September 16, 2024 at 12:53PM Snowflake has made multi-factor authentication (MFA) the default for all new user accounts, following investigations into data thefts. This change follows pressure to enhance security, with additional password strength measures also being implemented. Snowflake aims to eliminate password-only authentication in the long term and advises users to consult security best … Read more
September 16, 2024 at 08:21AM Rapidly evolving PCI DSS landscape with v4.0 introduces rigorous requirements, particularly sections 6.4.3 and 11.6.1, necessitating strict monitoring and management of payment page scripts. Reflectiz offers a dedicated PCI dashboard with real-time, remote visibility, script-level monitoring, and a smart approval mechanism, ensuring efficient compliance and reduced risks. Access a 30-day … Read more
September 12, 2024 at 07:18AM The Irish Data Protection Commission has initiated a statutory inquiry into Google’s AI model, PaLM 2, to assess its compliance with data protection regulations when processing European users’ personal data. This inquiry aims to safeguard individuals’ rights and freedoms, following similar actions against other tech companies for potential privacy violations. … Read more
September 11, 2024 at 09:04AM Google has introduced three enhancements to its Google Cloud Backup and Disaster Recovery service, focusing on improving simplicity and security for managing backups. The features include creation of immutable backup vault storage, a centralized backup management system with developer-centric self-service, and integration with Google Cloud IAM. These solutions aim to … Read more
September 10, 2024 at 07:39AM Shadow apps, a subset of Shadow IT, are SaaS applications procured without the security team’s knowledge. They may lack essential security measures and compliance standards, posing risks such as data leaks and regulatory violations. Standalone and integrated shadow apps both expand the company’s attack surface. SaaS Security Posture Management (SSPM) … Read more
September 9, 2024 at 10:03PM Poland’s security officials have thwarted cyberattacks and online blackmail attempts by groups affiliated with Russian and Belarusian services. They have recorded up to 1,000 daily online attacks targeting government institutions, linked to their support for Ukraine. More than 400,000 cyberattacks were recorded in the first half of 2024, prompting the … Read more
September 9, 2024 at 06:28AM Kaspersky’s US customers are being transferred to Pango’s UltraAV after the company was banned from offering its software in the US. The move follows Kaspersky’s decision to wind down US operations. The deal will see approximately 1 million new users transferred to UltraAV, offering features similar to Kaspersky’s product, with … Read more
September 6, 2024 at 08:00AM Veeam announced patches for critical-severity bugs this week, impacting its enterprise products. The vulnerabilities could lead to remote code execution and sensitive information disclosure. The flaws affect various Veeam solutions including Backup & Replication, Veeam ONE, Service Provider Console, Veeam Agent for Linux, and other plugins. Users are advised to … Read more
September 5, 2024 at 02:03PM A critical vulnerability was found in LiteSpeed Cache, a popular caching plugin for over 6 million WordPress sites. This flaw could impact user browsing speed. Based on the meeting notes, it appears that a critical severity vulnerability has been found in LiteSpeed Cache, a caching plugin used in over 6 … Read more
September 5, 2024 at 10:34AM Identity verification is crucial for IT security, with stolen credentials being a common attack vector. Trust anchors, such as government-issued documents, institutional databases, biometric data, and third-party verification services, play a vital role in confirming individuals’ identities. Their use reduces fraud risk but also presents challenges, such as data security … Read more