By: Brian Dean, Senior Security Consultant, QSA Change is in the Air 2024 is almost here, and that means PCI DSS 4.0 will soon go into effect. The newest version will have some mandatory controls on March 31, 2024, for…
Category: EN
Ninety Percent of Energy Companies Suffer Supplier Data Breach
Forty-three of the world’s 48 largest energy companies were hit by a third-party data breach over the past year This article has been indexed from www.infosecurity-magazine.com Read the original article: Ninety Percent of Energy Companies Suffer Supplier Data Breach
Governments Spying on Apple and Google Users, Says Senator
Secret government requests for Android and iOS push notification data should be made public, argues Ron Wyden This article has been indexed from www.infosecurity-magazine.com Read the original article: Governments Spying on Apple and Google Users, Says Senator
Top Security Trends and Predictions for 2024
Approov stands at the forefront of mobile cybersecurity: Our expansive customer base, ongoing research initiatives and the insights we collect from our live threat metrics, give us unique visibility into trends in mobile security. Based on this data, we wanted…
Cambridge Hospitals Admit Two Excel-Based Data Breaches
Information on cancer and maternity patients was accidentally disclosed by Cambridge University Hospitals NHS Foundation Trust This article has been indexed from www.infosecurity-magazine.com Read the original article: Cambridge Hospitals Admit Two Excel-Based Data Breaches
Akira Ransomware Exploiting Zero-day Flaws For Organization Network Access
The Akira ransomware group, which first appeared in March 2023, has been identified as a serious threat to data security. It encrypts data and demands a ransom for decryption, affecting both Windows and Linux devices. The group has about 140…
The Imperative for Zero Trust in a Cloud-Native Environment
What is Zero Trust Security? Zero-trust security is not a specific technology or product, but a security model based on the concept that “All entities are untrusted”. Forrester defines zero trust as “Zero Trust is an information security model that…
Belgian man charged with smuggling sanctioned military tech to Russia and China
Indictments allege plot to shift FPGAs, accelerometers, and spycams A Belgian man has been arrested and charged for his role in a years-long smuggling scheme to export military-grade electronics from the US to Russia and China.… This article has been…
Hackers Deliver AsyncRAT Through Weaponized WSF Script Files
The AsyncRAT malware, which was previously distributed through files with the .chm extension, is now being disseminated via WSF script format. The WSF file was found to be disseminated in a compressed file (.zip) format through URLs included in emails. AsyncRAT spreads…
Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger
Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the “most significant milestone yet.” “This isn’t a routine security update: we rebuilt the app…
New Stealthy ‘Krasue’ Linux Trojan Targeting Telecom Firms in Thailand
A previously unknown Linux remote access trojan called Krasue has been observed targeting telecom companies in Thailand by threat actors to main covert access to victim networks at lease since 2021. Named after a nocturnal female spirit of Southeast Asian folklore, the…
JoyGames – 4,461,787 breached accounts
In December 2019, the forum for the JoyGames website suffered a data breach that exposed 4.5M unique email addresses. The impacted data also included usernames, IP addresses and salted MD5 password hashes. This article has been indexed from Have I…
Sierra Wireless routers are vulnerable to Cyber Attacks
Sierra Wireless, a Canadian company specializing in industrial web connectivity solutions, has recently come under scrutiny due to security concerns. Security experts have identified approximately 21 vulnerabilities in the software of its routers, such as OpenDNS and TinyXML. These vulnerabilities…
Ransomware in 2024: Anticipated impact, targets, and landscape shift
As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. This will put organizations at higher risk if they don’t adopt a more…
Using AI and automation to manage human cyber risk
Despite advanced security protocols, many cybersecurity incidents are still caused by employee actions. In this Help Net Security video, John Scott, Lead Cybersecurity Researcher at CultureAI, discusses how integrating AI and automation into your cybersecurity strategy can improve employee behaviors…
Australia building ‘top secret’ cloud to catch up and link with US, UK intel orgs
Plans to share ‘vast amounts of data’ – very carefully Australia is building a top-secret cloud to host intelligence data and share it with the US and UK, which have their own clouds built for the same purpose.… This article…
Third-party breaches shake the foundations of the energy sector
90% of the world’s largest energy companies experienced a third-party breach in the past 12 months, according to SecurityScorecard. Powering the global economy and everyday activities, the energy sector’s significance makes it a key focus for cyber threats. The urgency…
OpenTofu: Open-source alternative to Terraform
OpenTofu is an open-source alternative to Terraform’s widely used Infrastructure as Code provisioning tool. Previously named OpenTF, OpenTofu is an open and community-driven response to Terraform’s recently announced license change from a Mozilla Public License v2.0 (MPLv2) to a Business…
Splunk Predictions 2024: Leadership Trends and Emerging Technologies
Ready or not, here comes 2024. From resilience to board priorities, Splunk executives across security, IT and engineering weigh in on what to expect in the era of AI. AI: The hype will pay off, but business impact will take…
Splunk Data Security Predictions 2024
The AI promises of today may become the cybersecurity perils of tomorrow. Discover the emerging opportunities and obstacles Splunk security leaders foresee in 2024: Talent: AI will alleviate skills gaps while creating new functions, such as prompt engineering. Data privacy:…