Welcome to v059 : It’s Cyber Budget Time
November 12, 2024
Breach: 23andMe data breach under investigation in UK and Canada
| Privacy authorities in Canada and the United Kingdom have launched a joint investigation to assess the scope of sensitive customer information exposed in last year’s 23andMe data breach. |  |
News: Top 10 Critical Pentest Findings 2024: What You Need to Know
 |
One of the most effective ways for information technology (IT) professionals to uncover a company’s weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into an organization’s security posture, revealing weaknesses that could potentially lead to data breaches or other security incidents. |
Breach: Lessons from the Snowflake Breaches
| Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of a live event company’s clientele, igniting a firestorm of concern and outrage. |  |
Cyber Savvy AI Antics |
 |
|
The 50th Edition of 501CISO CyberRisk-365 Newsletter Oh, what a milestone, a cyber feat so grand, From phishing attacks to ransomware bites, Remember that issue on password hygiene? With every edition, we’ve cracked a few jokes, So here’s to the readers, our cyber tribe true, Fifty editions down, and many more to go, |
Malware: Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw
| Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from Symantec. |  |
Threat: New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers
 |
Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. |
| These days, banking apps have become integral to financial transactions. As a result banks are finding that ensuring the security of their apps is more critical than ever. Cybercriminals have evolved and so financial providers like banks need to evolve their tools as well. |  |
News: AWS adds passkeys support, warns root users must enable MFA
 |
Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. |
AI: Meta Pauses AI Training on EU User Data Amid Privacy Concerns
| Meta on Friday said it’s delaying its efforts to train the company’s large language models (LLMs) using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission (DPC). |  |
Privacy: California: AG announces $6.75M settlement with Blackbaud
 |
On June 13, 2024, the California Attorney General (AG), Rob Bonta, announced that they had reached a $6.75 million settlement with Blackbaud Inc., a South Carolina-based software company, in relation to violations of consumer protection and privacy laws. |
News: FTC files complaint against Adobe for deceptive cancellation practices
| The Federal Trade Commission has filed a complaint in US federal court against Adobe and two executives, Maninder Sawhney and David Wadhwani, for deceptive practices related to their subscription plans. |  |
News: Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024
 |
As MSPs continue to be the backbone of IT security for numerous businesses, the array of tools at their disposal has grown exponentially. However, this abundance of options isn’t without its drawbacks. The challenge isn’t just in choosing the right tools but in efficiently integrating and managing them to ensure seamless security coverage and operational efficiency. This article delves into the top tools and software MSPs use and the challenges associated with having too many tools. |
News: Biden Bans Kaspersky Software, Gives Users 100 Days To Find Alternative
| President Biden has issued a ban on the sale of all Kaspersky security software in the U.S., effective immediately. The ban also extends to the use of Kaspersky software starting September 29, and it applies to consumers, government and business organizations. Critically, the ban includes security updates for existing customers. |  |
Cloud: Multifactor Authentication Is Not Enough to Protect Cloud Data
 |
Ticketmaster, Santander Bank, and other large firms have suffered data leaks from a large cloud-based service, underscoring that companies need to pay attention to authentication. |
Attack: Hackers that crippled car dealerships demand tens of millions in ransom
| The group responsible for hacking the system of CDK Global has demanded tens of millions of dollars in ransom as the June 19 attack on the company’s systems continues. |  |
AI: Taking a closer look at AI’s supposed energy apocalypse
 |
Late last week, both Bloomberg and The Washington Post published stories focused on the ostensibly disastrous impact artificial intelligence is having on the power grid and on efforts to collectively reduce our use of fossil fuels. The high-profile pieces lean heavily on recent projections from Goldman Sachs and the International Energy Agency (IEA) to cast AI’s “insatiable” demand for energy as an almost apocalyptic threat to our power infrastructure. The Post piece even cites anonymous “some [people]” in reporting that “some worry whether there will be enough electricity to meet [the power demands] from any source.” |
Vulnerability Vortex
Hackers exploit critical D-Link DIR-859 router flaw to steal passwords
| Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords. |  |
Critical GitLab Bug Threatens Software Development Pipelines
 |
The company is urging users running vulnerable versions to patch CVE-2024-5655 immediately, to avoid CI/CD malfeasance. |
Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware
| A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. |  |
Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug
 |
Google ships an Android security update with fixes for 15 vulnerabilities, including a critical-severity flaw in Framework. |
Read also
About Us
Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.
Let’s Socialize
Popular Post
Welcome to v058 : Cyber Fright Night
October 29, 2024