#DataProtection

Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

by

October 24, 2024 at 04:06AM Fortinet has identified a critical vulnerability (CVE-2024-47575) in FortiManager, affecting multiple versions and potentially exploited by remote attackers. The flaw allows unauthorized code execution. Fortinet recommends workarounds and has included the issue in the U.S. CISA’s Known Exploited Vulnerabilities catalog, requiring federal agencies to act by November 13, 2024. ### … Read more

China’s top messaging app WeChat banned from Hong Kong government computers

by

October 24, 2024 at 01:17AM Hong Kong’s government has revised infosec guidelines, banning the use of Chinese app WeChat, along with Meta and Google products, on official computers due to concerns over security risks associated with encryption. The restrictions take effect at the end of October, with some exceptions allowed through departmental approval. ### Meeting … Read more

Mobile Apps With Millions of Downloads Expose Cloud Credentials

by

October 23, 2024 at 11:53AM Research by Symantec reveals that several popular mobile apps expose hardcoded, unencrypted cloud service credentials, risking severe security breaches. Apps for both Android and iPhone include sensitive Amazon Web Services and Microsoft Azure credentials. This highlights the urgent need for improved security practices in mobile app development to mitigate such … Read more

Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

by

October 23, 2024 at 09:55AM Identity security is increasingly critical due to recent breaches involving major companies. A Permiso report reveals 45% of organizations are concerned about their tools’ effectiveness. Human identities, often seen as riskier, lead to impersonation attacks and data breaches. A unified approach is needed to enhance identity security across environments. ### … Read more

CISA, DOJ Propose Rules for Protecting Personal Data Against Foreign Adversaries

by

October 23, 2024 at 08:58AM CISA and the DOJ are inviting feedback on proposed rules aimed at safeguarding Americans’ personal data from foreign adversaries. This initiative seeks to enhance data protection measures in response to potential threats. ### Meeting Notes Takeaways: – **Organizations Involved**: CISA (Cybersecurity and Infrastructure Security Agency) and DOJ (Department of Justice). … Read more

NotLockBit Ransomware Can Target macOS Devices

by

October 23, 2024 at 07:57AM A new file-encrypting malware resembling LockBit ransomware has been detected targeting macOS systems, raising concerns for cybersecurity. The threat highlights the evolving landscape of malware that can affect multiple operating systems. **Meeting Notes Takeaways:** 1. **Malware Identification**: A new file-encrypting malware, referred to as NotLockBit, has been identified. 2. **Target … Read more

Think You’re Secure? 49% of Enterprises Underestimate SaaS Risks

by

October 23, 2024 at 06:36AM A significant portion of security practitioners lack awareness of their organization’s SaaS deployments, with only 15% centralizing SaaS security. This disconnect, paired with a culture that undervalues proactive security, leads to increased vulnerabilities. Establishing a security-first culture and implementing continuous monitoring are essential to mitigate risks associated with decentralized SaaS … Read more

Millions of Android and iOS users at risk from hardcoded creds in popular apps

by

October 22, 2024 at 08:40PM An analysis by Symantec revealed that several popular mobile apps contain hardcoded, unencrypted cloud service credentials, exposing user data to security risks. This issue stems from poor coding practices. Researchers urge developers to adopt secure practices and recommend users install third-party security systems and scrutinize app permissions. ### Meeting Takeaways: … Read more

US lawmakers push DOJ to prosecute tax prep firms for leaking taxpayer data to big tech

by

October 22, 2024 at 06:37PM A group of Democratic lawmakers has urged the US Department of Justice to prosecute tax preparation firms for illegally sharing taxpayer data with Meta and Google. They cite a Treasury Department investigation confirming these violations, which may lead to criminal penalties for the companies involved. Legal action status remains uncertain. … Read more

CISA proposes new security requirements to protect govt, personal data

by

October 22, 2024 at 06:12PM The U.S. Cybersecurity & Infrastructure Security Agency (CISA) proposes new security requirements to protect Americans’ personal and government-related data from adversarial states. Aimed at organizations handling sensitive information, the measures include asset management, vulnerability remediation timelines, and encryption protocols. Public input is encouraged via regulations.gov. Here are the key takeaways … Read more