Cussins Enterprises LLC
Technology is a paint brush on the canvas of life.
What can we paint for you?
Cybersecurity News
Awareness of what is happening is the 1st to a secure system.Threat Post
 Firewall Bug Under Active Attack Triggers CISA WarningOn August 23, 2022Source: Web Security – ThreatpostBy ThreatpostCategories: Vulnerabilities, Web Security CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.… Read more |
 Fake Reservation Links Prey on Weary TravelersOn August 22, 2022Source: Web Security – ThreatpostBy Nate NelsonCategories: Malware, Web Security Fake travel reservations are exacting more pain from the travel weary, already dealing with the mise… Read more |
 Google Patches Chrome’s Fifth Zero-Day of the YearOn August 18, 2022Source: Web Security – ThreatpostBy Elizabeth MontalbanoCategories: Vulnerabilities, Web Security, Google Chrome, zero-day vulnerabilities An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arb… Read more |
 Phishers Swim Around 2FA in Coinbase Account HeistsOn August 8, 2022Source: Web Security – ThreatpostBy Elizabeth MontalbanoCategories: Hacks, Web Security Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so the… Read more |
 Open Redirect Flaw Snags Amex, Snapchat User DataOn August 5, 2022Source: Web Security – ThreatpostBy Elizabeth MontalbanoCategories: Hacks, Vulnerabilities, Web Security Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among ot… Read more |
 Universities Put Email Users at Cyber RiskOn August 2, 2022Source: Web Security – ThreatpostBy Elizabeth MontalbanoCategories: Vulnerabilities, Web Security DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest prot… Read more |
 Threat Actors Pivot Around Microsoft’s Macro-Blocking in OfficeOn July 28, 2022Source: Web Security – ThreatpostBy Elizabeth MontalbanoCategories: Hacks, Malware, Web Security Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwa… Read more |
 IoT Botnets Fuel DDoS Attacks – Are You Prepared?On July 26, 2022Source: Web Security – ThreatpostBy Sponsored ContentCategories: Sponsored, Vulnerabilities, Web Security, indusface The increased proliferation of IoT devices paved the way for the rise of IoT botnets that amplifies… Read more |
 Magecart Serves Up Card Skimmers on Restaurant-Ordering SystemsOn July 20, 2022Source: Web Security – ThreatpostBy Elizabeth MontalbanoCategories: Hacks, Malware, Web Security 300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against Menu… Read more |
 Authentication Risks Discovered in Okta PlatformOn July 19, 2022Source: Web Security – ThreatpostBy Nate NelsonCategories: Privacy, Web Security Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational… Read more |
Beeping Computer
| https://www.bleepingcomputer.com/feed/ is invalid XML, likely due to invalid characters. XML error: XML_ERR_NAME_REQUIRED at line 1, column 753 |
Motherboard
| https://motherboard.vice.com/en_us/rss is invalid XML, likely due to invalid characters. XML error: Undeclared entity error at line 23, column 112 |
Data Breeches
Swiss critical sector faces new 24-hour cyberattack reporting ruleOn March 12, 2025Source: DataBreaches.NetBy DissentCategories: Legislation, Non-U.S., Of Note Bill Toulas reports: Switzerland’s National Cybersecurity Centre (NCSC) has announced a new re… Read more |
Computers containing thousands of patients’ records stolen from Belfast hospitalOn March 11, 2025Source: DataBreaches.NetBy DissentCategories: Health Data, Non-U.S., Theft Deborah McAleese reports: Twenty-eight computers containing the records of thousands of patients hav… Read more |
Center for Digestive Health notifies patients of April 2024 cyberattackOn March 11, 2025Source: DataBreaches.NetBy DissentCategories: Breach Incidents, Hack, Health Data In May, 2024, the threat actors known as BianLian added the Center for Digestive Health in Florida t… Read more |
Sunflower Medical Group notifies 220,968 of December cyberattack by RhysidaOn March 11, 2025Source: DataBreaches.NetBy DissentCategories: Health Data Sunflower Medical Group has notified 220,968 people of a December attack by Rhysida. According to th… Read more |
Attorney General James Sues National General and Allstate Insurance for Failing to Protect New Yorkers’ Personal InformationOn March 10, 2025Source: DataBreaches.NetBy DissentCategories: Business Sector, Of Note NEW YORK – New York Attorney General Letitia James today filed a lawsuit against several insurance c… Read more |
Endless Mountains Health Systems affected by cyberattack; patients alerted to situationOn March 9, 2025Source: DataBreaches.NetBy DissentCategories: Health Data, U.S. Endless Mountains Health Systems (EMHS) in Pennsylvania has been dealing with a cyberattack that has… Read more |
Akira ransomware gang used an unsecured webcam to bypass EDROn March 9, 2025Source: DataBreaches.NetBy DissentCategories: Commentaries and Analyses, Malware The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks… Read more |
SSK Plastic Surgery discloses it experienced a hack and extortion attempt in 2024On March 8, 2025Source: DataBreaches.NetBy DissentCategories: Hack, Health Data Another plastic surgery practice has revealed that it was the victim of a cyberattack with an extort… Read more |
Extensive US public school employee data compromise reported from Carruth Compliance Consulting breachOn March 8, 2025Source: DataBreaches.NetBy DissentCategories: Education Sector, Subcontractor, U.S. SC Media reports: Oregon-based third-party retirement plan administrator Carruth Compliance Consulti… Read more |
White House cyber director’s office set for more power under Trump, experts sayOn March 8, 2025Source: DataBreaches.NetBy DissentCategories: Miscellaneous Suzanne Smalley reports: The Office of the National Cyber Director (ONCD) is poised to become a stro… Read more |
Cyberscoop
Microsoft patches 57 vulnerabilities, including 6 zero-daysOn March 11, 2025Source: CyberScoopBy Matt KapkoCategories: Cybersecurity, Threats, Action1, Cybersecurity and Infrastructure Security Agency (CISA), Microsoft, Patch Tuesday, Rapid7, vulnerabilities, zero-days More than three-quarters of the vulnerabilities covered in the vendor’s monthly Patch Tuesday update… Read more |
Apple discloses zero-day vulnerability, releases emergency patchesOn March 11, 2025Source: CyberScoopBy Greg OttoCategories: Cybersecurity, Technology, Threats, Apple, iOS, Mac, patching, Safari, zero days Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerabi… Read more |
X suffered a DDoS attack. Its CEO and security researchers can’t agree on who did it.On March 11, 2025Source: CyberScoopBy Matt KapkoCategories: Cybercrime, Cybersecurity, Threats, Check Point, Dark Storm, DDoS, Elon Musk, F5, Twitter, X X’s wave of outages resembled a DDoS attack and Dark Storm Team, a prolific threat group specializin… Read more |
Amid personnel turmoil at cyber agencies, a government shutdown could increase potential harmOn March 11, 2025Source: CyberScoopBy Tim StarksCategories: Government, Policy, Workforce, Armis, budget, CISA, Congress, cyber workforce, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), cybersecurity workforce, Department of Government Efficency, Department of Homeland Security (DHS), government shutdown, Joe Biden, National Security Council, National Security Council (NSC), Trump administration, workforce Shutdowns always hamper government operations, but personnel cuts further exacerbate cyber risks, ex… Read more |
New York sues Allstate and subsidiaries for back-to-back data breachesOn March 11, 2025Source: CyberScoopBy Matt KapkoCategories: Cybersecurity, Government, Policy, Privacy, Technology, data breaches, insurance, New York, New York Attorney General, New York DFS A pair of data breaches in late 2020 and early 2021 exposed driver’s license numbers of almost 200,0… Read more |
Sean Plankey picked by Trump to be CISA directorOn March 11, 2025Source: CyberScoopBy Tim StarksCategories: Cybersecurity, Election Security, Government, Workforce, CISA, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), Karen Evans, Sean Cairncross, Sean Plankey, Senate Homeland Security and Governmental Affairs Committee, Trump administration Plankey’s nomination fills the biggest remaining gap among cyber leaders in the second Trump adminis… Read more |
 Multiple vulnerabilities found in ICONICS industrial SCADA softwareOn March 10, 2025Source: CyberScoopBy djohnsonCategories: Technology, industrial control systems (ICS), Palo Alto Networks, SCADA, vulnerabilities The since-patched vulnerabilities allowed for privilege escalation, DLL hijacking, file modification… Read more |
CISA completed its election security review. It won’t make the results publicOn March 7, 2025Source: CyberScoopBy djohnsonCategories: Cybersecurity, Election Security, Government, CISA, Department of Homeland Security (DHS), disinformation, election security, Trump administration Critics said the decision creates broad uncertainty among other stakeholders who work to protect ele… Read more |
Ransomware poseurs are trying to extort businesses through physical lettersOn March 7, 2025Source: CyberScoopBy Matt KapkoCategories: Cybercrime, Cybersecurity, Healthcare, Ransomware, Threats, cybercrime, extortion, Federal Bureau of Investigation (FBI), ransomware The FBI is warning business leaders about the scam perpetrated by an unidentified threat group. The… Read more |
Krebs On Security
The Hacker News
 Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and RootkitsOn March 12, 2025Source: The Hacker NewsByThe China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX… Read more The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure.
"The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that |
 Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber AttackOn March 12, 2025Source: The Hacker NewsByThreat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server… Read more Threat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms.
"At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts," the company said, adding it observed the activity on March 9, 2025.
The countries which |
 Pentesters: Is AI Coming for Your Role?On March 12, 2025Source: The Hacker NewsByWe’ve been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey p… Read more We’ve been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation, predicting that by 2030, 375 million workers would need to find new jobs or risk being displaced by AI and automation. Queue the anxiety.
There have been ongoing whispers about what roles would be |
 URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-DaysOn March 12, 2025Source: The Hacker NewsByMicrosoft on Tuesday released security updates to address 57 security vulnerabilities in its softwar… Read more Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild.
Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity. Twenty-three of the addressed vulnerabilities are remote code execution bugs and 22 relate to privilege |
 Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted AttacksOn March 12, 2025Source: The Hacker NewsByApple on Tuesday released a security update to address a zero-day flaw that it said has been exploit… Read more Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks.
The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component.
It has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content such that it |
 Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based AttacksOn March 11, 2025Source: The Hacker NewsByThe threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Col… Read more The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024.
"The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates," Check Point said in a new analysis.
"More than 1,600 victims were affected during one of |
 Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 DevicesOn March 11, 2025Source: The Hacker NewsByUnpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, ac… Read more Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team.
"The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with |
 Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real ThreatsOn March 11, 2025Source: The Hacker NewsByIn cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sens… Read more In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn’t equal being secure. As Sun Tzu warned, “Strategy without tactics is |
 Steganography Explained: How XWorm Hides Inside ImagesOn March 11, 2025Source: The Hacker NewsByInside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangero… Read more Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike.
No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal data, execute malware, and take over your system without a trace.
This is steganography, a cybercriminal’s secret weapon for |
 SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and AfricaOn March 11, 2025Source: The Hacker NewsByMaritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have becom… Read more Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder.
The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy |
How Can We Help?
