2024年2月6日 · Through the injection of malicious SQL queries, the threat actor was able to retrieve databases containing close to 2.2 million rows, more than 500,000 of which represented user data from employment websites.

2024年12月9日 · Deloitte issued a response after the Brain Cipher ransomware group claimed to have stolen over 1 Tb of information belonging to the company.

2025年1月9日 · SonicWall has released patches for multiple vulnerabilities in SonicOS, including high-severity authentication bypass flaws. SonicWall this week announced patches for multiple vulnerabilities in its firewalls, including two high-severity flaws that could lead to authentication bypass. Tracked as CVE ...

2025年1月8日 · All supported Google devices, the internet giant says, will receive an update to the 2025-01-05 patch level, which includes patches for CVE-2024-53842 and for all the vulnerabilities described in Android’s January 2025 security bulletin.

5 天之前 · SecurityWeek provides cybersecurity news and information to global enterprises, with expert insights & analysis for IT security professionals

2024年6月14日 · The WithSecure research also delves into the criminal attraction toward edge-related mass exploitation. The primary driver is simple and obvious: mass exploitation involves multiple victims from a single exploit methodology across multiple targets, or multiple victims from a single compromise.

2024年12月30日 · The US Department of Justice has issued a final rule carrying out Executive Order (EO) 14117, which addresses the risk of Americans’ bulk sensitive personal data being accessed and exploited by China, Russia, and other foreign adversaries.. Also covering certain US government-related data, the final rule (PDF) and the executive order aim to prevent data brokers from providing Americans ...

2024年9月27日 · The most common AD compromise techniques, the document shows, include Kerberoasting, AS-REP roasting, password spraying, MachineAccountQuota compromise, unconstrained delegation exploitation, GPP passwords compromise, certificate services compromise, Golden Certificate, DCSync, dumping ntds.dit, Golden Ticket, Silver Ticket, Golden SAML, Microsoft Entra Connect compromise, one-way domain trust ...

2024年8月7日 · Two things standout. Firstly, the consistently high activity from the LockBit group until it suddenly tails off in June. It was in June that the FBI announced it had obtained 7,000 LockBit decryption keys. “There’s a lot going on with LockBit at the moment,” explained Beek.

2024年10月2日 · New guidance from government agencies in the US and allied countries provides organizations with details on how to design, implement, and manage safe and secure operational technology (OT) environments.