Tag: Information Security Buzz

Cloud computing has its perks: speed, scalability, and innovation, to name just a few. However, increasing reliance on cloud computing has changed the threat landscape and created substantial points of vulnerability.   The toxic cloud trilogy of cloud workload risks –…

Read more →

Cybersecurity analyst Jeremiah Fowler has discovered an unprotected Amazon S3 database that wasn’t encrypted or password protected and contained some 27,000 records. The records included highly personal information such as driver’s licenses, Medicaid cards, work statements, and bank statements that…

Read more →

The EU AI Act represents a crucial step towards responsible AI development, deployment, and use of AI in the European Union. However, Lamprini Gyftokosta, Director of Artificial Intelligence and Human Rights at Homo Digitalis, raises serious questions about its effectiveness…

Read more →

A new ransomware gang, Arkana Security, is claiming responsibility for an enormous breach at WideOpenWest (WoW), one of the largest cable operators and ISPs in the US.  The malicious actors boasted they had full backend control and even put a…

Read more →

Silicon Valley security provider AppSOC has branded DeepSeek-R1, one of the latest highly advanced artificial intelligence (AI) models to emerge from China, a “high-risk model unsuitable for enterprise use.” They strongly recommend that enterprises not use the DeepSeek-R1 model provided on…

Read more →

Despite Oracle’s denial of a breach affecting its Oracle Cloud federated SSO login servers, Bleeping Computer has confirmed with multiple companies that data samples shared by the threat actor are authentic.  Recently, a threat actor, “rose87168,” claimed to be selling…

Read more →

Five critical security vulnerabilities have been found in the Ingress NGINX Controller for Kubernetes, potentially enabling unauthenticated remote code execution. This exposure puts over 6,500 clusters at immediate risk by making the component accessible via the public internet.  The vulnerabilities,…

Read more →

Rhino Security researchers have identified multiple critical vulnerabilities in Appsmith, an open-source developer platform commonly used for building internal applications. The most severe of these is CVE-2024-55963, which enables unauthenticated attackers to execute arbitrary system commands on servers running default…

Read more →

The cybersecurity landscape is facing a critical turning point as quantum computing (QC) rapidly advances. Delaying the implementation of post-quantum cryptography (PQC) solutions could have devastating consequences for data privacy.   Traditional encryption methods, including RSA and ECC, are on the…

Read more →

A powerful new attack tool, Atlantis AIO, is making it easier than ever for cybercrooks to access online accounts. Designed to perform credential stuffing attacks automatically, Atlantis AIO enables hackers to test millions of stolen usernames and passwords in rapid…

Read more →

The latest email threat landscape report from cybersecurity solutions provider Fortra identifies how stolen personal data is being leveraged to curate very detailed email attacks. Almost all these attacks are social engineering or phishing attacks, often across multiple channels, with…

Read more →

FCC Chairman Brendan Carr has announced the creation of a new Council on National Security within the agency, which he says aims at strengthening US defenses against foreign technology threats — particularly those from China.  According to the FCC, the…

Read more →

As APIs become more integral to both everyday digital services and complex AI systems, concerns over their security are growing — and not without good reason. APIs are the connective tissue of modern software, but without strong governance, they can…

Read more →

The latest threat landscape report from ReliaQuest has unearthed some concerning findings regarding the critical threats faced by the hospitality and recreation sector. These include identifying a 43% increase in ransomware attacks, the discovery that 44% of phishing emails contained…

Read more →

Over 23,000 organizations may be at risk following a supply chain attack affecting tj-actions/changed-files GitHub Action, say researchers at StepSecurity.    GitHub Actions is a CI/CD service that allows developers to automate software builds and testing. Workflows run in response to…

Read more →

A major security flaw has been found in RSA encryption keys used across the internet. Researchers discovered that about one in 172 online certificates are at risk due to a mathematical weakness.  The issue mainly affects Internet of Things (IoT)…

Read more →

In 2024, vulnerability disclosures hit an all-time high, with over 30,000 vulnerabilities recorded in the National Vulnerability Database (NVD). Unfortunately, we can expect these numbers to continue rising as the use of open source, GenAI, and software overall is ever-growing.…

Read more →

In a recent investigation, Tenable researchers explored how DeepSeek, a large language model (LLM) built by a Chinese company, can be exploited to generate malware, including keyloggers and ransomware, despite its initial refusal to engage in harmful activities.  Unlike popular…

Read more →

Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated modular macOS malware that targets Xcode projects. The malware was found in the wild during routine threat hunting and is the first known XCSSET variant to surface since…

Read more →

Industrial cybersecurity firm Dragos has revealed that a small electric and water utility in Massachusetts was breached by a sophisticated Chinese Advanced Persistent Threat (APT) group for over 300 days.  The attack targeted Littleton Electric Light and Water Departments (LELWD),…

Read more →