Aggregator

Ransomware Gang Daixin Claims It Published Sensitive Patient Info on Dark Web Site
A Louisiana-based ambulance company that provides emergency medical care services in four states is notifying nearly 3 million people that their sensitive health information was potentially stolen in a June hack. Ransomware gang Daixin claims to have published the data on its dark web leak site.

Victims Reported $5.6 Billion in Financial Losses Associated With Crypto Schemes
The FBI's Internet Crime Complaint Center on Monday issued a report revealing victims filed more than 69,000 public complaints related to cryptocurrency fraud and $5.6 billion in financial losses in 2023, while investment scams made up the bulk of losses throughout the year.

Threat Actor Is Likely a Beijing Cyberespionage Operator
A Chinese-speaking hacking group is targeting drone manufacturers in Taiwan and other military-related industries on the island country located roughly 100 miles from mainland China. Trend Micro on Friday said it tracks the threat actor as "Tidrone."

COO Jill Popelka Promoted to Chief Executive as Thoma Bravo Acquisition Nears Close
Darktrace has promoted COO Jill Popelka to CEO, replacing long-time leader Poppy Gustafsson. As the cybersecurity AI vendor prepares to finalize its sale to Thoma Bravo, Popelka will steer Darktrace into its next phase of growth. Gustafsson will join the board as a non-executive director.

A vulnerability has been found in Apple macOS up to 10.13.1 and classified as very critical. This vulnerability affects unknown code of the component tcpdump. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-13055. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks. [...]

The Quad7 botnet is expanding its targeting scope with the addition of new clusters and custom implants that now also target Zyxel VPN appliances and Ruckus wireless routers. [...]

A vulnerability classified as critical was found in TuCarro 2.0.5. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-6015. The attack can only be initiated within the local network. There is no exploit available.

Workers now supports more NPM packages and Node.js APIs using an overhauled hybrid compatibility layer.

Join Eclypsium Product Manager, Joe Hopp, for an overview of new product updates and a preview of the features and solutions on the Eclypsium Supply Chain Security Platform roadmap.

The post Eclypsium Product Roadmap appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Eclypsium Product Roadmap appeared first on Security Boulevard.

CISA has added CVE-2024-40766 to its Known Exploited Vulnerabilities catalog.

A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2024-3272. The attack may be initiated remotely. Furthermore, there is an exploit available. Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. It is recommended to replace the affected component with an alternative.

A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2024-3273. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. It is recommended to replace the affected component with an alternative.

A vulnerability, which was classified as problematic, was found in Google Android. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-29745. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.