July 30, 2024 at 09:59AM HealthEquity, a Utah-based HSA provider, experienced a data breach impacting 4.5 million US customers. The breach, attributed to a hack of a third-party data repository, saw the theft of various personally identifiable information. The company took immediate action upon discovery and is now notifying affected parties while enhancing security measures. … Read more
July 30, 2024 at 08:57AM As remote work becomes more prevalent, IT departments rely on RMM tools for system administration. However, these tools can also be exploited by threat actors to gain control of devices, exfiltrate data, and stay undetected. This article covers real-world examples of RMM exploits and provides strategies to defend against these … Read more
July 29, 2024 at 01:25PM Cybersecurity company Acronis warns of a critical security flaw, CVE-2023-45249, in its Cyber Infrastructure product, allowing remote code execution due to default passwords. Versions 5.0.1-61 to 5.4.4-132 are affected, with updates released in late October 2023. The exploit has been observed in the wild, urging affected users to update for … Read more
July 29, 2024 at 08:18AM Acronis warned of threat actors exploiting a critical vulnerability (CVE-2023-45249) in Acronis Cyber Infrastructure. The defect allows arbitrary code execution due to default passwords and impacts ACI releases before certain builds. The company urged customers to apply available patches promptly, emphasizing the potential dire consequences of unpatched instances. Key takeaways … Read more
July 29, 2024 at 08:06AM Searchable Encryption has previously been deemed unattainable, creating vulnerabilities leading to breaches. Traditional encryption methods hinder data use, exposing it to cyber-attacks. Paperclip’s SAFE solution revolutionizes data security by enabling encryption in-use, strengthening protection against threats. By employing Searchable Symmetric Encryption and patented technology, SAFE ensures secure, encrypted data access, … Read more
July 27, 2024 at 04:33PM X has been quietly training its Grok AI chat platform using public posts without alerting users, with the option to use the data being enabled by default. Users only noticed the new setting on July 25 and can now opt out by accessing the privacy settings. This update indicates the … Read more
July 26, 2024 at 10:01AM Cybersecurity compliance remains a priority for private organizations and government bodies, with new regulations being proposed. While regulations offer leverage for improving security processes, they also increase the burden on chief information security officers (CISOs) to navigate cost containment, trust-building, and compliance. It’s crucial to clarify security responsibilities beyond the … Read more
July 25, 2024 at 01:57AM Google is enhancing security in Chrome by adding new warnings for potentially dangerous file downloads. The new warnings convey more detailed information and offer a two-tier warning system based on Google Safe Browsing verdicts. Enhanced Protection mode allows for automatic deep scans without user prompts, while maintaining user privacy by … Read more
July 24, 2024 at 04:39AM The UK’s Information Commissioner’s Office (ICO) reprimanded Chelmer Valley High School for breaking data protection laws by introducing facial recognition technology for canteen payments without proper assessments and permission. The school failed to consult the data protection officer, parents, and students, and relied on assumed consent. ICO provided recommendations for … Read more
July 23, 2024 at 06:28AM Specops Software addresses the inherent security risks in traditional employee onboarding methods by offering a First Day Password feature with Specops uReset. This tool eliminates the need to share initial passwords and empowers new employees to create secure passwords through a verified system. By using this method, organizations can significantly … Read more