Hackers Exploit Progress MOVEit File Transfer Vulnerability

Michael Novinson • June 1, 2023

Hackers have exploited a critical zero-day vulnerability in Progress Software's managed file transfer offering in several customer environments. Progress warned of a critical SQL injection vulnerability in MOVEit Transfer that allows for "escalated privileges and potential unauthorized access."

Fraud Management & Cybercrime

Dental Health Insurer Hack Affects Nearly 9 Million

Latest

Endpoint Protection Platforms (EPP)

SentinelOne Lays Off 5% of Staff as Data Consumption Tumbles

Michael Novinson • June 1, 2023

SentinelOne plans to ax approximately 105 workers after a significant drop in data usage for products with consumption-based pricing caused revenue to fall short of expectations. The company revealed plans to reduce its staff by 5% to remain on track with achieving non-GAAP profitability next year.

Endpoint Security

Kaspersky Discloses Apple Zero Click Malware

Akshaya Asokan • June 1, 2023

Russian cybersecurity firm Kaspersky disclosed iOS zero click malware on the same day the Kremlin claimed it uncovered a U.S. intelligence smartphone spy campaign. "We have never worked with any government to insert a backdoor into any Apple product and never will," an Apple spokesperson said.

Fraud Management & Cybercrime

Breach Roundup: Amazon Settles US FTC Investigations

Prajeet Nair • June 1, 2023

This week: Amazon settled privacy and cybersecurity investigations with the U.S. FTC, SAS received a $3 million extortion demand and apparently Ukrainian hacktivists penetrated Russia's Skolkovo Foundation. Plus, breaches at Onix Group and Toyota and a warning about Salesforce "ghost sites."

Fraud Management & Cybercrime

After Ransomware Attack, Oakland Faces Data Breach Lawsuit

Mathew J. Schwartz • June 1, 2023

A flurry of legal complaints and lawsuits have been filed against the city of Oakland, California, after it fell victim to a ransomware attack. The Play group claimed credit for the attack and posted some of stolen information, which includes personal details, ID numbers and health information.

Blockchain & Cryptocurrency

Cryptohack Roundup: Hacker Yields Control of Tornado Cash

Rashmi Ramesh • June 1, 2023

In the days between May 26 and June 1, Tornado Cash validators regained control, Tron patched a bug that could be exploited for $500 million, Binance said it will delist privacy coins in four European countries, Coinbase settled insider trading charges and Hong Kong police joined the metaverse.

Artificial Intelligence & Machine Learning

AI Tech Execs Put AI on Par With Nukes for Extinction Risk

David Perera • May 31, 2023

Artificial intelligence poses a global risk of extinction tantamount to nuclear war and pandemics, say a who's who of artificial intelligence executives in an open letter that evokes danger without suggesting how to mitigate it. Among the signatories are Sam Altman and Geoffrey Hinton.

Artificial Intelligence & Machine Learning

Cisco Buys Armorblox to Bring Generative AI to Its Portfolio

Michael Novinson • May 31, 2023

Cisco plans to make its third tuck-in cybersecurity acquisition of 2023 to protect email, cloud office applications and enterprise communications through natural language understanding. Cisco will take advantage of Armorblox's predictive and generative AI to help customers bolster their security.

Attack Surface Management

Ukrainian CERT Warns of New SmokeLoader Campaign

Akshaya Asokan • May 31, 2023

Ukrainian cyber defenders warn users for the second time this month to be aware of financially motivated phishing campaigns that load the SmokeLoader malware onto computers. Hackers behind UAC-0006 typically target computers used by accountants and look for banking and credential data.

Healthcare

Cyberattack Diverts Patients From Rural Idaho Hospital

Marianne Kolbasuk McGee • May 31, 2023

A community hospital and its clinics in rural Idaho are diverting ambulances and some patients to other facilities as the entities recover from a cyberattack discovered on Monday. The incident spotlights ongoing healthcare sector cyber challenges, especially in rural communities.

Network Detection & Response

Cisco's New XDR Tool Emphasizes Robust Telemetry Correlation

Michael Novinson • May 31, 2023

Cisco Security Executive Vice President and General Manager Jeetu Patel said the industry struggles to address multifaceted attacks that originate in email and include bad links, malware downloads to a device and more. Cyber defenders need correlated data from multiple sources of telemetry, he said.

Endpoint Security

Ring Settles FTC Allegations of Poor Cybersecurity, Privacy

David Perera • May 31, 2023

Amazon agreed to pay $5.8 million to settle a Federal Trade Commission investigation into allegedly poor cybersecurity practices by its Ring home surveillance device subsidiary. The company is also poised to come under two decades' worth of outside reviews of a mandated data and security program.

API Security

Why Identity Is Key to Baselining API Security Programs

Anna Delaney • May 31, 2023

Change management is a critical part of a robust API management program, said Shaam Farooq, vice president of technology at Atlas Energy Solutions and a CyberEdBoard member. Team members must review and approve changes as they happen and communicates those changes across IT and OT security teams.