September 2, 2024 at 03:24AM FBI and CISA issued a joint advisory on new ransomware threats, describing a cybercriminal group and methods. The rapid growth in attacks calls for urgent adjustments in cyber defense strategies. Phishing-resistant MFA is crucial, with next-generation solutions and targeted deployments recommended. Organizations need to upgrade defense strategies to protect against … Read more
August 29, 2024 at 05:04PM AuthenticID, a leader in identity verification, introduces the enhanced Smart ReAuth™, a reauthentication solution using selfie verification for fast, secure customer authentication in high-risk transactions. The platform’s biometric-based approach offers flexibility, security, and privacy, with liveness detection and anti-fraud checks. Smart ReAuth™ aims to combat identity fraud while improving the … Read more
August 29, 2024 at 03:45PM Top travel and hospitality companies face serious security vulnerabilities, exposing customers to potential risks. An investigation by security vendor Cequence revealed significant flaws in major booking sites including Orbitz, Kayak, Skyscanner, and Travelocity, with 91% containing the most serious vulnerabilities and potential for man-in-the-middle attacks. Cloud infrastructure issues and PCI … Read more
August 29, 2024 at 11:49AM DICK’S Sporting Goods, the largest US sporting goods retail chain, reported a cyberattack last Wednesday that exposed sensitive information. Based on the meeting notes, it’s clear that DICK’S Sporting Goods suffered a data breach due to a cyberattack. The breach resulted in the exposure of sensitive information. It’s essential to … Read more
August 28, 2024 at 12:03PM LinkedIn has named Lea Kissner, former Twitter security chief, as its new Chief Information Security Officer (CISO). Kissner will oversee LinkedIn’s security and privacy strategy, succeeding Geoff Belknap. With an extensive cybersecurity background at tech companies like Google and Twitter, Kissner is committed to upholding the protection of member and … Read more
August 28, 2024 at 06:05AM Open source large language model (LLM) servers and vector databases are unknowingly leaking sensitive data online. Legit security researcher Naphtali Deutsch discovered numerous vulnerable open source AI services, including unpatched Flowise servers and unprotected vector databases. The exposed data poses serious security risks, requiring organizations to implement strict access controls … Read more
August 27, 2024 at 04:11PM Intel’s SGX security system vulnerability has been highlighted, allowing an attacker full access to secure enclaves due to a coding error. Although Intel claims physical access is required, and prior vulnerabilities need exploiting, the risk remains significant. The issue lies in SGX software, potentially compromising trusted enclaves. This poses a … Read more
August 27, 2024 at 11:25AM Jon Clay reviews seven key initial attack vectors and provides proactive security tips to reduce cyber risk across the attack surface amid the rapid expansion of the digital attack surface due to digital transformation and remote work. The vectors include email, web and web applications, vulnerabilities, devices, island hopping, insider … Read more
August 26, 2024 at 12:32PM The Dutch Data Protection Authority fined Uber Technologies Inc. and Uber B.V. €290,000,000 ($325 million) for GDPR violations. Based on the meeting notes, the Dutch Data Protection Authority has imposed a significant fine of €290,000,000 ($325 million) on Uber Technologies Inc. and Uber B.V. for GDPR violations. Full Article
August 26, 2024 at 11:36AM The Dutch DPA fined Uber €290 million for failing to comply with E.U. data protection laws by transferring sensitive driver data to the U.S. Uber collected and stored a range of personal driver information on U.S. servers without adequate protection. Uber contested the decision, claiming their actions were GDPR-compliant. Earlier, … Read more