October 23, 2024 at 11:07AM Fortinet disclosed a critical API vulnerability, CVE-2024-47575, in FortiManager, exploited in zero-day attacks to steal sensitive data. The company privately alerted customers on October 13, but details leaked online. The flaw, affecting multiple versions, allows unauthorized command execution, posing risks for corporate networks. Mitigations and patches are available. ### Meeting … Read more
October 22, 2024 at 02:39PM The SEC charged Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast for misleading investors about cybersecurity breaches from the 2020 SolarWinds hack. The companies agreed to pay civil penalties totaling approximately $6 million, with fines based on downplayed disclosures regarding their incidents and data access during the breach. ### … Read more
October 22, 2024 at 01:13PM The SEC has imposed penalties on Unisys, Avaya, Check Point, and Mimecast for minimizing the consequences of the SolarWinds Orion hack in their disclosures. This action highlights the importance of transparency in reporting cybersecurity incidents. **Meeting Takeaways:** 1. **SEC Penalties Announced**: The Securities and Exchange Commission (SEC) has imposed penalties … Read more
October 22, 2024 at 12:35PM Four tech companies, including Avaya, Check Point, Mimecast, and Unisys, agreed to pay penalties totaling $7 million to the SEC for misleading disclosures about their involvement in the 2020 SolarWinds hack. The companies were accused of downplaying cybersecurity incidents despite having knowledge of significant breaches affecting their networks. ### Meeting … Read more
October 22, 2024 at 10:52AM Terrance Michael Ciszek, a US police detective, is charged with purchasing stolen account credentials from the Genesis Market on the dark web. **Meeting Takeaways:** 1. **Key Individual:** Terrance Michael Ciszek has been charged with a crime. 2. **Allegation:** He is accused of purchasing stolen account credentials. 3. **Marketplace Involvement:** The … Read more
October 22, 2024 at 04:54AM Johnson & Johnson has reported a data breach that affects the personal information of thousands of individuals. This incident highlights ongoing concerns regarding data security in large corporations. The details of the breach have been shared by SecurityWeek. **Meeting Takeaways:** 1. **Incident**: Johnson & Johnson has disclosed a data breach. … Read more
October 21, 2024 at 05:23PM Nearly half of organizations have long-lived credentials in cloud services, increasing risks of data breaches. Datadog’s 2024 report indicates many credentials are outdated or unused, often leaking in source code. To enhance security, experts recommend avoiding long-lived credentials and adopting short-lived ones along with modern authentication methods. ### Meeting Takeaways: … Read more
October 21, 2024 at 04:17PM The Internet Archive faces renewed security issues after a hacker allegedly accessed Zendesk tokens, sending a mass email revealing vulnerabilities in its systems. Despite previous data breaches, the archive reportedly failed to rotate exposed API keys, raising concerns about proactive security measures. The organization has not commented on the situation. … Read more
October 21, 2024 at 08:11AM Cisco confirmed a security incident involving stolen files from its DevHub environment after a hacker attempted to sell the information. The company is addressing the situation following the breach. **Meeting Notes Summary:** 1. **Incident Confirmation**: Cisco has acknowledged that a security breach occurred, resulting in the theft of certain files … Read more
October 21, 2024 at 06:50AM Nidec, an electric motor manufacturer, has confirmed that a ransomware attack resulted in the theft of both business and internal documents. This incident highlights ongoing cybersecurity vulnerabilities within the industry. **Meeting Takeaways:** 1. **Incident Overview**: Nidec, an electric motor manufacturer, has confirmed that a ransomware attack resulted in the theft … Read more