π’ Uber hit with β¬290m fine for storing European driver data in the US π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The fine marks the latest imposed on Uber by the Dutch data protection authority.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Uber hit with β¬290m fine for storing European driver data in the US
The fine marks the latest imposed on Uber by the Dutch data protection authority
π Uber Hit With β¬290m GDPR Fine π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Dutch data protection regulator has imposed a 290m GDPR fine on Uber for storing driver data in the US without adequate safeguards.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Uber Hit With β¬290m GDPR Fine
The Dutch data protection regulator has imposed a β¬290m GDPR fine on Uber for storing driver data in the US without adequate safeguards
π₯1
π’ Teleport partners with TD Synnex to tackle identity-focused cyber attacks π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The new distribution agreement will enable customers to procure secure infrastructure access solutions from a single source.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
channelpro
Teleport partners with TD Synnex to tackle identity-focused cyber attacks
The new distribution agreement will enable customers to procure secure infrastructure access solutions from a single source
π’ North Korean insider attacks are skyrocketing β dozens of US firms didn't spot the hacker in their midst π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
A North Korean threat campaign sneaking hackers into US firms as fake IT workers is just the tip of the iceberg, researchers have warned.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
North Korean insider attacks are skyrocketing β dozens of US firms didn't spot the hacker in their midst
North Korean threat campaigns are sneaking hackers into US firms as fake IT workers - and the trend shows no sign of stopping
π΅οΈββοΈ Why Every Business Should Prioritize Confidential Computing π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Confidential computing safeguards data in use, making it a crucial component of cloud security.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Why Every Business Should Prioritize Confidential Computing
Confidential computing safeguards data in use, making it a crucial component of cloud security.
π¦Ώ The 5 Best Free Endpoint Protection Platforms for 2024 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Discover our top picks for reputable free endpoint protection platforms and compare their features, pros and cons in this indepth guide.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
The 5 Best Free Endpoint Protection Platforms for 2024
Discover our top picks for reputable free endpoint protection platforms and compare their features, pros and cons in this in-depth guide.
π§ Cost of data breaches: The business case for security AI and automation π§
π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
As Yogi Berra said, Its dj vu all over again. If the idea of the global average costs of data breaches rising year over year feels like more of the same, thats because it is. Data protection solutions get better, but so do threat actors. The other broken record is the underuse or misuse of The post Cost of data breaches The business case for security AI and automation appeared first on Security Intelligence.π Read more.
π Via "Security Intelligence"
----------
ποΈ Seen on @cibsecurity
Security Intelligence
Cost of data breaches: The business case for security AI and automation
IBM's 2024 comprehensive report shows that the use of modern technologies, such as AI automation, reduced breach costs by $2.2 million.
ποΈ CTEM in the Spotlight: How Gartner's New Categories Help to Manage Exposures ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Want to know whats the latest and greatest in SecOps for 2024? Gartners recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this years report Threat Exposure Management, Exposure Assessment Platforms EAP, and Adversarial.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π FBI Flawed Data Handling Raises Security Concerns π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A US Justice Department watchdog has found significant weaknesses in the FBIs physical and online media storage and disposal processes.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
FBI Flawed Data Handling Raises Security Concerns
A US Justice Department watchdog has found βsignificant weaknessesβ in the FBIβs physical and online media storage and disposal processes
π Suspected Cyber-Attack Causes Travel Chaos at Seattle Airport π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Port of Seattle revealed system outages at the citys airport may have been caused by a cyberattack, affecting early Labor Day travel.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Suspected Cyber-Attack Causes Travel Chaos at Seattle Airport
The Port of Seattle revealed system outages at the cityβs airport may have been caused by a cyber-attack, affecting early Labor Day travel
β€1
ποΈ Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The Chinanexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zeroday exploitation of a recently disclosed highseverity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one nonU.S. victim in the Internet service provider ISP, managed service provider MSP and information technology IT sectors as early.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦
High-Risk CVE-2024-7965 Vulnerability in Chromeβs V8 Engine Requires Quick Fix π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways CISA has included a type of confusion vulnerability affecting Google Chrome and potentially other Chromiumbased browsers in its Known Exploited Vulnerabilities KEV catalog, highlighting its seriousness and potential for exploitation. CVE20247965 affects Chrome's V8 JavaScript engine, allowing attackers to exploit heap corruption through specially crafted HTML pages. Its high CVSS score of 8.8 indicates a severe threat to system confidentiality and integrity. Google has acknowledged that CVE20247965 is actively being exploited. A critical patch has been released in Chrome versions 128.0.6613.84 for Linux and 128.0.6613.84.85 for Windows and Mac. Due to the active exploitation of this vulnerability, it is crucial for all users to update their browsers immediat...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
Urgent Fix Needed For Chrome V8 Engine CVE-2024-7965
CVE-2024-7965 is a critical flaw in Chrome's V8 engine, posing high-risk to browsers. Update now to protect against security threats. Learn more at Cyble.
βοΈ New 0-Day Attacks Linked to Chinaβs βVolt Typhoonβ βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Malicious hackers are exploiting a zeroday vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
New 0-Day Attacks Linked to Chinaβs βVolt Typhoonβ
Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltratingβ¦
β€1
π MOVEit Hack Exposed Personal Data of Half Million TDECU Users π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The Texas Dow Employees Credit Union told the Maine Attorney General the MOVEit data breach compromised information of over 500,000 members.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
MOVEit Hack Exposed Personal Data of Half Million TDECU Users
The Texas Dow Employees Credit Union told the Maine Attorney General the MOVEit data breach compromised information of over 500,000 members
π¦
Cloud Storage Bucket Security: PII Leak Brings Renewed Focus to Storage Bucket Access Controls π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Key Takeaways News of a Google Cloud Storage bucket data leak has once again drawn public attention to the risks of misconfigured cloud storage buckets, one of the most common cloud security issues and causes of data leaks. Alices Table, a former contestant on ABCs Shark Tank, inadvertently leaked the personally identifiable information PII of more than 83,000 customers from a misconfigured Google Cloud Storage bucket. The leak underscores the importance of cloud storage bucket access controls as well as regularly auditing permissions and monitoring for data leaks. Cloud storage bucket leaks are very common Cyble Odin is presently detecting more than 500,000 such exposures between AWS and Google Cloud Storage. We look at best practices for cloud storage bucket access con...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
π₯2
π΅οΈββοΈ PoC Exploit for Zero-Click Vulnerability Made Available to the Masses π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Dark Reading
PoC Exploit for Zero-Click Vulnerability Made Available to the Masses
The exploit can be accessed on GitHub and makes it easier for the flaw to be exploited by threat actors.
π Microsoft 365 Copilot Vulnerability Exposes User Data Risks π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The flaw in Microsoft 365 Copilot allowed data theft using ASCII smuggling and prompt injection.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Microsoft 365 Copilot Vulnerability Exposes User Data Risks
The flaw in Microsoft 365 Copilot allowed data theft using ASCII smuggling and prompt injection
ποΈ macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers' server," Kaspersky researcher Sergey Puzan said. HZ RAT was first.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ Nozomi Networks unveils new Mandiant-powered security tools π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The Nozomi TI Expansion Pack provides customers with access to both Nozomi and Mandiant threat intelligence capabilities.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
channelpro
Nozomi Networks unveils new Mandiant-powered security tools
The Nozomi TI Expansion Pack provides customers with access to both Nozomi and Mandiant threat intelligence capabilities
π’ Volt Typhoon is wreaking havoc again β this time on US internet providers π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Chinese statebacked hackers are thought to be actively exploiting a zeroday in SDWAN software to infect corporate networks at US internet providers.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
Volt Typhoon is wreaking havoc again β this time on US internet providers
Chinese state-backed hackers are thought to be actively exploiting a zero-day in SD-WAN software to infect corporate networks at US internet providers
π΅οΈββοΈ Hitachi Energy Vulnerabilities Plague SCADA Power Systems π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Hitachi Energy Vulnerabilities Plague SCADA Power Systems
The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.