#DataProtection

Low-Code, High Risk: Millions of Records Exposed via Misconfigured Microsoft Power Pages

by

November 14, 2024 at 11:10AM A security researcher found misconfigurations in several Microsoft Power Pages installations, leading to unintentional access to confidential data. This investigation highlights a risk associated with low-code platforms, exposing millions of records due to improper setup. The findings were reported by SecurityWeek. **Meeting Takeaways:** 1. **Investigation Findings:** A security researcher conducted … Read more

Microsoft Power Pages Leak Millions of Private Records

by

November 14, 2024 at 08:09AM Misconfigured access controls in Microsoft Power Pages are exposing millions of sensitive records online, as many sites fail to implement necessary security measures. This widespread issue affects various industries, allowing unauthorized access to personal data, including that of 1.1 million NHS employees. Awareness exists, but negligence persists among developers. ### … Read more

CISA, FBI Confirm China Hacked Telecoms Providers for Spying

by

November 14, 2024 at 07:53AM CISA and the FBI reported that Chinese hackers breached telecommunications networks to conduct espionage on targeted individuals, highlighting ongoing cybersecurity threats. **Meeting Takeaways:** 1. **Confirmation of Cybersecurity Breach**: CISA (Cybersecurity and Infrastructure Security Agency) and the FBI have confirmed that Chinese hackers successfully compromised the networks of telecommunications companies. 2. … Read more

Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions

by

November 14, 2024 at 06:47AM A new zero-day vulnerability in Windows has been exploited by Russia, allowing execution through file deletion, drag-and-drop actions, or right-click commands. **Meeting Takeaways:** 1. **Zero-Day Vulnerability**: A new zero-day vulnerability in Windows has been identified. 2. **Exploit Execution**: – The exploit can be executed through specific user actions, including: – … Read more

NatWest blocks bevy of apps in clampdown on unmonitorable comms

by

November 14, 2024 at 06:02AM NatWest Group has officially banned several messaging apps, including WhatsApp, Telegram, and Signal, on company devices to enhance oversight and protect against regulatory issues. The policy, effective November 6, aims to prevent unrecorded communications. Approved methods include Microsoft Teams and Outlook, aligning with industry practices following regulatory scrutiny. **Meeting Takeaways: … Read more

Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure  

by

November 14, 2024 at 03:57AM Exploitation attempts have emerged for CVE-2024-10914, a recently revealed vulnerability in outdated D-Link NAS devices that will not be patched. This issue was highlighted in a SecurityWeek article detailing the risks associated with unaddressed flaws in legacy systems. ### Meeting Takeaways 1. **Vulnerability Identified**: CVE-2024-10914 is a critical vulnerability that … Read more

ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue

by

November 13, 2024 at 07:22PM Bitdefender has launched a free decryption tool for ShrinkLocker ransomware, leveraging a simple yet effective malware approach. The tool is now part of their collection of decryptors. Meanwhile, CISA’s ScubaGear software, designed to enhance Microsoft 365 security, has seen a surge in downloads due to rising cloud attack vulnerabilities. ### … Read more

OpenText Cybersecurity Unveils 2024’s Nastiest Malware

by

November 13, 2024 at 05:58PM OpenText has released its “Nastiest Malware of 2024” list, with ransomware LockBit topping the rankings for its persistent attacks on critical infrastructure. Cybersecurity investments are expected to rise by 14.3%, exceeding $215 billion. Other notable malware include Akira, RansomHub, Dark Angels, Redline, and Play Ransomware. ### Meeting Takeaways from OpenText … Read more

20% of Industrial Manufacturers are Using Network Security As a First Line of Defense

by

November 13, 2024 at 05:36PM A recent ABI Research survey found that industrial manufacturers prioritize network security for cybersecurity investments due to increasing cyber threats and regulatory pressures. With a projected $2 billion market for cybersecurity solutions in 2024, focus areas include authentication, access control, and threat detection to mitigate risks from cyber events. ### … Read more

Leaked info of 122 million linked to B2B data aggregator breach

by

November 13, 2024 at 04:45PM Data for 122 million individuals was stolen from DemandScience and leaked by a hacker known as ‘KryptonZambie’ in February 2024. Although the company initially denied a breach, investigations later revealed the leaked information came from a decommissioned system, now added to Have I Been Pwned for notifications. **Meeting Takeaways:** 1. … Read more