November 15, 2024 at 01:39AM Misconfigured Microsoft Power Pages websites are exposing sensitive data of millions, including personal identifiable information (PII), due to lax access controls. Aaron Costello of AppOmni highlights significant leaks, such as one affecting 1.1 million NHS employees. Organizations must enhance security measures for external-facing sites to prevent data breaches. **Meeting Takeaways:** … Read more
November 12, 2024 at 05:37PM Amazon confirmed employee data was exposed due to the MOVEit vulnerability, affecting a third-party vendor. While files were accessed, Amazon stated its systems remain secure. The incident highlights supply chain vulnerabilities, impacting over 2,700 organizations. Analysts consider this breach one of the largest corporate information leaks last year. **Meeting Summary … Read more
November 8, 2024 at 05:39AM Huntress Managed Security Awareness Training (SAT) transforms traditional cybersecurity training through storytelling, making complex concepts engaging and memorable. In an upcoming webinar, experts will discuss the effectiveness of storytelling, the benefits of a managed solution, and innovative tools to enhance user engagement. Join to revolutionize your security training culture. **Meeting … Read more
November 5, 2024 at 01:45AM Canadian authorities arrested Alexander “Connor” Moucka, suspected of hacking linked to the Snowflake data breach. The breach targeted several major companies, and attackers, possibly part of group UNC5537, extorted victims with threats to sell stolen data. Moucka’s specific charges remain unknown as investigations continue. ### Meeting Takeaways: Data Breach / … Read more
November 1, 2024 at 12:57AM Cybersecurity researchers have revealed the Xiū gǒu phishing kit, used in campaigns targeting multiple countries since September 2024. Over 2,000 phishing sites have been identified, exploiting RCS messages for scams. Google is enhancing protections against such attacks, while Cisco Talos reports ongoing phishing efforts targeting businesses, including OpenAI impersonation scams. … Read more
October 21, 2024 at 09:40AM Microsoft warns macOS users to update systems due to a vulnerability (CVE-2024-44133) in Safari that could allow malware to exploit privacy settings. Attackers may access cameras, microphones, and user locations. The bug breaches Apple’s Transparency, Consent, and Control protections, which Microsoft is actively working to address. ### Meeting Takeaways Summary: … Read more
October 15, 2024 at 01:06PM New variants of the TrickMo Android banking trojan now include features to steal unlock patterns or PINs, allowing attacks even when devices are locked. These versions also improve evasion tactics and target a wide range of applications. Mobile banking malware attacks have increased by 29% from June 2023 to April … Read more
October 10, 2024 at 03:54AM October marks Cybersecurity Awareness Month, emphasizing collaboration between sectors to raise cybersecurity awareness. The SANS AI Toolkit, launching this month, provides resources to help organizations use AI safely. It includes an Acceptable Use Policy and guidelines for users to maximize AI benefits while managing potential vulnerabilities. ### Meeting Notes Takeaways: … Read more
October 9, 2024 at 08:12AM The Consumer Cyber Readiness Report reveals that while consumers acknowledge cyber threats, their adoption of security measures is low. Only 28% have identity theft protection, 54% use malware protection, and just 10% utilize encryption. There’s slight progress in software updates, but many remain uncertain about their security tools. ### Meeting … Read more
October 8, 2024 at 01:04PM Cybersecurity Awareness Month promotes security best practices and empowers organizations to create a culture of security. Companies like AWS, IBM, Intuit, SentinelOne, and Gallo use this month to educate, engage, and inspire their employees and communities. Programs include online and physical security training, expert-led discussions, and educational initiatives for students. … Read more