Cybersecurity experts have uncovered a new, previously unrecorded Windows backdoor, identified as BITSLOTH, which exploits a built-in feature of Windows known as Background Intelligent Transfer Service (BITS) for its command-and-control (C2) operations. Discovered by Elastic Security Labs on June 25, 2024, the malware is linked to a cyber assault on…
Data Breach Affects Over 940,000 Medicare Beneficiaries The Centers for Medicare & Medicaid Services (CMS) and its contractor, Wisconsin Physicians Service Insurance Corporation (WPS), have recently disseminated notifications to more than 940,000 Medicare beneficiaries regarding a significant data breach that potentially compromised their protected health information (PHI) and personally identifiable…
Heightened Security Concerns for Software Supply Chains Amid Growing Attacks The increasing scrutiny from regulators and the rising legal requirements on software development organizations highlight a crucial responsibility—the need to safeguard their software supply chains effectively. Recent years have seen a marked rise in attacks targeting these supply chains, with…
In a concerning development for users of Atlassian Confluence Data Center and Confluence Server, a critical security vulnerability has emerged. This flaw, designated as CVE-2023-22527 with a CVSS score of 10.0, affects versions of the software released prior to December 5, 2023, as well as version 8.4.5. Exploiting this vulnerability…
In a significant cybersecurity oversight, Meta disclosed a failure to adequately protect the passwords of hundreds of millions of users, raising alarms about its data protection practices. The incident, which came to light in 2019, highlights the critical importance of employing robust hashing algorithms in safeguarding sensitive user information. Hashing,…
In an era defined by digital interconnectedness, cybercriminals are increasingly targeting major global events through advanced cyber attacks. These malicious actions are often motivated by a desire for notoriety or as a means to raise awareness on critical national or international issues. A prominent example of this trend surfaced with…
AI-Driven Cloud Security Firm Stream.Security Secures $30 Million Investment for Growth Stream.Security, a cloud security startup spearheaded by a former Nvidia executive, has successfully completed a Series B funding round, raising $30 million. This investment is aimed at enhancing product capabilities, particularly in the areas of auto-remediation and hybrid cloud…
In what has been recognized as the largest data breach to date, Yahoo is facing a significant existential challenge following the disclosure that approximately 500 million user accounts have been compromised. This incident complicates matters for the company, which has already been grappling with a noticeable decline in email traffic.…
BlackSuit Ransomware Demands Soar, Targeting Critical Infrastructure The BlackSuit ransomware strain has made headlines with exorbitant ransom demands, reaching as high as $500 million, including an individual request for $60 million. This alarming trend was highlighted in a recent advisory by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and…
