January 15, 2024 at 10:40AM The FTC secures settlement with X-Mode Social, prohibiting sale of sensitive location data. Outlogic to delete previously collected data and honor opt-out requests, under FTC settlement. Critical vulnerabilities in Cisco, Siemens, Rapid Software, and Fortinet products. iOSpionage campaign exploited Apple’s ECC. HMG hit by data breach, unable to identify compromised … Read more
January 9, 2024 at 12:54PM CISA has included a critical Apache Superset flaw (CVE-2023-27524) in its Known Exploited Vulnerabilities list, warning of potential exploitation. This was reported by SecurityWeek. Based on the meeting notes, the key takeaway is that CISA has added a critical-severity Apache Superset flaw (CVE-2023-27524) to its Known Exploited Vulnerabilities catalog, and … Read more
January 8, 2024 at 09:54AM A cyberespionage group, likely linked to Turkey, named Sea Turtle, Cosmic Wolf, Marbled Dust, Silicon, and Teal Kurma, has been targeting public and private organizations in the Netherlands. The group, observed by Dutch incident response provider Hunt & Hackett, conducted multiple espionage campaigns focusing on government, telecommunications, media, NGOs, ISPs, … Read more
January 8, 2024 at 02:33AM Summary: Meta introduces a new feature, Link History, to gather user data for targeted advertising. Security teams are addressing critical vulnerabilities in Chrome and other software, while Twitter accounts of security firms Mandiant and CertiK are hijacked for crypto scams. Additionally, a Nigerian national is awaiting extradition to the US … Read more
January 6, 2024 at 08:30AM A ban on ransomware payments is suggested but is unlikely to work due to various reasons. Excluding critical infrastructure from the ban is essential, as not paying a ransom in these cases could risk lives. Additionally, enforcement and international cooperation present significant challenges. Instead, organizations should focus on enhancing their … Read more
January 4, 2024 at 03:11PM On Wednesday, miscreants seized control of security firm Mandiant’s Twitter account to attempt cryptocurrency theft. After being renamed as a phony crypto wallet service account, the hijackers lured users to a fraudulent website for free tokens, prompting concerns of financial losses. The incident highlights Twitter’s ongoing security concerns and risks … Read more
January 4, 2024 at 08:18AM The massive outage at Orange Spain, affecting around half its network’s traffic, was caused by an infostealer malware gaining access to an employee’s account with the weak password “ripeadmin.” This breach allowed an attacker operating under the alias “Snow” to manipulate the network’s border gateway protocol (BGP) traffic. The incident … Read more
January 3, 2024 at 11:45PM The increasing complexity of cybersecurity and compliance has made it difficult for smaller businesses without a Chief Information Security Officer (CISO). As a solution, many are turning to virtual CISOs (vCISOs), who offer part-time outsourced security expertise to help fill the gap. This model is particularly beneficial for smaller businesses … Read more
January 3, 2024 at 11:51AM Enter our cybersecurity caption contest by submitting your idea before Jan. 25, 2024. Send your entry to [email protected] with the subject line “The Edge January 2024 Toon,” or via social media on X/Twitter, Facebook, and LinkedIn. Last month’s winner was Scott Dowlen, IT manager at Odessa Separator Inc. Good luck! … Read more
January 2, 2024 at 09:02AM Yahoo experienced the biggest data breaches in history, yet experts caution that after a decade, we have not heeded the lessons from these incidents. Based on the meeting notes, it seems that the discussion highlighted the significant data breaches experienced by Yahoo customers, which were considered some of the largest … Read more