Identity

Many healthcare organizations are turning to MSSPs to ensure critical data and information is secure.

MSSPs and MSPs have a new tool to use as the SSL/TLS certificate landscape changes.

BleepingComputer reports that U.S. investment research firm Zacks Investment Research had data from nearly 12 million accounts purportedly stolen in a June breach leaked on BreachForums late last month.

Hackread reports Microsoft, Gmail, Yahoo, and other authentication services' login credentials are being targeted by the newly emergent Astaroth phishing kit, which leverages an evilginx-style reverse proxy enabling man-in-the-middle attacks while evading two-factor authentication.

Individuals traveling to Singapore, Malaysia, and the UK have been subjected to a novel phishing campaign exploiting online arrival card submissions in a bid to exfiltrate personal details, SiliconAngle reports.

Nearly 4,500 internet-exposed SonicWall firewalls were discovered by Bishop Fox researchers to be at risk of having their VPN sessions taken over in attacks exploiting a recently patched high-severity authentication bypass flaw within the SonicOS SSLVPN application, tracked as CVE-2024-53704, according to BleepingComputer.

International shipping solution Hipshipper — which is leveraged by Amazon, Shopify, and eBay sellers to deliver goods to more than 150 countries — had more than 14.3 million records inadvertently exposed by an unsecured Amazon AWS bucket, Cybernews reports.

Hackread reports that widely used artificial intelligence-based chatbot OmniGPT was allegedly compromised by the threat actor dubbed "Gloomer," who proceeded to leak over 34 million lines of user conversations and 30,000 user emails and phone numbers.