"On February 21, 2024, Cencora, Inc. (the "Company"), learned that data from its information systems had been exfiltrated, some of which may contain personal information," reads the SEC filing.

Cencora says they have not determined if the incident will materially impact their finances or operations.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

After negotiations failed when the game studio refused to pay the $2 million ransom, Rhysida dumped 1,67 TB of documents on its dark web leak site.

"We are aware that the stolen data includes personal information belonging to our employees, former employees, and independent contractors."

"SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig researcher Miguel Hernández said.

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Link to dump: https://github.com/I-S00N/I-S00N/

The five malicious apps are:

1. Phone Cleaner - File Explorer (com.volabs.androidcleaner)
2. PDF Viewer - File Explorer (com.xolab.fileexplorer)
3. PDF Reader - Viewer & Editor (com.jumbodub.fileexplorerpdfviewer)
4. Phone Cleaner: File Explorer (com.appiclouds.phonecleaner)
5. PDF Reader: File Manager (com.tragisoap.fileandpdfmanager)

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

cross-posted from: https://infosec.pub/post/8288479

However, this bug caused some DNS queries to be sent to the DNS server configured on the computer, usually a server at the user's ISP, allowing the server to track a user's browsing habits.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

cross-posted from: https://infosec.pub/post/8133671

The company said the exposure includes names, dates of birth, insurer details, social security numbers, marital status, civil status, and guarantees open to third-party payment.

Hello everyone,

I hope this post belongs here, otherwise I'll move it to [email protected].

I work in appsec, my manager would like to send us to a conference this year. We are based in Europe, and the company would like to across intercontinental travel.

I have OWASP Global 2024 in Lisbon on my radar, as well as the BlackHat EU in London, is there any other conference you guys would recommend?

Fear them tooth brushes.

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

cross-posted from: https://infosec.pub/post/8070199

No exploitations have been observed in the wild as of yet, according to the company's European site, but owners should scan for indicators of compromise given that the bugs have been publicly known but unpatched for months.

Beyond the obvious step of updating to the latest firmware, Canon is advising its customers to "set a private IP address for the products and create a network environment with a firewall or wired/Wi-Fi router that can restrict network access."

AnyDesk Software GmbH, the German company behind the widely used (and misused) remote desktop application of the same name, has confirmed they’ve been hacked and their production systems have been compromised.

The statement was published on Friday evening and lacks technical details about the breach. The incident is not related to ransomware, they added.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!