October 10, 2024 at 12:57PM Fidelity Investments reported a data breach in August, exposing personal information of over 77,000 customers. An unknown attacker accessed data through two newly created accounts. Fidelity has initiated an investigation and offers affected individuals two years of free credit monitoring services while advising vigilance against identity theft. ### Meeting Takeaways: … Read more
October 10, 2024 at 12:05PM The Underground ransomware gang attacked Casio on October 5, disrupting services and potentially compromising personal and confidential data. The group leaked sensitive information on the dark web, including employee data and financial documents. Casio is investigating the breach but has not confirmed the claims. The group targets Windows systems since … Read more
October 10, 2024 at 10:22AM Join Anna McAbee, Senior Solutions Architect at AWS, on October 29 for a webinar on security strategies for generative AI. Learn how to adapt access and data privacy policies, leverage AWS tools, and ensure resilience and compliance while implementing AI initiatives. Secure your spot for valuable insights. ### Meeting Takeaways … Read more
October 10, 2024 at 04:00AM Researchers have uncovered a new malware campaign involving the Mongolian Skimmer, using Unicode obfuscation to hide its code. Targeting e-commerce, the skimmer collects sensitive data via an inline script. It employs various techniques to evade detection and ensure broad browser compatibility, even coordinating with other threat actors for profit sharing. … Read more
October 10, 2024 at 03:54AM October marks Cybersecurity Awareness Month, emphasizing collaboration between sectors to raise cybersecurity awareness. The SANS AI Toolkit, launching this month, provides resources to help organizations use AI safely. It includes an Acceptable Use Policy and guidelines for users to maximize AI benefits while managing potential vulnerabilities. ### Meeting Notes Takeaways: … Read more
October 10, 2024 at 02:06AM CISA has added a critical vulnerability (CVE-2024-23113) impacting Fortinet products to its KEV catalog, requiring federal agencies to apply mitigations by October 30, 2024. Meanwhile, Palo Alto Networks disclosed multiple high-risk flaws in Expedition and Cisco patched a critical command execution vulnerability in Nexus Dashboard Fabric Controller. ### Meeting Takeaways … Read more
October 9, 2024 at 09:41PM The Internet Archive faced a DDoS attack causing a five-hour outage and exposed 31 million user accounts. Data leak services reported the breach, revealing email addresses, usernames, and password hashes. The organization is enhancing security measures and has disabled the compromised JS library, promising further updates as they arise. ### … Read more
October 9, 2024 at 05:16PM Marriott will pay a $52 million penalty and enhance its cybersecurity practices following data breaches from 2014 to 2020 that affected 344 million individuals. Settlements with state attorneys general and the FTC mandate improved data security measures and customer rights regarding personal information without admitting liability. ### Meeting Takeaways: 1. … Read more
October 9, 2024 at 05:14PM Pillar Security released groundbreaking research detailing real-world attacks on GenAI, revealing a 90% data theft success rate and a 20% bypass rate of security measures. The report emphasizes increasing attack frequency and complexity, urging organizations to adopt dynamic security solutions and tailored strategies to combat emerging threats in the evolving … Read more
October 9, 2024 at 05:06PM GitHub and GitLab are increasingly targeted for malicious activities, including a malware campaign using legitimate GitHub repositories and an exploit allowing unauthorized access to users in GitLab. Attackers leverage the platforms’ trusted reputations to deploy malware, highlighting significant security risks for organizations using these collaborative tools. ### Meeting Takeaways: 1. … Read more