Cyberattacks using malicious lookalike domains, email addresses, and other types of registered identifiers are rising, domain name system (DNS) security provider Infoblox found.

A report published Wednesday by the Atlantic Council’s Cyber Statecraft Initiative asserts that the SEC’s proposed rules — requiring incident disclosure within four days — substantially differ from CIRCIA regulations.

In what’s a new kind of software supply chain attack aimed at open-source projects, it has emerged that threat actors could seize control of expired Amazon S3 buckets to serve rogue binaries without altering the modules themselves.

Arlington, VA-based OT security firm Shift5 has raised an additional $33 million in its Series B financing. $50 million was announced in February 2022. The total venture funding now stands at $108 million.

A commercial real estate company that operates over a dozen addiction recovery centers and other medical facilities is notifying 319,500 patients and employees of a recent ransomware incident that compromised their personal and health information.

Cloud threats have become ubiquitous, with 94% of cloud tenants targeted every month and brute-force attacks increasing from 40 million to nearly 200 million in early 2023, according to Proofpoint.

According to press releases by the Louisiana Office of Motor Vehicles and the Oregon Driver & Motor Vehicle Services, both agencies used the MOVEit Transfer software, which was breached during these attacks.

U.S. power and electronics giant Eaton has fixed a security vulnerability that allowed a security researcher to remotely access thousands of smart security alarm systems.

Details of the latest vulnerability, tracked as CVE-2023-35708, were made public Thursday; proof-of-concept (PoC) exploit for the flaw, now fixed today, also emerged on Thursday. Progress Software issued a fix for it on Friday.

The Rhysida ransomware gang has now published 30% of all the data they claim to have stolen from the Chilean Army’s network after initially adding it to their data leak site and claiming the attack.