A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service (DDoS) attacks.

Tracked as CVE-2023-20238, the vulnerability affecting the BroadWorks platform was identified in the SSO implementation and could be exploited by remote, unauthenticated attackers to forge credentials and access affected systems.

Travel booking giant Sabre said it was investigating claims of a cyberattack after a tranche of files purportedly stolen from the company appeared on an extortion group’s leak site.

Attackers are using phishing sites and search engine ads to trick victims into downloading the malware, highlighting the importance of verifying the authenticity of downloaded programs.

On Tuesday, the university urged staff and students to reset their account passwords after a recent cyberattack. Emails sent by the university’s CISO and CIO to community members seen by BleepingComputer ask for password changes by September 12.

Acadia Health LLC, which does business as Just Kids Dental, in a breach report submitted on September 1 to Maine’s attorney general office said the practice’s computer systems and network were attacked by a malicious actor on August 2.

An analysis of the exposed credentials by Truffle Security has revealed that AWS and GitHub keys were the most prevalent type of leaked secrets, accounting for 45% of all credentials.

Exposure management solutions provider Tenable announced on Thursday that it has entered into a definitive agreement to acquire Israeli cloud security startup Ermetic for roughly $240 million in cash and $25 million in restricted stock and RSUs.

In the first half of 2023, OAIC received reports of breaches within 30 days after they occurred from 74% of organizations, and just 5% of organizations took longer than four months to report breaches.

GrammaTech has separated its security software products and cyber research services divisions, and venture capital firm Battery Ventures has acquired the former and renamed it CodeSecure.