October 30, 2023 at 02:50PM Canada has banned the use of the popular messaging app WeChat and Russian platform Kaspersky on government smartphones due to privacy and security risks. The decision was made to protect government networks and data, and aligns with the actions of international partners. This move follows the banning of TikTok on … Read more
October 30, 2023 at 08:12AM ServiceNow recently announced that misconfigurations within its platform could lead to unintended access to sensitive data. This is a major concern for organizations that use ServiceNow, as it could result in data leakage. ServiceNow has taken steps to address the issue. The article provides detailed analysis, explains the consequences, and … Read more
October 28, 2023 at 02:18PM The Clark County School District (CCSD) in Nevada is dealing with a potentially massive data breach. Hackers gained access to the district’s email servers and allegedly stole personal information related to students, parents, and employees. CCSD disabled external access to its Google Workspace and reset all student passwords. The hackers, … Read more
October 28, 2023 at 04:18AM New findings reveal a covert attempt to intercept traffic from the instant messaging service jabber[.]ru, using servers in Germany. The attacker used Let’s Encrypt TLS certificates to hijack encrypted connections. The wiretapping is estimated to have lasted for six months, from April to October 2023. The investigation suggests a case … Read more
October 27, 2023 at 04:56PM Securing cloud identities is crucial as organizations migrate data to the cloud. Compromised identities can lead to unauthorized access to sensitive information. To prevent attacks, visibility into the cloud’s identity infrastructure is necessary. Examples of high-profile attacks demonstrate the importance of this. Implementing an applied risk approach, conducting comprehensive audits, … Read more
October 26, 2023 at 02:06PM A group of academics has discovered a new side-channel attack called iLeakage that targets Apple’s A- and M-series CPUs on iOS, iPadOS, and macOS devices. By exploiting a weakness in Safari, sensitive information can be extracted. The attack could be used to retrieve Gmail inbox content and autofilled passwords from … Read more
October 26, 2023 at 10:39AM Amazon is launching an independent cloud for Europe, called the AWS European Sovereign Cloud, in order to address strict regulations faced by companies and the public sector in the European Union. This cloud will have the same security, availability, and performance as existing AWS regions but will be separate from … Read more
October 25, 2023 at 02:41PM Windows 11 Insider Preview Build 25982 introduces the capability for admins to mandate SMB client encryption for all outbound connections. This ensures data end-to-end encryption and defense against eavesdropping and interception attacks. Windows admins can configure the SMB client to always require encryption using PowerShell or group policy. Additionally, Windows … Read more
October 24, 2023 at 04:26PM The emerging ransomware strain called Rhysida, operating since May, is targeting users of Brazil’s PIX payment system. Rhysida, which functions as a ransomware-as-a-service (RaaS), has a unique self-deletion mechanism and is compatible with pre-Windows 10 versions of Microsoft. It faced initial configuration challenges but quickly adapted. Alongside Rhysida, there is … Read more
October 23, 2023 at 04:12PM Casio, the Japanese electronics maker, announced a data breach that exposed the personal information of customers in 150 countries. The breach occurred in the development environment for ClassPad.net, an education web application managed by Casio. The company attributed the breach to an operational error and insufficient security measures. The compromised … Read more