June 2, 2024 at 04:57PM Hugging Face’s Spaces platform was breached, exposing authentication secrets for its members. The company detected unauthorized access and suspects a subset of Spaces’ secrets were compromised. They have revoked authentication tokens and recommend users refresh tokens and switch to fine-grained access tokens for tighter security. The company is working with … Read more
May 30, 2024 at 10:12AM The BBC has emailed over 25,000 current and former employees regarding a security breach involving their pension scheme’s personal data. The incident, discovered by the BBC’s infosec team, led to the theft of personal information from a database. The affected members have been offered credit monitoring and additional security measures … Read more
May 29, 2024 at 08:12AM Cigent Technology introduces new endpoint data protection platform focusing on preventing ransomware by safeguarding customer data from encryption and exfiltration. The approach prioritizes data protection to prevent the need for response post-detection. The solution provides user-friendly, automatic encryption and MFA authentication, with flexibility in protecting files and integrating with existing … Read more
May 28, 2024 at 09:31AM Generative artificial intelligence (GenAI) is being adopted by over 55% of organizations, yet concerns remain about secure implementation. A recent poll found five main concerns, and recommends steps to ensure safe implementation. These include implementing a Zero-Trust Security Model, adopting Cyber Hygiene Standards, establishing a Data Security and Protection Plan, … Read more
May 28, 2024 at 02:45AM Unknown threat actors are exploiting WordPress’s Dessky Snippets plugin, with over 200 active installations, to insert PHP credit card skimming malware into compromised sites. The malware manipulates WooCommerce’s checkout process to steal credit card details, exfiltrating them to a specific URL. This underscores the need for WordPress site owners, especially … Read more
May 24, 2024 at 01:29PM The Gipy campaign, discovered in 2023, uses an infostealer malware to target users in Germany, Russia, Spain, and Taiwan with phishing lures promising an AI voice changing application. Upon delivery, Gipy enables data theft, cryptocurrency mining, and installation of additional malware. Researchers found various malicious programs being delivered in the … Read more
May 24, 2024 at 10:06AM In the cybersecurity realm, the challenge for CISOs is advocating for comprehensive defense strategies amid budget constraints and organizational resistance. The reliance on “good enough” is risky, as advanced capabilities are essential to thwart evolving threats. Persistent advocacy and strategic risk management are crucial, and alignment with cybersecurity priorities may … Read more
May 23, 2024 at 05:34PM Ransomware dubbed ShrinkLocker, utilizing Microsoft BitLocker to encrypt and extort payments, has been spotted by Kaspersky’s security team. The malware targets various sectors and hinders effective response, maximizing damage. It uses VBScript to determine the OS and allows attackers to change partition labels, extort victims, and delete recovery options. Kaspersky … Read more
May 23, 2024 at 10:41AM Veeam addressed a critical vulnerability in its Backup Enterprise Manager, CVE-2024-29849, which could allow unauthorized access to the VBEM web interface. Although attackers could log in as any user, Veeam confirmed that the flaw wouldn’t lead to backups being deleted due to the immutable backups and authorization measures. Customers are … Read more
May 23, 2024 at 07:22AM San Antonio healthcare provider CentroMed is notifying 400,000 patients of a recent cyberattack that compromised personal and health data. The breach, discovered on May 1, exposed names, addresses, medical details, financial information, and Social Security numbers. This is the second attack in a year, with the prior incident affecting 350,000 … Read more