In April of this year, London Drugs faced a cyber attack, which led to the encryption of their servers. The company promptly announced its efforts to seek alternative methods to recover the stolen data in collaboration with law enforcement. However,…
Category: EN
Can a Cyber Threat Abruptly Evolve into a Ransomware Attack
In today’s digital landscape, the evolution of cyber threats poses significant challenges for individuals and organizations alike. One pressing concern is the sudden escalation of a seemingly minor cyber threat into a full-fledged ransomware attack. This phenomenon has become increasingly…
Hackers Breached Western Sydney University Microsoft 365 & Sharepoint Environments
Western Sydney University has informed approximately 7,500 individuals today of an unauthorized access incident involving its IT network. The breach, first identified in January 2024, affected the University’s Microsoft Office 365 environment, including email accounts and SharePoint files. The earliest…
Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings
Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future. “As adversarial threats become more sophisticated, so does the need to…
QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances
Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached storage (NAS) appliances. The issues, which impact QTS 5.1.x and QuTS hero…
Authelia: Open-source authentication and authorization server
Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests. Authelia connects directly to the reverse proxy but never to…
Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated…
Cybersecurity jobs available right now: May 22, 2024
Associate Director, Cyber Security AstraZeneca | Sweden | On-site – View job details You will develop and implement security policies, procedures, and operating practices in this role. You will coordinate risk profile development and distribution to IT business-facing audiences and…
CEOs accelerate GenAI adoption despite workforce resistance
CEOs are facing workforce, culture and governance challenges as they act quickly to implement and scale generative AI across their organizations, according to IBM. The annual global study of 3,000 CEOs from over 30 countries and 26 industries found that…
Technological complexity drives new wave of identity risks
Security leaders are facing increased technological and organizational complexity, which is creating a new wave of identity risks for their organizations, according to ConductorOne. Based on a survey of 523 US-based IT security leaders at companies with 250 to 10,000…
Kentik for Ansible Automation Platform now certified with Red Hat
The Kentik Collection is now Red Hat Ansible Certified Content, and is available on Ansible automation hub. The highlight of this is Event-Driven Ansible, an event source plugin from Kentik to accept alert notification JSON. This works in conjunction with…
ISC Stormcast For Wednesday, May 22nd, 2024 https://isc.sans.edu/podcastdetail/8992, (Wed, May 22nd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, May 22nd, 2024…
Uncle Sam to inject $50M into auto-patcher for hospital IT
Boffins, why not simply invent an algorithm that autonomously fixes flaws, thereby ending ransomware forever The US government’s Advanced Research Projects Agency for Health (ARPA-H) has pledged more than $50 million to fund the development of technology that aims to…
Hackers Leverage AI as Application Security Threats Mount
Reverse-engineering tools, rising jailbreaking activities, and the surging use of AI and ML to enhance malware development were among the worrying trends in a recent report. AI and ML are making life easier for developers. They’re also making life easier…
AI Companies Make Fresh Safety Promise at Seoul Summit, Nations Agree to Align Work on Risks
Leading artificial intelligence companies made pledge to develop AI safely, while world leaders agreed to build a network of publicly backed safety institutes to advance research and testing of the technology. The post AI Companies Make Fresh Safety Promise at…
FUD: How Fear, Uncertainty, and Doubt can ruin your security program
The post FUD: How Fear, Uncertainty, and Doubt can ruin your security program appeared first on Click Armor. The post FUD: How Fear, Uncertainty, and Doubt can ruin your security program appeared first on Security Boulevard. This article has been…
Back to Cooking: Detection Engineer vs Detection Consumer, Again?
This is not a blog about the recent upheaval in the magical realm of SIEM. We have a perfectly good podcast / video about it (complete with hi-la-ri-ous XDR jokes, both human and AI created). This is about something that…
Breach Forums Plans Dark Web Return This Week Despite FBI Crackdown
By Waqas The strange and tricky world of cybercrime and the dark web is getting stranger and trickier! This is a post from HackRead.com Read the original post: Breach Forums Plans Dark Web Return This Week Despite FBI Crackdown This…
SaaS BOM: The Advantage for Securing SaaS Ecosystems
Introduction It’s not a secret that organizations are increasingly investing in software-as-a-service (SaaS) solutions. It’s not just about keeping pace with competitors; it’s about maximizing efficiency, enhancing collaboration, and driving innovation. However, this power brings challenges, especially the complexities and…
USENIX Security ’23 – Rods with Laser Beams: Understanding Browser Fingerprinting on Phishing Pages
Authors/Presenters: Iskander Sanchez-Rola, Leyla Bilge, Davide Balzarotti, Armin Buescher, Petros Efstathopoulos Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the…