PowerSchool says the personal information of students and educators was stolen in a December 2024 data breach.
The post Students, Educators Impacted by PowerSchool Data Breach appeared first on SecurityWeek.
Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties
A former analyst working for the U.S. Central Intelligence Agency (CIA) pleaded guilty to transmitting top secret National Defense Information (NDI) to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity.
Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and had a Top Secret security clearance with access to
Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and had a Top Secret security clearance with access to
HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects
Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, “Were all functionalities of the web app tested?” or ” Were there any security issues that could have been identified during testing?” often go unresolved, raising concerns about the thoroughness of the security testing. This frustration is common among many security teams. Pentest
PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers
Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT.
The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week.
The infection chain commences with a phishing
The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week.
The infection chain commences with a phishing
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests.
The AnyDesk requests claim to be for conducting an audit to assess the “level of security,” CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to
The AnyDesk requests claim to be for conducting an audit to assess the “level of security,” CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to
Microsoft: Exchange 2016 and 2019 reach end of support in October
​Microsoft has reminded admins that Exchange 2016 and Exchange 2019 will reach the end of extended support in October and shared guidance for those who need to decommission outdated servers. […]
HPE investigates breach as hacker claims to steal source code
Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company’s developer environments. […]
Microsoft fixes Windows Server 2022 bug breaking device boot
Microsoft has fixed a bug that was causing some Windows Server 2022 systems with two or more NUMA nodes to fail to start up. […]
Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes
Marco Raquan Honesty has pleaded guilty to his roles in several fraud schemes, including smishing, identity theft, and bank account takeover.
The post Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes appeared first on SecurityWeek.
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks.
“Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in a study, as part of a collaboration with KU Leuven professor
“Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in a study, as part of a collaboration with KU Leuven professor