CVE Program Secures Continued Funding

The U.S. Cybersecurity and Infrastructure Security Agency extended funding for the Common Vulnerabilities and Exposures program, averting a potential shutdown. Managed by MITRE, the CVE system is crucial for tracking software vulnerabilities. The last-minute renewal highlights concerns over the program’s reliance on federal funding and has prompted discussions about transitioning to a non-profit model for greater stability.

Source: CISA extends funding to ensure ‘no lapse in critical CVE services’
  

DaVita Discloses Ransomware Attack

Healthcare provider DaVita reported a ransomware attack that encrypted parts of its network, disrupting operations. The company has initiated incident response protocols, isolated affected systems, and engaged cybersecurity experts to assess and remediate the situation.

Source: Kidney dialysis firm DaVita hit by weekend ransomware attack
  

Medusa Ransomware Targets NASCAR

The Medusa ransomware group claimed responsibility for a $4 million attack on NASCAR, releasing documents as proof. The leaked data includes detailed maps, staff information, and credentials, indicating a significant breach of operational and logistical data.

Source: NASCAR ransomware attack expose internal docs, email​ | Cybernews
  

Emergence of Xanthorox AI Tool for Cybercriminals

A new AI tool named Xanthorox has emerged, offering cybercriminals advanced capabilities for orchestrating attacks. The tool provides features like automated vulnerability scanning and exploit generation, raising concerns about the increasing sophistication of cyber threats.

Source: https://cybersecuritynews.com/black-hat-ai-tool-xanthorox/
  

Hertz Customer Data Breach via Cleo Communications

Hertz disclosed that a cybersecurity breach involving its vendor, Cleo Communications, led to the theft of customer data. The breach exploited zero-day vulnerabilities in Cleo’s file transfer platform, potentially compromising contact details, credit card numbers, driver’s license data, and, for some individuals, social security and passport information. Hertz emphasized that its own network remained unaffected and, to date, there’s no evidence of the stolen data being used for fraud.

Source: https://www.infosecurity-magazine.com/news/hertz-data-breach-exposes-customer/

Smarttech247