Zscaler says that they discovered an exposed “test environment” that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company’s systems. […]
University System of Georgia: 800K exposed in 2023 MOVEit attack
The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks. […]
Ascension healthcare takes systems offline after cyberattack
Ascension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a “cyber security event.” […]
Stack Overflow suspends user for editing posts in OpenAI protest
A recent partnership announcement between OpenAI and Stack Overflow has some members concerned that their data is being used without permission and, when trying to remove their posts, find their accounts are suspended. […]
New BIG-IP Next Central Manager bugs allow device takeover
F5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create rogue accounts on any managed assets. […]
FBI warns of gift card fraud ring targeting retail companies
The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024. […]
City of Wichita breach claimed by LockBit ransomware gang
The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City’s authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation. […]
Microsoft: April Windows Server updates also cause crashes, reboots
Microsoft has confirmed that last month’s Windows Server security updates may also cause domain controller reboots after the Local Security Authority Subsystem Service (LSASS) process crashes. […]
Massive webshop fraud ring steals credit cards from 850,000 people
A massive network of 75,000 fake online shops called ‘BogusBazaar’ tricked over 850,000 people in the US and Europe into making purchases, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders. […]
A SaaS Security Challenge: Getting Permissions All in One Place
Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user’s base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of