Security News

The U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for a series of security lapses that led to the breach of nearly two dozen companies across Europe and the U.S. by a China-based...

The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server. OWASP says it discovered the Media Wiki misconfiguration in late February following several support requests.

MarineMax, self-described as one of the world's largest recreational boat and yacht retailers, says attackers stole employee and customer data after breaching its systems in a March cyberattack. The Florida-based yacht seller said in a March 12 SEC filing that it didn't store sensitive data in the compromised systems.

The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security was behind a breach of the country's parliament disclosed in March 2021. As Finnish Parliament officials said three years ago, when describing the incident as a "State cyber-espionage operation" believed to be linked to "The so-called APT31 operation," the attackers gained access to multiple parliament email accounts, including some belonging to Finnish MPs. On Monday, the U.S. Treasury Department's Office of Foreign Assets Control sanctioned two APT31 operatives who worked as contractors for Wuhan XRZ, an OFAC-designated front company used by the Chinese MSS as cover in U.S. critical infrastructure attacks.

Ray is an open-source framework developed by Anyscale that is used to scale AI and Python applications across a cluster of machines for distributed computational workloads. In November 2023, Anyscale disclosed five Ray vulnerabilities, fixing four tracked as CVE-2023-6019, CVE-2023-6020, CVE-2023-6021, and CVE-2023-48023.

Lynis: Open-source security auditing toolLynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. WebCopilot: Open-source automation tool enumerates subdomains, detects bugsWebCopilot is an open-source automation tool that enumerates a target's subdomains and discovers bugs using various free tools. NIST's NVD has encountered a problemWhether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST's National Vulnerability Database is struggling, and it's affecting vulnerability management efforts.

The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG. "The...

A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. Specifically, the hackers have compromised 48 government organizations, 10 of which are Foreign Affairs ministries, and targeted another 49 government agencies.

Fujitsu Limited, the largest Japanese IT services provider, has announced that several of the company's computers have been compromised with malware, leading to a possible data breach. The affected computers have been disconnected and the company has strengthened the monitoring of other business computers, Fujitsu said.

Japanese tech giant Fujitsu discovered that several of its systems were infected by malware and warns that the hackers stole customer data. Fujitsu says it will continue investigating how the malware found its way into business systems and what data it exfiltrated.