-
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2024-1086 (CVSS score: 7.8), the high-severity issue relates to a use-after-free bug in the netfilter component that permits a local attacker to elevate…
-
FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine
Cloudflare on Thursday said it took steps to disrupt a month-long phishing campaign orchestrated by a Russia-aligned threat actor called FlyingYeti targeting Ukraine. “The FlyingYeti campaign capitalized on anxiety over the potential loss of access to housing and utilities by enticing targets to open malicious files via debt-themed lures,” Cloudflare’s threat intelligence team Cloudforce One
-
Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors
A previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanning various sectors in the United States (U.S.), Europe, and Asia as part of a data theft campaign since at least 2021. “The campaign is geared toward establishing long-term access to compromised victim organizations to enable LilacSquid to siphon data…
-
RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability
The threat actors behind the RedTail cryptocurrency mining malware have added a recently disclosed security flaw impacting Palo Alto Networks firewalls to its exploit arsenal. The addition of the PAN-OS vulnerability to its toolkit has been complemented by updates to the malware, which now incorporates new anti-analysis techniques, according to findings from web infrastructure and…
-
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
Cybersecurity researchers have warned that multiple high-severity security vulnerabilities in WordPress plugins are being actively exploited by threat actors to create rogue administrator accounts for follow-on exploitation. “These vulnerabilities are found in various WordPress plugins and are prone to unauthenticated stored cross-site scripting (XSS) attacks due to inadequate input sanitization
-
PeaceHealth nurses win 18% raises in tentative agreement
The raises make these RNs among the best paid in the state of Washington, according to the union.
-
OHSU’s controversial chief people officer will step down
Qiana Williams came to OHSU in 2022 after an investigation into workplace culture found it “devalued and marginalized” its HR functions.
-
Dr. Martens, Steve Madden settle $14M patent infringement lawsuit
The British footwear maker had filed a patent infringement lawsuit against competitor Steve Madden and its manufacturer in August 2023.
-
Oregon revenue and economic forecast shows modest uptick
After last year’s $5 billion kicker, a smaller rebate could be in the works for taxpayers.
-
Epicurate sees promise in $36B destination luxury marketplace
Portland startup Epicurate is combining two of the region’s strengths: tech and hospitality as it builds out its private dining and luxury experience platform.
