Summary: Researcher Mehdi Elyassa from Synacktiv disclosed a critical SQL injection vulnerability in Microsoft Configuration Manager (CVE-2024-43468) with a CVSS score of 9.8, allowing unauthenticated attacks that can execute arbitrary commands. The flaw exists in the MP_Location service, enabling attackers to gain sysadmin-level privileges and potentially achieve full control over the deployment environment.…
Read More
Hair Salon in Strathmore, Alberta Reopens After Ransomware Attack, Blames Software Provider for Lack of Information

Date Reported: 2025-01-21 Country: CAN | Canada Victim: Runway Hair Design | Runway Hair Design Website: runwayhairdesign.ca Additional Information :A hair salon in Strathmore, Alberta, was closed for several days due to a ransomware cyberattack that encrypted the company’s files. The salon managed to reopen after repairing its computers.…
Read More
Hair Salon in Strathmore, Alberta Reopens After Ransomware Attack, Blames Software Provider for Lack of Information

Date Reported: 2025-01-21 Country: JPN | Japan Victim: Sanrio Entertainment | Sanrio Entertainment Website: sanrio.co.jp Additional Information :Sanrio Entertainment, known for its popular theme parks in Japan, including Harmonyland, was targeted in a cyberattack on January 21, 2025. The attack caused operational disruptions and restricted access for visitors to the parks.…
Read More
GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities
Summary: A new threat actor called GamaCopy has been observed emulating tactics from the Kremlin-aligned Gamaredon group, primarily targeting Russian-speaking entities. The group is noted for using military-related content to deploy UltraVNC for remote access, closely resembling techniques used by another hacking faction, Core Werewolf. This pattern of behavior highlights an evolving landscape of cyber threats amidst ongoing geopolitical tensions stemming from the Russo-Ukrainian war.…
Read More
Ransomware gang uses SSH tunnels for stealthy VMware ESXi access
Summary: Ransomware actors are increasingly targeting VMware ESXi bare metal hypervisors, exploiting SSH tunneling to maintain persistence and evade detection. These attacks can cripple organizations by encrypting files and rendering virtual machines inaccessible. Monitoring challenges related to ESXi logs further complicate detection and response efforts for system administrators.…
Read More
TalkTalk investigates breach after data for sale on hacking forum
Summary: TalkTalk is investigating a data breach involving a third-party supplier after a threat actor began selling alleged customer data on a hacking forum. The company has stated that the number of affected customers is significantly overstated and that no financial information was compromised. Ongoing investigations suggest the data may have been stolen from the Ascendon SaaS platform rather than directly from TalkTalk.…
Read More
Hair Salon in Strathmore, Alberta Reopens After Ransomware Attack, Blames Software Provider for Lack of Information

Date Reported: 2025-01-24 Country: USA Victim: Matagorda County | Matagorda County Website: co.matagorda.tx.us Additional Information :Matagorda County, Texas, has declared a state of disaster due to a cyberattack. The cyberattack disrupted internal systems but no evidence of compromised personal data has been found. Local authorities are investigating the incident with assistance from multiple agencies, including the FBI.…
Read More
UnitedHealth updates number of data breach victims to 190 million
Summary: The ransomware attack on Change Healthcare has now impacted nearly 200 million individuals, significantly more than previously reported. UnitedHealth, the parent company, has confirmed that sensitive personal and health information was accessed, including Social Security numbers and medical records. The company is still assessing the full extent of the breach and has begun notifying affected individuals.…
Read More
3 Use Cases for Third-Party API Security
Summary: The commentary discusses the importance of adapting security strategies for third-party APIs, highlighting the unique risks and considerations that differ from first-party APIs. It emphasizes the need for security leaders to focus on three specific use cases: managing outbound data flows, protecting against inbound traffic, and overseeing data management for third-party applications.…
Read More
PayPal penalized  million over data breach involving 35K Social Security numbers
Summary: PayPal has agreed to pay a $2 million penalty following a cybersecurity incident in December 2022 that exposed thousands of Social Security numbers. The breach was attributed to a credential stuffing attack, which exploited vulnerabilities in the company’s platform due to recent changes. New York regulators emphasized the importance of qualified cybersecurity personnel and proper training to prevent such incidents in the future.…
Read More
Summary: GitLab has released critical security updates for versions 17.8.1, 17.7.3, and 17.6.4 to address multiple vulnerabilities, including a high severity cross-site scripting (XSS) flaw. The most severe vulnerability, CVE-2025-0314, allows attackers to inject malicious scripts, potentially leading to session hijacking and data theft. GitLab urges all users to update their installations immediately to mitigate these risks.…
Read More
Strengthening Our National Security in the AI Era
Summary: The commentary discusses the challenges faced by the federal government in modernizing cybersecurity efforts amidst increasing data breaches and ransomware attacks. It highlights the significance of the Biden administration’s executive order aimed at strengthening cybersecurity through the integration of AI and automation. The piece emphasizes the urgent need for improved cybersecurity practices and the potential of AI to enhance resilience in federal infrastructure and the software supply chain.…
Read More
Subaru Starlink Vulnerability Exposed Cars to Remote Hacking
Summary: A vulnerability in Subaru’s Starlink connected vehicle service allowed unauthorized access to customer accounts in the US, Canada, and Japan. Security researchers discovered that the admin panel could be accessed without proper authentication, enabling potential vehicle takeovers and access to sensitive customer information. Subaru addressed the security flaw within 24 hours of being notified by the researchers.…
Read More