Recent Security News

  • Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

    February 13, 2024 at 06:39AM The Midnight Blizzard and Cloudflare-Atlassian cyber incidents highlight the vulnerabilities in major SaaS platforms and the complex security challenges they face. Russian hackers breached Microsoft by leveraging legacy accounts and OAuth tokens. Cloudflare’s Atlassian systems were compromised due to unchanged Okta credentials. Such breaches emphasize the need for continuous monitoring…

    Read More

  • Ransomware Attack Knocks 100 Romanian Hospitals Offline

    February 13, 2024 at 06:33AM A file-encrypting ransomware attack on the Hipocrate Information System (HIS) in Romania has led to data encryption in 26 hospitals. As a result, hospitals are resorting to pen and paper for record keeping. The attackers have demanded a 3.5 Bitcoin ransom, but DNSC advises against paying. Affected facilities are following…

    Read More

  • CISA Warns of Roundcube Webmail Vulnerability Exploitation

    February 13, 2024 at 06:33AM CISA has included the CVE-2023-43770 Roundcube flaw in its exploited vulnerabilities catalog, raising concern over potential exploitation. This warning was conveyed in a post on SecurityWeek. As an executive assistant with expertise in generating clear takeaways from meeting notes, I would translate the information as follows: “In a recent update,…

    Read More

  • Meta says risk of account theft after phone number recycling isn’t its problem to solve

    February 13, 2024 at 03:30AM Meta has acknowledged the potential for account takeovers due to the reuse of phone numbers, particularly after being abandoned for at least 45 days. This issue implicates telecom companies’ phone number recycling practices, leading to security and privacy risks. Despite reports and attempts to address the issue, Meta has declined…

    Read More

  • Ivanti Vulnerability Exploited to Install ‘DSLog’ Backdoor on 670+ IT Infrastructures

    February 13, 2024 at 02:15AM Threat actors are exploiting a security flaw in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor called DSLog. The flaw (CVE-2024-21893) allows access to restricted resources without authentication. Orange Cyberdefense observed attacks targeting an unnamed customer and recommends factory resetting Ivanti devices to prevent continued exploitation.…

    Read More