Jun 12, 2024NewsroomRansomware / Endpoint Security Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the…
Read MoreLast week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million Ticketmaster users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of the live event company’s clientele, igniting a firestorm of concern and outrage.…
Read More23andMe, the California-based company which sells DNA testing kits to help people learn about their ancestry and potential health risks, is facing scrutiny from British and Canadian data protection authorities following a security breach that saw hackers compromise the personal data of nearly seven million users. As we have previously reported, hackers published the data…
Read MoreUsing AI for Political Polling Public polling is a critical function of modern political campaigns and movements, but it isn’t what it once was. Recent US election cycles have produced copious postmortems explaining both the successes and the flaws of public polling. There are two main reasons polling fails. First, nonresponse has skyrocketed. It’s radically…
Read MoreJun 12, 2024Newsroom State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader impact than previously known. “The state actor behind this campaign was already aware of this vulnerability in FortiGate systems at…
Read MoreJun 12, 2024NewsroomCyber Attack / Malware Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. “WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional payloads,” Elastic Security Labs researcher Daniel Stepanic said in…
Read MoreLet’s talk about pedigree. With more and more applications going through automated screening, the lack of one or another facet, such as a college education, continues to reject well-qualified candidates and sends their applications to the trash. I recall my own experience from some years ago when I was engaged in the final series of…
Read MoreHealthcare increasingly under attack Such secondary scams are becoming increasingly commonplace and healthcare providers are particularly at risk, according to compliance experts. Victoria Hordern, a partner at international law firm Taylor Wessing’s technology, IP, and information team, told CSOonline: “A health data leak is a tantalizing prospect for a cybercriminal intending to carry out a…
Read MoreA Unified Communication Certificate (UCC), also known as a Multi-Domain SSL or SAN certificate, offers a streamlined and cost-effective solution. Originally designed for Microsoft Exchange and Office Communication servers, UCC SSL certificates allow you to secure up to 250 domains with a single certificate. This article explores the benefits and workings of UCC SSL certificates.…
Read MoreJun 12, 2024NewsroomPatch Tuesday / Vulnerability Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month.…
Read More