December 4, 2024 at 03:40AM French and Dutch police dismantled the Matrix chat app, designed for secure criminal communication, following its discovery during a murder investigation. A joint task force compromised the app, accessing 2.3 million messages across 40 servers, revealing discussions on illicit activities. Investigations continue with multiple arrests anticipated. **Meeting Notes Takeaways:** 1. … Read more
December 4, 2024 at 02:15AM A joint advisory from Australia, Canada, New Zealand, and the U.S. warns of a Chinese cyber espionage campaign targeting telecommunications. The group, known as Salt Typhoon, has been active since 2020, with ongoing intrusions. Cybersecurity guidance emphasizes strengthening network defenses to mitigate associated risks amid escalating U.S.-China trade tensions. **Meeting … Read more
December 4, 2024 at 12:45AM Veeam released security updates for a critical vulnerability (CVE-2024-42448) in its Service Provider Console, which allows remote code execution. Another vulnerability (CVE-2024-42449) poses risks of NTLM hash leakage and file deletion. Users must upgrade to version 8.1.0.21999 to mitigate risks as there are no alternative fixes. **Meeting Takeaways – December … Read more
December 4, 2024 at 12:45AM A critical vulnerability (CVE-2024-10905) in SailPoint’s IdentityIQ software allows unauthorized access to application directory content, with a CVSS score of 10.0. Affected versions include 8.2, 8.3, and 8.4, along with their respective patch levels. No security advisory from SailPoint has been released yet. **Meeting Takeaways – December 4, 2024** 1. … Read more
December 4, 2024 at 12:45AM A new phishing campaign uses corrupted Microsoft Office documents and ZIP files to bypass email defenses, evading antivirus software and spam filters. These malicious emails entice users with false promises, leveraging built-in recovery features for execution. The technique, identified since August 2024, aims for credential theft and malware deployment. **Meeting … Read more
December 3, 2024 at 09:37PM The FTC has settled with data brokers Gravy Analytics and Mobilewalla for selling sensitive location data without consent. Both companies will delete improperly obtained data and enhance privacy measures, as well as refrain from distributing information about visits to sensitive locations. This bipartisan ruling highlights ongoing privacy concerns among regulators. … Read more
December 3, 2024 at 06:55PM SailPoint reported a critical vulnerability (CVE-2024-10905) in its IdentityIQ IAM platform, classified as a directory traversal flaw. Customers are urged to upgrade to versions 8.4p2, 8.3p5, and 8.2p8. No advisory has been issued, and the company did not respond to inquiries about possible exploits. **Meeting Takeaways: Major Vulnerability in SailPoint … Read more
December 3, 2024 at 05:53PM Federal authorities are urging telecom companies to enhance network security after a significant Chinese hacking campaign accessed Americans’ private data. The FBI and cybersecurity agencies issued technical recommendations to thwart further cyberespionage, while the scale and ongoing access of the attackers remain unclear. This broad attack is part of China’s … Read more
December 3, 2024 at 05:39PM Many organizations using CDN-provided WAF services are misconfiguring them, exposing back-end servers to direct attacks. This affects nearly 40% of Fortune 100 companies, including major brands. Researchers found that inadequate request validation and lack of security best practices are primary causes of this widespread vulnerability, making servers accessible to Internet … Read more
December 3, 2024 at 05:39PM BigID has launched Data Activity Monitoring, enhancing data security by proactively managing risks, identifying insider threats, and ensuring compliance. Unlike traditional tools, it tracks data access activity for improved decision-making and faster investigations. BigID continues to receive accolades for its innovative approaches in data security and compliance management. **Meeting Takeaways … Read more