In June, a cyberattack struck CDK Global, a software provider serving over 15,000 car dealerships across North America, causing widespread operational disruption. Beyond the immediate chaos, the cyberattack poses serious concerns for recent car buyers. If your dealership uses CDK Global software, personal data such as your Social Security number, employment details, and home address—may have been compromised.

A vulnerability affecting Apache HugeGraph-Server, categorized as CVE-2024-27348, was disclosed in August 2024 and recently added to the CISA Known Exploited Vulnerabilities (KEV) catalog on 9/18/2024. This flaw, found in Apache HugeGraph-Server versions 1.0.0 through 1.3.0, and affecting instances running Java 8 or 11, can result in remote code execution (RCE). Proof of Concept (PoC) exploit code has been released, along with a detailed analysis from SecureLayer7.

In December 2020, Ticketmaster was hit with a $10 million fine for an act of corporate espionage. The company had engaged in unauthorized access to a competitor's computer systems, using stolen login credentials to gather confidential business intelligence. Although this scandal broke nearly four years ago, it serves as a reminder of the legal and ethical responsibilities businesses must adhere to in today’s marketplace.

Adobe released a patch for a suspected zero-day vulnerability in Adobe Reader, identified as CVE-2024-41869. This vulnerability, a Use After Free (UAF) issue, can lead to arbitrary code execution, system crashes, or the return of unexpected values.

Last month, NIST published its first set of post-quantum cryptography (PQC) standards, setting a new benchmark for enterprises, government agencies, and vendors to withstand future cyberattacks from quantum computers. The time to start transitioning is now. Discover what’s at stake with CyberWatch.

Every second Tuesday of the month, Microsoft releases patches to their applications, services, and operating systems. Typically, these patches include a myriad of security fixes and this time around, for September of 2024, 79 different vulnerabilities have been addressed, including 4 zero-day vulnerabilities and 10 critical vulnerabilities.

A newly uncovered phishing campaign is exploiting the growing popularity of CapCut, a video editing tool developed by ByteDance. The attackers are utilizing a technique known as reputational hijacking, which allows them to embed malware within a legitimate-looking package, bypassing Smart App Control (SAC) and leaving users vulnerable to data theft and system compromise. This campaign represents a significant escalation in the tactics used by threat actors to evade detection.

From early Bitcoin-exchange hacks to today's multi-million-dollar DeFi exploits, crypto heists are becoming more frequent, and the stakes are higher than ever. Today's report explores some of the biggest heists, what makes them possible, and why Web3 security is more critical than ever.

American businesses are on the front line of the nation’s looming conflicts with China and other adversaries like Russia and Iran, the U.S. spy chief Director of National Intelligence Avril Haines warned last week. Learn why the relationship between the private sector and the intelligence community needs to outgrow the confines of the customer/vendor nexus and go beyond its current information-sharing paradigm.