Latest Cybersecurity News and Articles


Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

20 March 2024
Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it's rooted in a dependency called org.postgresql:

The Not-so-True People-Search Network from China

20 March 2024
It's not unusual for the data brokers behind people-search websites to use pseudonyms in their day-to-day lives (you would, too). Some of these personal data purveyors even try to reinvent their online identities in a bid to hide their conflicts of interest. But it's not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities.

Research Shows IT and Construction Sectors Hardest Hit By Ransomware

20 March 2024
New research has shed light on the profound impact of ransomware attacks on the IT and construction sectors, revealing that these industries bore the brunt of nearly half of all incidents in 2023.

How Companies Describe Cyber Incidents in SEC Filings

20 March 2024
While the language businesses use in Item 1.05 filings are ultimately crafted to notify regulators and investors of potential risks, these words also signal how a company detects, mitigates, contains, and recovers from cyberattacks.

Lynis: Open-Source Security Auditing Tool

20 March 2024
Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Its main objective is to evaluate security measures and recommend enhancing system hardening.

Microsoft Announces Deprecation of 1024-Bit RSA Keys in Windows

20 March 2024
1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor. Experts in the field consider 2048-bit keys safe until at least 2030.

The Power Shift – Changing global influence in a year of elections

20 March 2024
In episode 21 of the Cybersecurity & Geopolitical Discussion, our trio of hosts discuss how modern forces manifest, how much power is truly being wielded, and what effect it is likely to have on a year of elections.

New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems

20 March 2024
A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk. Called Loop DoS attacks, the approach pairs "servers of these protocols in such a way that they communicate with each other indefinitely," researchers from the CISPA Helmholtz-Center for

North Korea-Linked Group Levels Multistage Cyberattack on South Korea

20 March 2024
North Korea-linked threat group Kimsuky has adopted a longer, eight-stage attack chain that abuses legitimate cloud services and employs evasive malware to conduct cyber espionage and financial crimes against South Korean entities.

Cash-Strapped Women's Clinic Sues UnitedHealth Over Attack

20 March 2024
The lawsuit alleges that disruption in claims processing caused by the cyberattack on the company's Change Healthcare unit and ongoing IT outage is threatening to push the clinic and other providers into bankruptcy.

15% of adults have been targeted by inheritance scams

20 March 2024
Payment and financial scams were analyzed in a recent report by Visa, finding that adults were losing more money to scams from June to December 2023.

Russia-Linked APT28 Targets Victims Worldwide for Intelligence Gathering

20 March 2024
Fancy Bear has utilized at least 11 unique lures in campaigns targeting organizations in Argentina, Ukraine, Georgia, Belarus, Kazakhstan, Poland, Armenia, Azerbaijan, and the United States.

Infosec Teams Must be Allowed to Fail, Argues Gartner

20 March 2024
Zero tolerance of failure by infosec professionals is unrealistic, and makes it harder for cybersecurity folk to do the essential part of their job: recovering fast from inevitable attacks, according to Gartner analysts Chris Mixter and Dennis Xu.

Pokémon Resets Some Users’ Passwords After Hacking Attempts

20 March 2024
“The account system was not compromised. What we did experience and catch was an attempt to log in to some accounts. To protect our customers we have reset some passwords which prompted the message,” said Daniel Benkwitt, a company spokesperson said.

50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty

20 March 2024
The DoD Cyber Crime Center (DC3) reported on March 15, 2024, that it processed its 50,000th vulnerability since introducing its crowd-sourced ethical hacking scheme in November 2016.

TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types

20 March 2024
Threat actors can exploit CVE-2024-27198 to perform a variety of malicious operations, including dropping the Jasmin ransomware, XMRig miner, Cobalt Strike beacons, SparkRAT backdoor, and executing domain discovery and persistence commands.

Ransomware Groups: Trust Us. Uh, Don't.

20 March 2024
Double extortion demands from ransomware groups aren't subtle: Pay us, or we'll publish stolen internal data for all the world to see. Being listed on the group's dark web leak sites is an intermediary step.

A new report predicts the threats that will be most prevalent in 2024

20 March 2024
A recent report has analyzed emerging threat trends as well as potential trends that may grow in influence in the coming months. 

Pharmaceutical Development Company Investigating Cyberattack After LockBit Posting

20 March 2024
A Nasdaq-listed pharmaceutical development company said it is investigating a cybersecurity incident following claims from the LockBit ransomware gang that data was stolen.

Ransomware Payment Debate Resurfaces Amid Change Healthcare Incident

20 March 2024
A hotly debated flashpoint in the cybersecurity community is getting renewed attention as healthcare stakeholders work to rebound from a major ransomware attack that’s roiled the U.S. health insurance market over the past month.