Devices

29 March 2024
The company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services. The IT giant pointed out that the attacks are also targeting third-party VPN concentrators.

Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds

29 March 2024
Security vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, sshell, and Will Caruana. They were reported to the Zurich-based

PyPI Suspends New User Registration to Block Malware Campaign

29 March 2024
With thousands of packages available, the repository is an attractive target for threat actors, who often upload typosquatted or fake packages to compromise software developers and potential supply-chain attacks.

Update: Harvard Pilgrim Health Network Updates Data Breach Total to Nearly 2.9 Million

29 March 2024
Harvard Pilgrim said the files involved may contain personal data and protected health information on current and former subscribers and dependents, as well as current contracted providers.

Several ImageMagick Vulnerabilities Addressed in Ubuntu

29 March 2024
The vulnerabilities addressed by the updates impact several Ubuntu releases, including Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu 23.10, Ubuntu 23.04, Ubuntu 18.04, and Ubuntu 16.04.

Large Trove of UK Student Records Leaked Due to School Software Server Misconfiguration

29 March 2024
According to researcher Jeremiah Fowler, the server was affiliated with OTrack, also known as Optimum Pupil/Sonar Tracker, developed by Juniper Education. OTrack is utilized by over 7,000 primary and secondary schools across the United Kingdom.

Attackers Increasingly Exploit Enterprise Tech Zero-Days

29 March 2024
The discovery and exploitation of zero-day vulnerabilities in enterprise-specific software and appliances appears to be outpacing the leveraging of zero-day bugs overall, judging by Google's latest research.

CISA Issues Notice for Long-Awaited Critical Infrastructure Reporting Requirements

29 March 2024
The Cybersecurity and Infrastructure Security Agency (CISA) posted the 447-page set of regulations under the Cyber Incident Reporting for Critical Infrastructure Act to the Federal Register, allowing the public to comment on it.

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

29 March 2024
A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024," the Black Lotus Labs team at Lumen

New, sophisticated phishing-as-a-service platform discovered

29 March 2024
A new phishing-as-a-service platform has been discovered, and researchers are discussing how it works. 

Retail Chain Hot Topic Hit by New Credential Stuffing Attacks

29 March 2024
Breach notification letters sent to potentially impacted customers this week reveal that attackers targeted Hot Topic Rewards accounts in automated attacks using login information obtained from an unknown source.

Binarly Closes $10.5M Seed Financing

29 March 2024
The round was led by Two Bear Capital, with participation from Blu Ventures, Canaan Partners, Cisco Investments, and Liquid 2 Ventures. Pre-seed investors Westwave Capital and Acrobator Ventures also expanded their equity positions.

The Golden Age of Automated Penetration Testing is Here

29 March 2024
Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often misses opportunities to find and fix security issues early on, leaving businesses vulnerable to

Apple Users Deluged by Phony Password Reset Requests

29 March 2024
First called out on X/Twitter by AI entrepreneur Parth Patel – and confirmed to be happening to others by security blogger Brian Krebs – the campaign appears to be targeting specific individuals, who are flooded with password reset requests.

New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking

29 March 2024
Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape by security researcher Skyler Ferrante. It has been described as a case of improper

Bedrock Security Raises $10M in Seed Funding

29 March 2024
Bedrock Security, a Menlo Park, CA-based data security company, raised $10M in Seed funding. The round was led by Greylock. The company intends to use the funds to expand operations and development efforts.

Decade-Old Linux ‘Wall’ Bug Helps Make Fake SUDO Prompts, Steal Passwords

29 March 2024
Tracked as CVE-2024-28085, the security issue has been dubbed WallEscape and has been present in every version of the package for the past 11 years up to 2.40 released yesterday.

Cisco Addressed High-Severity Flaws in IOS and IOS XE Software

29 March 2024
Cisco this week released patches to address multiple IOS and IOS XE software vulnerabilities. An unauthenticated attacker can exploit several issues fixed by the IT giant to cause a denial-of-service (DoS) condition.

Update: UnitedHealth Admits Patient Data was 'Taken' in Mega Attack

29 March 2024
UnitedHealth Group has publicly acknowledged that data was "taken" in the cyberattack on its Change Healthcare unit and said it has started analyzing the types of sensitive personal, financial, and health information potentially compromised.

Nvidia's Newborn ChatRTX Bot Patched for Security Bugs

29 March 2024
Nvidia's AI-powered ChatRTX app launched just six week ago but already has received patches for two security vulnerabilities that enabled attack vectors, including privilege escalation and remote code execution.