The Information Highway

A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP.

Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources.

The WebTPA Employer Services (WebTPA) data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes.

The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks. 

Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor.

Over the past year, we've witnessed an explosive growth spurt in consumer-focused AI productivity tools that has once again transformed the way we work. Once the realm of data science and engineering teams, generative AI was packaged and delivered to the masses in 2023.

Threat update

This Cybersecurity Threat Advisory breaks down multiple critical vulnerabilities in the Cacti framework, an open-source network monitoring and fault management tool. Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code and compromise network infrastructure.

Threat update

 A critical vulnerability in GitLab, labeled CVE-2023-7028, is under active attack by threat actors to achieve account takeover, as reported by the Cybersecurity and Infrastructure Security Agency (CISA).

Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks.

Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities.

Have I Been Pwned has added the information for 26,818,266 people whose data was leaked in a recent hack of The Post Millennial conservative news website.

CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024.

Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS.

The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. 

The Ohio Lottery is sending data breach notification letters to over 538,000 individuals affected by a cyberattack that hit the organization's systems on Christmas Eve.

Project management platform Monday.com has removed its "Share Update" feature after threat actors abused it in phishing attacks. 

Threat update

HPE Aruba Networking has disclosed that critical remote code execution (RCE) vulnerabilities are impacting multiple versions of ArubaOS. Out of the ten vulnerabilities found, four pose critical risks of unauthenticated buffer overflows in various services.

The City of Wichita, Kansas, disclosed it was forced to shut down portions of its network after suffering a weekend ransomware attack.

Threat update

A critical security flaw known as CVE-2024-27322 with a CVSS score of 8.8, has been discovered within the R programming language. Attackers can craft malicious RDS files or R packages that embed arbitrary R code. 

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option.