June 21, 2024 at 05:42PM The US government has imposed a ban on Kaspersky’s antivirus software products and services over national security concerns, resulting in a deadline of September 29 for users to stop using them. Organizations are advised to assess their Kaspersky deployment, identify alternatives, and prepare for long-term government commercial cybersecurity regulation. The … Read more
June 21, 2024 at 05:24AM A high-severity flaw in SolarWinds Serv-U file transfer software (CVE-2024-28995, CVSS score: 8.6) allows attackers to read sensitive files. Security researcher Hussein Daher discovered the flaw, and a proof-of-concept exploit has been made available. Rapid7 described it as trivial to exploit. Users are urged to apply updates promptly to mitigate … Read more
June 21, 2024 at 01:18AM The U.S. Department of Commerce’s Bureau of Industry and Security imposed a ban on Kaspersky Lab’s U.S. subsidiary and affiliates from offering security software due to national security risks posed by its ties to the Russian government. Kaspersky will be barred from selling to U.S. consumers and businesses starting July … Read more
June 20, 2024 at 06:45PM The Biden administration has announced a ban on Kaspersky antivirus software in the US, citing national security concerns and the company’s ties to the Russian government. The ban also prohibits the delivery of software updates, pushing customers to find alternative security software by September 29, 2024. Kaspersky has expressed disagreement … Read more
June 20, 2024 at 10:22AM LockBit ransomware group boasted a 665% increase in attack volume in May 2024, reclaiming its spot as the most active gang. Despite disruptions by law enforcement earlier in the year and a subsequent $10 million reward announcement, their activities have rebounded, with a significant uptick in attacks globally. The group’s … Read more
June 19, 2024 at 03:50PM Advance Auto Parts confirmed a data breach as a threat actor attempted to sell stolen data on a hacking forum. The breach affected personal information of current and former employees, job applicants, and possibly customers. The company will provide breach notifications, identity restoration services, and has incurred $3 million in … Read more
June 17, 2024 at 01:50PM Cloud software company Blackbaud has agreed to settle with California’s attorney general, paying a $6.75 million fine for its cybersecurity failings after a 2020 ransomware attack. The settlement aims to improve data protection and security measures. This follows a previous settlement with 49 other state AGs and the District of … Read more
June 17, 2024 at 06:45AM A security researcher disclosed that UK health club Total Fitness failed to secure a database containing over 474,000 images, including members’ personal data. The leaked information comprised identity documents, bank details, and sensitive records. The company defended data collection for operational use, but hadn’t notified all affected members. The incident … Read more
June 15, 2024 at 03:54AM Meta is postponing the training of its large language models using adult user content from Facebook and Instagram in the EU after a request from the Irish DPC. Meta plans to use personal data but is facing regulatory backlash for not seeking explicit consent. The delays affect bringing AI benefits … Read more
June 14, 2024 at 10:18AM Google’s deprecation of third-party tracking cookies has faced opposition from Austrian privacy non-profit noyb, which claims that the proposed Privacy Sandbox can still be used for tracking. Noyb criticized Google’s ad privacy feature, alleging it tricks users into consenting to first-party ad tracking. The dispute highlights privacy concerns and ongoing … Read more