September 19, 2024 at 10:06AM Security researchers have found that thousands of companies may be exposing internal knowledge base (KB) articles due to misconfigurations in ServiceNow widgets. The issue arises from “private” pages within “public” KBs, leading to potential data exposure. Researchers estimate that 30-45% of ServiceNow instances are impacted, with implications for data security … Read more
July 23, 2024 at 03:51AM Israeli cloud security company Wiz rejects a $23 billion offer from Alphabet, choosing to pursue an IPO as originally planned. Antitrust and investor concerns led to the deal’s collapse. Backed by venture capital firms, Wiz aims for an annual recurring revenue of $1 billion and focuses on its cloud security … Read more
June 28, 2024 at 12:59PM Agropur, a major North American dairy cooperative, has notified customers of a data breach involving online directories but assures that core operations are not affected. The company, processing 6.7 billion liters of milk annually and generating $5.1 billion in revenue, is investigating with cybersecurity experts and law enforcement. No evidence … Read more
June 10, 2024 at 05:39PM Researchers at RedFox Security discovered six vulnerabilities in the popular but unsupported Netgear WNR614 N300 router. The vulnerabilities include authentication bypass, weak password policy, plain text password storage, and WPS PIN exposure. With no security updates expected, users are advised to apply mitigations or replace the device with a supported … Read more
April 3, 2024 at 10:23AM Microsoft Copilot is hailed as a valuable productivity tool, integrated with Microsoft 365 apps. However, its use poses data security risks if organizational permissions are not appropriately configured. Varonis points out potential exploits and offers solutions to prevent unauthorized data access. They advocate for securing data before enabling Copilot and … Read more
February 12, 2024 at 09:03AM ExpressVPN disabled split tunneling on Windows due to improperly directed DNS requests, which led to user data exposure. This issue was highlighted in a post on SecurityWeek. Based on the given meeting notes, it appears that ExpressVPN disabled split tunneling on Windows due to DNS requests not being properly directed. … Read more
January 24, 2024 at 08:30AM Cloud-native applications and APIs have led to numerous data breaches, including with TeslaMate and Sumo Logic. Such incidents emphasize the need for organizations to prioritize cybersecurity basics, manage security tools, and address misconfigurations and credential misuse. Despite security challenges, the benefits of cloud-native environments are leading enterprises to embrace them, … Read more
January 1, 2024 at 09:23AM Japanese game developer Ateam mistakenly set a Google Drive to allow public access, leading to exposure of sensitive data for nearly one million people over six years. This included names, contact info, and customer ID numbers. While there’s no evidence of misuse, the company advises vigilance and emphasizes the need … Read more
November 27, 2023 at 01:34PM ownCloud has disclosed three critical vulnerabilities, including sensitive data exposure and authentication bypass flaws. The vulnerabilities affect containerized deployments, exposing admin passwords, mail server credentials, and license keys. Customers are advised to delete a specific file, change their secrets, and deny the use of pre-signed URLs. ownCloud is taking steps … Read more
November 21, 2023 at 10:21AM Stealth mode security startup Lasso Security has raised $6 million in seed funding, led by Entrée Capital and with participation from Samsung Next. The Tel Aviv-based company is developing technology to address cyber threats faced by generative AI and large language models, aiming to protect businesses that use these technologies. … Read more