Flight tracking platform FlightAware is asking some users to reset their account login passwords due to a data security incident that may have exposed personal information. [...]

Investigators previously said the number was much, much higher The data broker at the center of what may become one of the more significant breaches of the year is telling officials that just 1.3 million people were affected.... [...]

Palo Alto Networks published its semi-annual report on ransomware. From the Executive Summary: Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts …

Also: Your external-facing NetSuite sites need a review; five popular malware varieties for Q2, and more Infosec in brief Malware that kills endpoint detection and response (EDR) software has been spotted on the scene and, given it's deploying RansomHub, it could soon be prolific.... [...]

A new data extortion group tracked as Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to distract while exfiltrating data from the target device. [...]

A clever disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and spam sites. [...]

How did I not know before now that there was a market for squid oil ? The squid oil market has experienced robust growth in recent years, expanding from $4.56 billion in 2023 to $4.94 billion in 2024 at a compound annual growth rate (CAGR) of 8.5 …

Names, addresses, Social Security numbers, more all out there A Florida firm has all but confirmed that millions of people's sensitive personal info was stolen from it by cybercriminals and publicly leaked.... [...]

Attacker locked out all staff for four days The cryptocurrency offshoot of reality TV and entrepreneurship show Unicorn Hunters has confirmed that an unknown attacker compromised its G-Suite, locking all staff out of their accounts.... [...]

Amazon Simple Storage Service (Amazon S3) is a widely used object storage service known for its scalability, availability, durability, security, and performance. When sharing data between organizations, customers need to treat incoming data as untrusted and assess it for malicious files before ingesting it into their downstream processes. This …

Microsoft warned Entra global admins on Thursday to enable multi-factor authentication (MFA) for their tenants until October 15 to ensure users don't lose access to admin portals. [...]

Background check service National Public Data confirms that hackers breached its systems after threat actors leaked a stolen database with millions of social security numbers and other sensitive personal information. [...]

CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support. [...]

Compliance isn't a one-time goal; it's an ongoing process. As your organization and the regulatory environment evolve, so too does Assured Workloads. Here are the latest additions to our portfolio of software-defined controls and policies that can make supporting your compliance requirements easier on Google Cloud. Introducing Compliance Updates …

Take a deep dive into the world of emerging cyber threats and defense strategies with Cloudflare Webinar In a world where cyber threats are continually evolving, staying informed is critical for IT and security professionals.... [...]

A common yet overlooked type of weak password are keyboard walk patterns. Learn more from Specops Software on finding and blocking keyboard walk passwords in your organization. [...]

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it …

A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds …

Teams wanting the cash have to commit to handing their models to OpenSSF after next year's final One year after it began, the DARPA AI Cyber Challenge (AIxCC) has whittled its pool of contestants down to seven semifinalists.... [...]

Enlarge / Roger Stone, former adviser to Donald Trump's presidential campaign, center, during the Republican National Convention (RNC) in Milwaukee on July 17, 2024. (credit: Getty Images) Google's Threat Analysis Group confirmed Wednesday that they observed a threat actor backed by the Iranian government targeting Google accounts associated with US …

RansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks [...]

US politicians and Israeli officials among the top targets for the IRGC’s cyber unit Google has joined Microsoft in publishing intel on Iranian cyber influence activity following a recent uptick in attacks that led to data being leaked from the Trump re-election campaign.... [...]

Are you curious about the new enhancements in Cloud NAT ? Have you explored Cloud NGFW Enterprise ? In this blog we dive into both of these topics with informative video demos on both that you can watch at any time. # 1- Cloud NAT and NGFWs Cloud NAT and Cloud NGFW …

Welcome to the first Cloud CISO Perspectives for August 2024. Today I’m adapting our upcoming Perspectives on Security for the Board report. It examines three key cybersecurity topics from the vantage of the board of directors: multifactor authentication, digital sovereignty, and — the one I’ll be focusing on …

Welcome to the first Cloud CISO Perspectives for August 2024. Today I’m adapting our upcoming Perspectives on Security for the Board report. It examines three key cybersecurity topics from the vantage of the board of directors: multifactor authentication, digital sovereignty, and — the one I’ll be focusing on …

Welcome to the first Cloud CISO Perspectives for August 2024. Today I’m adapting our upcoming Perspectives on Security for the Board report. It examines three key cybersecurity topics from the vantage of the board of directors: multifactor authentication, digital sovereignty, and — the one I’ll be focusing on …

From the Federal Register : After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three …

Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. [...]

He’ll also have to pay back $1.2 million from fraudulent transactions he facilitated A Russian national is taking a trip to prison in the US after being found guilty of peddling stolen credentials on a popular dark web marketplace.... [...]

Anydesk is its access tool of choice A new extortion gang called Mad Liberator uses social engineering and the remote-access tool Anydesk to steal organizations' data and then demand a ransom payment, according to Sophos X-Ops.... [...]

Payment arm of Korean messaging app denies any illegal activity Kakao Pay, a subsidiary of Korea's WhatsApp analog Kakao, handed over data from more than 40 million users to the Singaporean arm of Chinese payment platform Alipay, without user consent, Korea's financial watchdog revealed Tuesday.... [...]

No, no, go ahead, don't let us stop you, Xi Cyber-spies suspected of connections with China have infected "dozens" of computers belonging to Russian government agencies and IT providers with backdoors and trojans since late July, according to Kaspersky.... [...]

​Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace of stolen logins, until its seizure in June 2021. [...]

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled. [...]

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. [...]

The U.S. National Institute of Standards and Technology (NIST) has released the first three encryption standards designed to resist future cyberattacks based on quantum computing technology. [...]

Citizen Lab also spots a COLDWASTREL swimming in the Rivers of Phish Russia's Federal Security Service (FSB) cyberspies, joined by a new digital snooping crew, have been conducting a massive online phishing espionage campaign via phishing against targets in the US and Europe over the past two years, according …

Lone Star State alleges GM cashed in with "millions in lump sum payments" from the sale Texas has sued General Motors for what it said is a years-long scheme to collect and sell drivers' data to third parties - including insurance companies - without their knowledge or consent.... [...]

In today’s digital landscape, managing secrets, such as passwords, API keys, tokens, and other credentials, has become a critical task for organizations. For some Amazon Web Services (AWS) customers, centralized management of secrets can be a robust and efficient solution to address this challenge. In this post, we …

Three state attorneys general probed the company and found plenty to chastise Biotech biz Enzo Biochem is being forced to pay three state attorneys general a $4.5 million penalty following a 2023 ransomware attack that compromised the data of more than 2.4 million people.... [...]

Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN : In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver …

Hackers targeted AutoCanada in a cyberattack last Sunday that impacted the automobile dealership group's internal IT systems, which may lead to disruptions. [...]

This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is on the 24th. The list is maintained on this page. [...]

A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today. [...]

Biz admits turning human women into faceless, sexualized furniture was a 'tone deaf' marketing ploy If you attended the Black Hat conference in Vegas last week and found yourself over in Palo Alto Networks' corner of the event, you may have encountered a marketing gimmick that has since been …

Questions raised as one of the world's largest PC makers joins America's critical defense team Opinion Lenovo's participation in a cybersecurity initiative has reopened old questions over the company's China origins, especially in light of the growing mistrust between Washington and Beijing over technology.... [...]

There's a blockchain involved so it's totally going to stop you getting those calls India’s Telecom Regulatory Authority (TRAI) on Tuesday directed telcos to stop calls from unregistered telemarketers – and prevent them from using networks again for up to two years – as part of an effort to curb …

Nicely ahead of that always-a-decade-away moment when all our info becomes an open book The National Institute of Standards and Technology (NIST) today released the long-awaited post-quantum encryption standards, designed to protect electronic information long into the future – when quantum computers are expected to break existing cryptographic algorithms.... [...]

Plus more pain for Intel which fixed 43 bugs, SAP and Adobe also in on the action Patch Tuesday Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that are listed as publicly known.... [...]

Plus more pain for Intel which fixed 43 bugs, SAP and Adobe also in on the action Patch Tuesday Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that are listed as publicly known.... [...]