Cybercriminals who hacked Rhode Island’s system for health and benefits programs have released files to a site on the dark web, a scenario the state has been preparing for, Gov. Daniel McKee said Monday. The state has an outreach strategy to encourage potentially impacted Rhode Islanders to protect their personal information, according to a press […]

The supply chain attack in which cybersecurity firm Cyberhaven’s Chrome extension was compromised to steal users’ data appears to be part of a wider campaign in which at least 29 extensions were hit over the past year and a half. As part of the Cyberhaven incident, a threat actor gained access to the company’s Chrome […]

Chinese hackers remotely accessed US Treasury Department workstations and unclassified documents after compromising a cloud-based service operated by BeyondTrust, the department said Monday. While the Treasury described the situation as a “major cybersecurity incident,” the scope of the breach was not detailed, with no information on how many workstations had been compromised or what types […]

Palo Alto Networks informed customers late last week that it has patched a zero-day vulnerability that has been exploited to launch denial-of-service (DoS) attacks against its firewalls. The security hole, tracked as CVE-2024-3393, impacts the DNS Security feature of the PAN-OS software that runs on Palo Alto Networks firewalls. The flaw allows an unauthenticated attacker […]

Threat actors have been observed exploiting a vulnerability in Four-Faith industrial routers to deploy a reverse shell, vulnerability intelligence company VulnCheck warns. The exploited flaw, tracked as CVE-2024-12856 (CVSS score of 7.2), is described as an OS command injection issue that can be exploited remotely but requires authentication. Affected devices include the Four-Faith router models […]

The US Department of Justice has issued a final rule carrying out Executive Order (EO) 14117, which addresses the risk of Americans’ bulk sensitive personal data being accessed and exploited by China, Russia, and other foreign adversaries. Also covering certain US government-related data, the final rule (PDF) and the executive order aim to prevent data […]

Malicious versions of Cyberhaven and other Chrome extensions were published to the Google Chrome Web Store as part of a supply chain attack likely targeting Facebook advertising users. The extension of data security firm Cyberhaven was compromised after an employee fell victim to a phishing attack and authorized a malicious OAuth application called ‘Privacy Policy […]

A hacker has leaked more data stolen from a Cisco DevHub instance and the tech giant has confirmed its authenticity and that it originated from a recently disclosed security incident. The hacker known as IntelBroker announced on October 14 that he and others had breached Cisco systems and obtained source code, certificates, credentials, confidential documents, […]

A ninth U.S. telecoms firm has been confirmed to have been hacked as part of a sprawling Chinese espionage campaign that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans, a top White House official said Friday. Biden administration officials said this month that at least eight […]

Intelligence operations have undergone a profound transformation. Gone are the days when intelligence gathering relied purely on information obtained from human and other restricted sources. Today, much of the intelligence is publicly available – if one knows where and how to find it. This practice, known as Open Source Intelligence (OSINT), has emerged as an […]