Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning. […]
CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes
CrowdStrike says it has revamped several testing, validation, and update rollout processes to prevent a repeat of the July BSOD incident.
The post CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes appeared first on SecurityWeek.
U.S. govt agency CMS says data breach impacted 3.1 million people
The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year. […]
Infostealer malware bypasses Chrome’s new cookie-theft defenses
Infostealer malware developers released updates claiming to bypass Google Chrome’s recently introduced feature App-Bound Encryption to protect sensitive data such as cookies. […]
Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities
Bitsight finds critical vulnerabilities in several automatic tank gauge (ATG) products used in various critical infrastructure sectors.
The post Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities appeared first on SecurityWeek.
Critical Ivanti vTM auth bypass bug now exploited in attacks
CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks. […]
Hackers deploy AI-written malware in targeted attacks
While cybercriminals have used generative AI technology to create convincing emails, government agencies have warned about the potential abuse of AI tools to creating malicious software, despite the safeguards and restrictions that vendors implemented. […]
AI-Generated Malware Found in the Wild
HP has intercepted an email campaign comprising a standard malware payload delivered by an AI-generated dropper.
The post AI-Generated Malware Found in the Wild appeared first on SecurityWeek.
Necro Android Malware Found in Popular Camera and Browser Apps on Play Store
Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of a known malware loader called Necro.
Kaspersky said some of the malicious apps have also been found on the Google Play Store. They have been cumulatively downloaded 11 million times. They include –
Kaspersky said some of the malicious apps have also been found on the Google Play Store. They have been cumulatively downloaded 11 million times. They include –
Wuta Camera – Nice Shot Always (com.benqu.wuta) – 10+ million
Microsoft Names Deputy CISOs, Governance Council to Manage Security Push
Microsoft says each Deputy CISO will oversee specific domains, ranging from gaming and cloud security to AI and government systems.
The post Microsoft Names Deputy CISOs, Governance Council to Manage Security Push appeared first on SecurityWeek.