Despite already completing short- and long-term cyber workforce expansion strategies, TSA has yet to finalize the inclusion of cybersecurity into an update for its 14-year-old Pipeline Security and Incident Recovery Protocol Plan, according to a GAO report.

Widely leveraged application delivery controller and load-balancing solution LoadMaster has been impacted by the OS command injection vulnerability, tracked as CVE-2024-1212, which could be abused to enable unauthenticated remote system access and arbitrary system command execution.

SF Ballet Company was initially targeted by Meow, also known as MeowCorp or MeowCorp2022, which admitted to having exfiltrated more than 40 GB of data, including employees' personal details, payroll and work-related information, legal and insurance documents, financial files, contracts and commercial agreements, and medical records.

After implementing server updates, threat actors proceeded to download and execute the FFmpeg tool from MediaFire to capture Qatari beIN Sports network's live sports events, which are then redirected to the attacker-controlled stream[.]tv server.

Threat actors who infiltrated Equinox's systems on Apr. 29 were able to exfiltrate digital files containing individuals' names, birthdates, addresses, Social Security numbers, passport numbers, driver's license or other government identification numbers, health insurance information, financial account details, treatment and diagnosis data, and/or medication details.

Infiltration of Finastra's internally hosted file transfer platform, which was only discovered earlier this month, was likely conducted through stolen credentials and has resulted in the exfiltration of customer information.

More than a dozen n-day vulnerability exploits for various IoT devices, including Netgear and Zyxel products, have been leveraged to facilitate initial access, with the targeted devices establishing C2 communications to determine the usability of the bot for the proxy network and eventual connection with the NSOCKS proxy service.

Following the introduction of compulsory MFA for root users in May 2024, over 750,000 root users have activated MFA, with adoption rates doubling after AWS included FIDO2 passkeys as an authentication option.

The partnership seeks to address rising ransomware threats targeting financial institutions by offering cloud-native data vaulting solutions.

The platform addresses the vulnerabilities of artificial intelligence systems, particularly large language models, which are susceptible to unpredictable and undetected threats like prompt injection and zero-day vulnerabilities.