cybersecurity

Chinese cyberspies, Musk’s Beijing ties, labelled ‘real risk’ to US security by senator

by

November 20, 2024 at 06:55PM Senator Richard Blumenthal warned that U.S. tech companies’ ties to China pose national security risks during a hearing on cybersecurity threats. CrowdStrike revealed its findings on Liminal Panda, a Beijing-backed cyber-espionage group targeting telecommunications networks. Blumenthal criticized companies like SpaceX and Apple for prioritizing profits over American security. ### Meeting … Read more

It’s Near-Unanimous: AI, ML Make the SOC Better

by

November 20, 2024 at 04:30PM A recent Dark Reading survey reveals that 91% of cybersecurity professionals believe AI and machine learning have enhanced their security operations. Key benefits include improved threat detection, reduced false positives, and increased efficiency. These tools are positively impacting enterprise security, streamlining processes, and improving response times for security teams. ### … Read more

Fintech giant Finastra investigates data breach after SFTP hack

by

November 20, 2024 at 03:58PM Finastra confirmed a cybersecurity incident involving compromised credentials on November 7, 2024, with a threat actor selling stolen data. An investigation shows no evidence of broader breaches beyond their Secure File Transfer Platform. The impact assessment is ongoing, and affected clients will be contacted directly. Finastra previously faced a ransomware … Read more

MITRE shares 2024’s top 25 most dangerous software weaknesses

by

November 20, 2024 at 03:43PM MITRE released its annual list of the top 25 common software weaknesses, highlighting vulnerabilities behind 31,000 disclosures from June 2023 to June 2024. These flaws can be exploited by attackers to gain control over systems or steal data. Organizations are encouraged to prioritize addressing these vulnerabilities in their security strategies. … Read more

Ford investigates alleged breach following customer data leak

by

November 20, 2024 at 03:43PM Ford is investigating claims of a data breach involving 44,000 customer records leaked by hackers on a forum. Initially serious, the investigation revealed it involved a third-party supplier and public dealer addresses. Ford confirmed there was no breach of its systems, and the matter is reportedly resolved. **Meeting Notes Takeaways:** … Read more

China’s ‘Liminal Panda’ APT Attacks Telcos, Steals Phone Data

by

November 20, 2024 at 03:38PM A new threat actor, Liminal Panda, has been spying on mobile phones in Asia and Africa for over four years, targeting telecommunications networks to gather sensitive data for potential use by the Chinese state. The group’s tactics involve network-based attacks and exploiting telecommunications infrastructure for economic and political espionage. ### … Read more

US charges five linked to Scattered Spider cybercrime gang

by

November 20, 2024 at 02:29PM The U.S. Justice Department has charged five members of the Scattered Spider cybercrime gang with wire fraud and identity theft, accused of stealing over $11 million from cryptocurrency wallets through SMS phishing. This loosely organized group employs varied tactics and has connections to other hacking collectives and ransomware gangs. ### … Read more

Ubuntu Linux impacted by decade-old ‘needrestart’ flaw that gives root

by

November 20, 2024 at 02:11PM Five local privilege escalation vulnerabilities in Ubuntu’s needrestart utility were discovered by Qualys, tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003. All were fixed in version 3.8. Attackers with local access could exploit these flaws to gain root privileges. ### Meeting Takeaways: 1. **Vulnerability Overview**: Five local privilege escalation (LPE) … Read more

Alleged Ford ‘Breach’ Encompasses Auto Dealer Info

by

November 20, 2024 at 01:16PM On November 17, hackers claimed to breach Ford’s customer records, allegedly stealing 44,000 entries. However, the data consisted mainly of public car dealer addresses, not sensitive customer information. Ford’s investigation found no breach of its systems, attributing the data leak to a third-party supplier. **Meeting Takeaways – Breach Incident Overview … Read more

Mega US healthcare payments network restores system 9 months after ransomware attack

by

November 20, 2024 at 01:09PM Change Healthcare has restored its clearinghouse services after a February ransomware attack, affecting 94% of hospitals. Despite partial recovery, financial strain persists for providers, with over $6 billion loaned. CEO Andrew Witty faced Congress for the decision to pay a $22 million ransom. Security lapses were criticized as “egregious negligence.” … Read more