A ransomware tabletop exercise was conducted against a fictious hospital, aiming to educate attendees of how to fight against such threats
SEC Investigation into Progress MOVEit Hack Ends Without Charges
After months of investigation, the SEC decided not to recommend any enforcement action against software provider Progress regarding the supply chain attack
Phishing Attack Exploits Google, WhatsApp to Steal Data
The LOTS attack uses trusted sites like Google Drawings and WhatsApp to trick users into sharing data
North Korea Kimsuky Launch Phishing Attacks on Universities
Kimsuky was observed phishing university staff to steal valuable research for North Korea
BlackSuit/Royal Ransomware Group Has Demanded $500m
CISA and FBI report claims the BlackSuit ransomware collective has extracted at least $500m from victims
Ethical Hackers Steal and Return $12m to Ronin Network
Hackers stole $12m in virtual currency from Ronin Network, which has previously suffered a massive $620m heist
ZDI-24-1103: Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability
This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-7600.
ZDI-24-1104: Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability
This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.1. The following CVEs are assigned: CVE-2024-7604.
ZDI-24-1105: Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability
This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-7603.
ZDI-24-1106: Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability
This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-7601.