Security News > 2023 > July

CISA ordered federal agencies to mitigate remote code execution zero-days affecting Windows and Office products that were exploited by the Russian-based RomCom cybercriminal group in NATO phishing attacks.Under the binding operational directive issued in November 2021, U.S. Federal Civilian Executive Branch Agencies are now required to secure Windows devices on their networks against attacks exploiting CVE-2023-36884.

Conor Brian Fitzpatrick, the owner of the now-defunct BreachForums website, has pleaded guilty to charges related to his operation of the cybercrime forum as well as having child pornography images. The development, first reported by DataBreaches.net last week, comes nearly four months after Fitzpatrick was formally charged in the U.S. with conspiracy to commit access device fraud and possession of child pornography.

Threat actors are actively exploiting a recently disclosed critical security flaw in the WooCommerce Payments WordPress plugin as part of a massive targeted campaign. "Large-scale attacks against the vulnerability, assigned CVE-2023-28121, began on Thursday, July 14, 2023 and continued over the weekend, peaking at 1.3 million attacks against 157,000 sites on Saturday, July 16, 2023," Wordfence security researcher Ram Gall said in a Monday post.

Red Siege has developed and made available many open-source tools to help with your penetration testing work. The company plans to continue to support the tools listed below, whether in the form of bug fixes or new features.

Consumer expectations will reshape the needs and economics of the internet, according to Cisco. People in EMEA are rethinking what they rely on the internet for, balancing classic demands for...

In an era where cyber threats continue to evolve, healthcare organizations are increasingly targeted by malicious actors employing multiple attack vectors, according to Trustwave. "Protecting the supply chain and maintaining business continuity are critical considerations across most industries, but healthcare cyber leaders encounter distinct challenges in safeguarding patient well-being, maintaining quality of care, and enabling healthcare professionals to leverage cutting-edge digital technologies to perform at the highest level," said Trustwave CISO Kory Daniels.

A little over a week after JumpCloud reset API keys of customers impacted by a security incident, the company said the intrusion was the work of a sophisticated nation-state actor. The adversary "Gained unauthorized access to our systems to target a small and specific set of our customers," Bob Phan, chief information security officer at JumpCloud, said in a post-mortem report.

The number of data compromises reported in the U.S. in the H1 of 2023 is higher than the total compromises reported every year between 2005 and 2020, except for 2017, according to Identity Theft Resource Center. For the H1 ending June 30, 2023, there were 1,393 data compromises reported, including 951 in the Q2. Since 2005, only the full years of 2017, 2021 and 2022 have exceeded the number of compromises recorded in the first six months of 2023.

Sponsored Post Kroll's latest State of Incident Response: APAC report suggests that over half of all organizations in Asia Pacific have experienced a cyber incident, of which a third have suffered multiple incidents. Kroll's research indicates that 36 percent of the Asia Pacific organizations it surveyed appear not to have an incident response plan to mitigate and neutralize threats in place should incidents occur, which leaves them vulnerable to further attacks, predicts the company.

Mil US military addresses were actually directed at. As a result of that one-character typo, medical data, identity documents, maps of military installations, travel itineraries, bookings for high-ranking military leaders, and more have been fired off at.