Helldown ransomware exploits Zyxel VPN flaw to breach networks

November 19, 2024 at 12:03PM The ‘Helldown’ ransomware operation targets vulnerabilities in Zyxel firewalls, enabling data theft and device encryption. Newly documented, it has quickly amassed victims, primarily small to medium-sized firms. Recent findings indicate potential exploitation of a specific Zyxel vulnerability, with ongoing investigations into its tactics and payloads. **Meeting Takeaways: Helldown Ransomware Operation … Read more

Hybrid Work Exposes New Vulnerabilities in Print Security

October 16, 2024 at 04:02PM The transition to hybrid work has increased vulnerabilities in corporate print infrastructures, exposing organizations to security risks, including unmanaged printers and inadequate authentication. A survey revealed 67% experienced print-related incidents in 2024. Experts emphasize the need for prioritizing print security and adopting zero-trust principles in cloud printing environments. ### Meeting … Read more

Normalizing Security Culture: Don’t Have to Get Ready If You Stay Ready

October 2, 2024 at 01:44AM National Cybersecurity Awareness Month in the U.S. encourages annual security education. Employee involvement is crucial to the organization’s security. Human error leads to 68% of breaches and is more common than technical vulnerabilities. The impact of security on an organization’s image and reputation is significant. Regular communication and feedback can … Read more

T-Mobile to Pay Millions to Settle With FCC Over Data Breaches

October 1, 2024 at 11:48AM T-Mobile will invest $15.75 million in cybersecurity and pay the same amount to settle an FCC investigation into four data breaches. The settlement resolves the issue and reflects the company’s commitment to rectifying the situation. This decision comes after T-Mobile’s ongoing efforts to address security concerns. Based on the meeting … Read more

T-Mobile pays $31.5 million FCC settlement over 4 data breaches

September 30, 2024 at 03:23PM The FCC settled with T-Mobile for $31.5 million over data breaches compromising millions of U.S. consumers’ personal information. T-Mobile is required to invest $15.75 million in cybersecurity, pay a civil penalty, and implement enhanced security measures. The FCC emphasizes the importance of strong cybersecurity protections for consumer data and has … Read more

Cisco Patches High-Severity Vulnerabilities in IOS Software

September 26, 2024 at 09:19AM SecurityWeek Network offers cybersecurity news, webcasts, and virtual events. It covers various topics such as malware, cyberwarfare, data breaches, ransomware, and more. It also provides information on security operations, threat intelligence, incident response, and risk management. Additionally, it features sections on CISO strategy, industrial cybersecurity, funding, and M&A in cybersecurity. … Read more

Third Recent Ivanti Vulnerability Exploited in the Wild

September 25, 2024 at 07:18AM SecurityWeek Network provides cybersecurity news, webcasts, and virtual events. It covers a wide range of topics including malware, cyberwarfare, data breaches, ransomware, incident response, network security, risk management, and CISO strategy. It also offers insight into ICS/OT, industrial cybersecurity, cyber insurance, funding, and M&A. Based on the meeting notes, it … Read more

GenAI in Cybersecurity: Insights Beyond the Verizon DBIR

September 20, 2024 at 10:04AM The Verizon “Data Breach Investigations Report” (DBIR) is a highly credible annual report providing valuable insights into data breaches and cyber threats. The 2024 report raised questions about the role of generative AI in cyberattacks in contrast to the findings. Six use cases of generative AI in cybercrime were highlighted, … Read more

GitLab Patches Critical Authentication Bypass Vulnerability

September 19, 2024 at 06:15AM “Virtual event now live: Attack Surface Management Summit. Connect with SecurityWeek for cybersecurity news, webcasts, and virtual events covering topics such as ICS, cyber threats, data breaches, security operations, and risk management. Also, explore sessions on CISO strategy, industrial cybersecurity, funding/M&A, and more.” It seems like the meeting notes are … Read more

Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes

September 10, 2024 at 04:28PM The SecurityWeek Network offers cybersecurity news, webcasts, and virtual events. Topics include malware, cyberwarfare, cybercrime, data breaches, fraud, ransomware, vulnerabilities, threat intelligence, incident response, security architecture, cloud security, identity and access, IoT security, network security, risk management, data protection, privacy, compliance, and CISO strategy. The network also covers industrial cybersecurity … Read more