Patch/Configuration Management

Widely used workplace time tracking and productivity monitoring software WorkComposer had over 21 million screenshots of employee devices unintentionally leaked by an unprotected Amazon S3 bucket, Cybernews reports.

Major health insurance provider Blue Shield of California has disclosed having sensitive data from 4.7 million individuals inadvertently shared with Google Ads for nearly three years, according to The Record, a news site by cybersecurity firm Recorded Future.

Tenable researchers say “ConfusedComposer” highlights how attackers can exploit cloud service permissions.

Threat operation Larva-24005, which is associated with North Korean state-backed advanced persistent threat group Kimsuky, has been leveraging the critical Microsoft Remote Desktop Services flaw BlueKeep, also tracked as CVE-2019-0708, and the high-severity Microsoft Office Equation Editor vulnerability, tracked as CVE-2017-11882, to infiltrate organizations in Japan and South Korea, with the latter's financial, energy, and software sectors targeted since October 2023, The Hacker News reports.

What a time to have this conversation! Mere days from the certain destruction of CVE, averted only in the 11th hour, we have a chat about vulnerability management lifecycles. CVEs are definitely part of them. Vulnerability management is very much a hot mess at the moment for many reasons. Even with perfectly stable support from the institutions t...

Attacks targeting government and contractor companies in Poland and Romania via NTLM exploit.

Active exploitation of the nearly half a decade-old high-severity SonicWall SMA100 remote-access appliance operating system command injection flaw, tracked as CVE-2021-20035, has been disclosed by SonicWall upon notification from one of its partners, Cybersecurity Dive reports.