November 24, 2023 at 01:20PM Open-source file sharing software ownCloud has issued warnings about three critical security vulnerabilities. The first flaw exposes administrator passwords and mail server credentials. The second flaw allows unauthorized access to files without authentication. The third flaw bypasses subdomain validation in the OAuth2 library. Users are advised to apply recommended fixes … Read more
November 8, 2023 at 01:17PM Russian financial organization Sberbank recently faced its largest distributed denial of service (DDoS) attack in history. The attack reached 1 million requests per second (RPS), four times larger than any previous attack on the bank. However, it is not as significant as recent record-breaking DDoS attacks, which reached up to … Read more
October 24, 2023 at 11:11AM French professional basketball team LDLC ASVEL has confirmed a data breach after being targeted by the NoEscape ransomware gang. The attackers claimed to have stolen 32 GB of data, including personal information and confidential documents. The ransomware group has threatened to publish the stolen data if a ransom is not … Read more
October 13, 2023 at 09:19AM SecurityWeek provides a concise compilation of noteworthy cybersecurity stories. This week’s stories include the appeal of former Uber security chief Joe Sullivan against his conviction for covering up a data breach, a bounty offered for finding the NIST elliptic curve seeds, analysis of surveillance products by NSO Group competitor Intellexa, … Read more
October 12, 2023 at 01:12PM The US Securities and Exchange Commission (SEC) has launched an investigation into Progress Software’s MOVEit transfer tool vulnerability, which exposed the data of over 2,000 organizations and 60 million individuals. The flaw, tracked as CVE-2023-34362, was exploited by the Cl0p ransomware group to steal data. Progress Software received a subpoena … Read more
October 12, 2023 at 09:59AM Former Uber CISO Joseph Sullivan’s lawyers have argued in an appeal that his conviction for charges related to a 2016 data breach should not stand as it threatens bug bounty programs. They describe the verdict as “profoundly flawed” and claim that it jeopardizes the valuable tool used by security teams … Read more
October 12, 2023 at 08:59AM Shadow PC, a cloud gaming service, has notified customers of a data breach resulting from a social engineering attack on an employee. An info-stealer malware was used to steal customer data, including names, email addresses, dates of birth, billing addresses, and credit card expiration dates. Shadow has revoked the stolen … Read more
October 11, 2023 at 05:08PM The BianLian extortion group claims to have stolen 210GB of data from Air Canada, including technical and operational information, employee personal data, vendor and supplier information, and confidential documents. The group has shared screenshots of the stolen data as proof. Air Canada has acknowledged the threats but has not confirmed … Read more
October 11, 2023 at 10:35AM Microsoft Copilot is an AI assistant integrated into Microsoft 365 apps that aims to improve productivity by searching and compiling data across documents, presentations, emails, and more. However, this access to sensitive data raises security concerns for information security teams. Varonis offers a Data Security Platform that can help address … Read more
October 11, 2023 at 10:08AM Global cyberattacks have risen by 38% in 2022, as reported by Check Point. The cost of a data breach is also increasing, averaging $9.44 million in the US and $4.25 million globally in 2022. To combat this, the National Institute of Standards and Technology (NIST) has updated its Cybersecurity Framework … Read more