The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands. […]
Clop ransomware threatens 66 Cleo attack victims with data leak
The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands. […]
American Addiction Centers Data Breach Impacts 422,000 People
American Addiction Centers says the personal information of more than 422,000 people was stolen in a data breach.
The post American Addiction Centers Data Breach Impacts 422,000 People appeared first on SecurityWeek.
2025 NDAA Provides $3 Billion Funding for FCC’s Rip-and-Replace Program
The 2025 National Defense Authorization Act (NDAA) has been signed into law and it authorizes several cyber-related initiatives.
The post 2025 NDAA Provides $3 Billion Funding for FCC’s Rip-and-Replace Program appeared first on SecurityWeek.
Adobe Patches ColdFusion Flaw at High Risk of Exploitation
Adobe has released patches for a high-severity ColdFusion vulnerability for which proof-of-concept (PoC) code exists.
The post Adobe Patches ColdFusion Flaw at High Risk of Exploitation appeared first on SecurityWeek.
North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin
Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors.
“The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces,” the agencies said. “TraderTraitor activity is often characterized by targeted social
“The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces,” the agencies said. “TraderTraitor activity is often characterized by targeted social
CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.
The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that
The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions.
The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that
The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that
Adobe warns of critical ColdFusion bug with PoC exploit code
Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept exploit code. […]
FTC orders Marriott and Starwood to implement strict data security
The Federal Trade Commission (FTC) has ordered Marriott International and Starwood Hotels to define and implement a robust customer data security scheme following failures that led to massive data breaches. […]