Microsoft’s Patch Tuesday security update for April 2024 addressed critical vulnerabilities, including SmartScreen Prompt Security Feature Bypass and Remote Procedure Call Runtime Remote Code Execution, with two zero-day exploits actively exploited in attacks.
Security researcher RyotaK identifies CVE-2024-24576 vulnerability, named BatBadBut, in Rust standard library affecting Windows systems prior to version 1.77.2.
Change Healthcare, a subsidiary of UnitedHealth Group, was breached by the ALPHV group, resulting in the theft of sensitive data and a demand for ransom.
Security researchers at Unit 42 have observed an increase in malware-driven scanning attacks in 2023, with threat actors compromising systems to scan for vulnerabilities, open ports, and operating systems, utilizing infected devices to expand botnets and evade detection.
Hostile foreign states are behind a surge in malicious insider breaches, resulting in IP theft and industrial espionage, with organizations turning to AI for risk management.
The Identity Defined Security Alliance (IDSA) launches the #BeIdentitySmart campaign to address the growing threat of identity compromise and promote best practices for organizations.
