TellYouthePass Ransomware Group Exploits Critical PHP Flaw
An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface.
darkreading – Read More
Businesses’ cloud security fails are ‘concerning’ – as AI threats accelerate
Not enough organizations are conducting regular audits to ensure their cloud environments are secured.
Latest stories for ZDNET in Security – Read More
Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited
Microsoft’s June 2024 Patch Tuesday updates resolve a zero-click Outlook vulnerability leading to remote code execution.
The post Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited appeared first on SecurityWeek.
SecurityWeek – Read More
Why CIO & CISO Collaboration Is Key to Organizational Resilience
Alignment between these domains is quickly becoming a strategic imperative.
darkreading – Read More
Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters
Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency.
Cloud security firm Wiz, which shed light on the activity, said it’s an updated variant of a financially motivated operation that was first documented by CrowdStrike in March 2023.
“In this incident, the threat actor abused anonymous access to an
The Hacker News – Read More
Verizon exec reveals responsible AI strategy amid ‘Wild West’ landscape
Verizon’s exec leading AI for network enablement, Michael Raj, said that the field of AI auditing is still in its early stages and that companies need to accelerate their efforts. The steady drumbeat of big mistakes by customer support AI agents, for example from big names like Chevy, Air Canada, and even New York City, or even by leading LLM providers like Google, which featured black Nazis, has brought a renewed focus on the need for more reliability.Read More
Security News | VentureBeat – Read More
Fortinet Patches Code Execution Vulnerability in FortiOS
Fortinet has patched multiple vulnerabilities in FortiOS, including a high-severity code execution security flaw.
The post Fortinet Patches Code Execution Vulnerability in FortiOS appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware Group May Have Exploited Windows Vulnerability as Zero-Day
The Black Basta ransomware gang may have exploited the Windows privilege escalation flaw CVE-2024-26169 before it was patched.
The post Ransomware Group May Have Exploited Windows Vulnerability as Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More
Lessons from the Ticketmaster-Snowflake Breach
Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million Ticketmaster users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of the live event company’s clientele, igniting a firestorm of concern and outrage.
A massive data breach
Let’s
The Hacker News – Read More
Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw
Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as zero-day, according to new findings from Symantec.
The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the Windows Error Reporting Service that could be exploited to achieve SYSTEM
The Hacker News – Read More