June 24, 2024 at 05:39AM Threat actors claimed to have stolen information on millions of Ticketek users after a data breach on the cloud-based platform. User account details, but not payment information, may have been compromised. The incident seems linked to the Snowflake campaign, and a hacker claimed to offer information on 30 million customers. … Read more
June 21, 2024 at 04:58PM Abstract Security, a cybersecurity innovator, has announced the general availability of its cutting-edge security operations platform. The platform, in use by customers, aids in navigating data complexities, enhancing security effectiveness, and reducing costs. It offers advanced analytics, security pipelines, and optimized storage. Additionally, Abstract has expanded its team and garnered … Read more
June 21, 2024 at 03:08PM UNC5537, a cybercriminal group, has recently targeted several companies, stealing millions of customer records and demanding large ransoms. An analysis suggests the breaches were due to compromised credentials and poor authentication controls. The incidents highlight the need for stronger security measures, including widespread adoption of multifactor authentication and stricter access … Read more
June 20, 2024 at 12:45PM The text highlights the increasing risks associated with email threats in 2023, with a rise in phishing, malware attacks, and business email compromise (BEC) incidents. It emphasizes the limitations of built-in security for popular email services and recommends leveraging a SaaS-based platform like Cloud App Security for comprehensive visibility and … Read more
June 19, 2024 at 03:50PM Advance Auto Parts confirmed a data breach as a threat actor attempted to sell stolen data on a hacking forum. The breach affected personal information of current and former employees, job applicants, and possibly customers. The company will provide breach notifications, identity restoration services, and has incurred $3 million in … Read more
June 18, 2024 at 04:34PM Broadcom releases fixes for three vulnerabilities in VMware vCenter, with two critical vulnerabilities allowing remote code execution. The vulnerabilities could allow attackers to execute code on managed VMs. In addition, there are patch updates for local privilege escalation vulnerabilities. VMware, with a large customer base, faces increased risk due to … Read more
June 18, 2024 at 09:08AM The recent attacks on customer accounts hosted on the Snowflake data warehousing platform may indicate a shift towards targeting SaaS application environments by threat actors. A threat group, UNC3944, has broadened its focus to enterprise SaaS applications and uses tactics like ransomware attacks, credential phishing, social engineering, and creating new … Read more
June 18, 2024 at 07:30AM Organizations are increasingly prioritizing investment in SaaS security, with 70% establishing dedicated teams and boosting budgets and headcount, according to the Cloud Security Alliance’s “2025 CISO Plans and Priorities” survey. The report highlights improved security capabilities but also challenges in achieving visibility into business-critical apps. The adoption of SaaS Security … Read more
June 17, 2024 at 02:42AM The notorious cyber gang UNC3944, implicated in recent attacks on Snowflake and MGM Entertainment, is now targeting SaaS applications. They have shifted to primarily focusing on data theft extortion without using ransomware and employ social engineering tactics to compromise high-privilege accounts. UNC3944 has expanded its targets to include various SaaS … Read more
June 14, 2024 at 03:45PM Apple’s announcement of its generative AI capabilities, called Apple Intelligence, emphasized data security and privacy. The system enables context-sensitive searches, email tone editing, and graphics creation locally on devices. While Apple detailed privacy and security measures, challenges with large language models and app interactions remain. Companies need to address potential … Read more