American global apparel and footwear giant VF Corporation, the owner of brands like Supreme, Vans, Timberland, and The North Face, has disclosed a security incident that caused operational disruptions. VF Corp. is a Colorado-based apparel firm owning 13 globally recognized brands. The company employs 35,000 people and has an annual revenue of $11.6 billion. Apart […]
Vans and North Face owner VF Corp hit by ransomware attack Read More »
Four vulnerabilities, one of which is rated critical, have been discovered in the Perforce Helix Core Server, a source code management platform widely used by the gaming, government, military, and technology sectors. Microsoft analysts discovered the flaws during a security review of the product, which the company’s game development studios use, and responsibly reported them
Microsoft discovers critical RCE flaw in Perforce Helix Core Server Read More »
The KB5033375 cumulative update released during the December 2023 Patch Tuesday causes Wi-Fi connectivity issues on some Windows 11 devices. Besides a massive stream of user reports on Reddit, Twitter, and Microsoft’s own community platform, several universities have also issued advisories recommending students to uninstall the KB5033375 update (and the optional cumulative update preview KB50532288,
December’s Windows 11 KB5033375 update breaks Wi-Fi connectivity Read More »
Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems. On October 25, roughly two weeks after Citrix released security updates to address a critical vulnerability now known as Citrix Bleed and tracked as CVE-2023-4966, the telecommunications
Xfinity discloses data breach after recent Citrix server hack Read More »
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from adjacent network Vendor: Sensormatic Electronics, LLC, an affiliate of Johnson Controls Inc. Equipment: Kantech Gen1 ioSmart card reader Vulnerability: Missing Release of Memory after Effective Lifetime 2. RISK EVALUATION An attacker with physical access to the Kantech Gen1 ioSmart card reader in certain circumstances
Johnson Controls Kantech Gen1 ioSmart Read More »
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack
Siemens SIMATIC and SIPLUS Products Read More »
Today, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Play Ransomware, to disseminate Play ransomware group’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as
FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware Read More »
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov
#StopRansomware: Play Ransomware | CISA Read More »
Mr. Cooper is sending data breach notifications warning that a recent cyberattack has exposed the data of 14.7 million customers who have, or previously had, mortgages with the company. Mr. Cooper (previously Nationstar Mortgage LLC) is a Dallas-based mortgage lending firm that employs approximately 9,000 people and has millions of customers. The lender is one of
Mortgage giant Mr. Cooper data breach affects 14.7 million people Read More »
The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer. In August, a multinational law enforcement operation called Operation Duck Hunt accessed the QakBot admin’s servers and mapped out the botnet’s infrastructure. After gaining access to the botnet’s encryption keys used for malware communication, the FBI
Qbot malware returns in campaign targeting hospitality industry Read More »