The company has reported the security breach to law enforcement and regulatory authorities and is conducting an ongoing investigation to assess the full impact of the incident.
The Government Accountability Office (GAO) suffered a data breach affecting thousands of current and former employees, which was carried out through a vulnerability in the Atlassian Confluence workforce collaboration tool.
Security researchers have lately observed new builds and incremental changes to the malware, indicating that someone with access to its source code is experimenting with it.
One of the zero-days, CVE-2024-21412, allows attackers to bypass security features and deploy malware. The other zero-day, CVE-2024-21351, enables attackers to bypass SmartScreen protections and potentially gain remote code execution capabilities.
A 20-plus-year-old design flaw in the DNSSEC specification, named KeyTrap, can be exploited by a single packet to disable vulnerable DNS servers, affecting web clients and other applications relying on them.
The breach involved sensitive details such as full names, dates of birth, contact information, and Social Security Numbers. The threat actor demanded a ransom and threatened to sell the stolen data if their demands were not met.
The Cyberdome initiative at Boise State University is helping to address the shortage of cybersecurity talent in rural areas by providing hands-on work experience to students and cybersecurity services to organizations in need.
PlayDapp offered a $1 million reward to the hacker for returning the stolen contracts and assets, but the hackers continued to mint more tokens, leading to the suspension of PLA trading and efforts to freeze the hacker’s wallets on exchanges.
Cyber Fusion Centers (CFCs) enable threat intelligence operationalization, information sharing, and automation of threat response, providing a unified and efficient approach to cybersecurity in the financial sector.
According to Resecurity, malicious cyber-activity has increased by 100% between 2023 and early 2024, with threat actors aiming to acquire and exploit voter data for potential propaganda campaigns and electoral interference.