October 9, 2024 at 05:06PM GitHub and GitLab are increasingly targeted for malicious activities, including a malware campaign using legitimate GitHub repositories and an exploit allowing unauthorized access to users in GitLab. Attackers leverage the platforms’ trusted reputations to deploy malware, highlighting significant security risks for organizations using these collaborative tools. ### Meeting Takeaways: 1. … Read more
October 9, 2024 at 03:38PM National Public Data, a data brokerage in Florida, has filed for bankruptcy after a massive data breach potentially affecting hundreds of millions. Originally claiming 1.3 million were impacted, the true figure is higher. The company faces numerous lawsuits and regulatory challenges, with minimal assets to address liabilities. ### Meeting Takeaways: … Read more
October 9, 2024 at 03:03PM Palo Alto Networks urged customers to patch critical vulnerabilities in its Expedition solution, which could allow attackers to hijack PAN-OS firewalls and access sensitive data. The flaws involve command injection, XSS, and SQL injection, with proof-of-concept exploits available. Users should upgrade to Expedition 1.2.96 and rotate credentials. ### Meeting Takeaways … Read more
October 9, 2024 at 09:49AM The Trinity ransomware gang has targeted at least one US healthcare provider, likely Rocky Mountain Gastroenterology, which experienced a data breach. The HHS issued a security advisory highlighting Trinity’s sophisticated double extortion tactics. Organizations are urged to enhance cybersecurity measures, including MFA and secure backups, to prevent attacks. ### Meeting … Read more
October 8, 2024 at 05:59PM Former Uber CISO Joseph Sullivan, convicted for covering up a data breach, seeks a new trial due to procedural omissions, claimed to have tainted the original verdict. The prosecution argues for a more stringent penalty, while Sullivan’s defense asserts that key requirements were not part of the jury’s instructions, calling … Read more
October 7, 2024 at 04:40AM British people express apathy towards the inundation of online cookie and data permission requests. Though aware of the risk, many succumb to the convenience of accepting cookies. Privacy regulations like the EU cookie law and GDPR attempt to protect users, but businesses find ways to circumvent them. Standardized APIs could … Read more
October 5, 2024 at 02:16AM Sellafield Ltd, responsible for managing the world’s most radioactive waste, received a £332,500 fine for cybersecurity failings from 2019 to 2023. Despite no reported exploitation of vulnerabilities, the poor practices violated regulations, leaving its IT systems vulnerable. Sellafield pleaded guilty and was penalized by a UK court. Key Takeaways from … Read more
October 3, 2024 at 11:42AM Traditional perimeter-based security measures are no longer sufficient in today’s distributed cloud environments. The shift to a new gold standard of enterprise security, “zero trust,” emphasizes the importance of managing both human and non-human identities. Mismanaged identities have led to high-profile breaches, highlighting the need for comprehensive and continuous visibility, … Read more
October 2, 2024 at 08:39AM Harmonic raised $26 million to develop a novel data protection approach with pre-trained, specialized language models. The funding will aid in defending against AI data harvesting. This initiative was reported by SecurityWeek, showcasing the company’s efforts to stay ahead in the field of data protection. Based on the meeting notes, … Read more
October 2, 2024 at 03:46AM Webinar by Nutanix on October 2nd at 12PM ET will focus on protecting private intellectual property (IP) in AI ecosystems, addressing challenges related to AI deployment, preventing IP exposure, and managing AI model security in cloud environments. The session is targeted at IT leaders and AI developers to balance innovation … Read more