September 17, 2024 at 01:38PM The FCC reached a $13 million settlement with AT&T over a 2023 data breach involving 9 million wireless accounts. The breach exposed customer information, including CPNI data. AT&T also agreed to strengthen its data protection practices and implement an Information Security Program. Additionally, AT&T faced another data breach in 2024, … Read more
August 28, 2024 at 05:13AM The threat group Bling Libra, known for the Ticketmaster breach, has evolved its tactics from data theft to extortion-based attacks targeting cloud environments. Using stolen credentials, they infiltrate AWS, exfiltrate data, and demand ransom. Weak authentication practices leave organizations vulnerable, emphasizing the need for multifactor authentication and secure IAM solutions … Read more
August 16, 2024 at 10:06AM Ransomware attacks are on the rise not due to increased sophistication, but because many large enterprises lack adequate cybersecurity resilience. The lack of ransomware resilience can be attributed to organizations not implementing foundational practices and failing to verify and validate their effectiveness over time. Focusing on recommitting to basic practices, … Read more
May 20, 2024 at 01:56PM Google promotes its security superiority over Microsoft in wake of recent breaches. A white paper criticizes Microsoft’s handling of security breaches and advocates for firms to switch to Google’s services. Google contends that Workspace offers superior security practices and takes a direct shot at its rival. An offer to entice … Read more
April 9, 2024 at 02:54PM Microsoft released a significant security patch addressing at least 150 vulnerabilities, including a critical flaw in Azure Kubernetes Service (CVE-2024-29990) enabling unauthenticated attackers to assume full control. This release also encompasses fixes for remote code execution issues in various Microsoft products. The move follows criticism of Microsoft’s security practices and … Read more
November 4, 2023 at 12:30PM The US Securities and Exchange Commission (SEC) has charged SolarWinds and its chief information security officer (CISO), Timothy Brown, for allegedly misleading investors about cybersecurity practices and risks before the disclosure of a major hacker attack. The SEC claims that SolarWinds’ filings misled investors while Brown knew of specific cybersecurity … Read more