Cyber Bits: March 11, 2024

There are no slow weeks in Cyber. This week we’ve seen some additional disclosure from Microsoft, a serious Fortinet flaw and proof that no organization is invulnerable to being breached.

More fallout from Microsoft’s January breach

Links: The Hacker News; Arsetechnica

Following Microsoft’s January breach, the company published an update on March 8th disclosing they had uncovered evidence that the data exfiltrated in January has been used to gain further unauthorized access to their systems and some of their source code repositories.

CISA falls victim to Ivanti vulnerabilities

Links: CNN; The Record

Cybersecurity and Infrastructure Security Agency (CISA) was breached back in February using the widely reported Ivanti vulnerabilities.

Fortinet flaw being actively exploited

Links: Bleeping Computer; Bleeping Computer

A critical Fortinet flaw may impact 150,000 exposed devices, and has been confirmed as being actively exploited by CISA.

Cyber Bits: September 16

This week, Ivanti reports a critical vulnerability now actively exploited, Transport for London is resetting 30,000 employee passwords in person, the Port of Seattle was hit by Rhysida ransomware, and a Windows vulnerability is being exploited via invisible braille spaces.

RJ Sudlow

Cyber Bits · Sep 9, 2024

Cyber Bits: September 9

This week’s coverage focuses on renewed spyware threats, Russian cyberattacks, critical vulnerabilities impacting Veam, Sonicwall, Dlink and Yubi, and air-gapping might not be enough any more.

James McGarvey

Cyber Bits · Sep 2, 2024

Cyber Bits: September 2

This week, we take a look at SQLi vulnerabilities within TSA software, researchers being sued, and a staggering 200+ victims of RansomHub's Ransomware-as-a-Service.

RJ Sudlow