November 11, 2024 at 10:36AM Halliburton suffered $35 million in losses due to an August ransomware attack by the RansomHub gang, which disrupted IT systems and client services. Despite limited operational impact, data was stolen. The company reported minimal financial effects, with expectations for cash flow remaining intact but potential future legal costs looming. ### … Read more
November 11, 2024 at 10:28AM Halliburton faced a $35 million loss due to an August ransomware attack by the RansomHub gang, which led to IT shutdowns and customer disconnections. Despite the breach, the company anticipates limited financial impact, reporting only a minor effect on earnings. Ongoing investigations are examining the scope of stolen data. **Meeting … Read more
November 7, 2024 at 02:05PM CISA has alerted that attackers are exploiting a critical authentication vulnerability in Palo Alto Networks Expedition, a tool used to migrate firewall configurations from various vendors to PAN-OS. **Meeting Takeaways:** 1. **CISA Warning:** The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability. 2. **Affected … Read more
October 28, 2024 at 10:08AM The commentary discusses the dangers of using end-of-life (EOL) software within organizations, likening it to ignoring a haunted house’s threats. Many companies cling to outdated software due to budget constraints, risking data breaches. It emphasizes the need for audits, communication, and collaboration to effectively manage and eliminate EOL software. ### … Read more
October 16, 2024 at 04:03PM A critical credential vulnerability in SolarWinds’ Web Help Desk (CVE-2024-28987) allows unauthenticated remote access. Although patched in version 12.8.3 HF2, many instances remain vulnerable. The flaw is exploited by criminals, with significant risks of sensitive data exposure. This is SolarWinds’ second critical bug for the product in two months. ### … Read more
October 15, 2024 at 12:30PM Volkswagen responded to claims by the 8Base ransomware group regarding stolen data, stating that their IT infrastructure remains unaffected by the incident. The company reassured stakeholders about the security of its systems despite the allegations. **Meeting Takeaways:** 1. **Ransomware Incident:** The 8Base ransomware group has claimed to have stolen valuable … Read more
October 15, 2024 at 08:41AM A researcher has found that door access controllers are vulnerable to remote hacker attacks for long durations, indicating organizations are slow to implement necessary protective measures. This highlights the need for improved security protocols to safeguard access points. **Meeting Takeaways:** 1. **Vulnerability Issue**: Door access controllers are identified as vulnerable … Read more
October 8, 2024 at 05:52PM Microsoft’s October security update addressed 117 vulnerabilities, ranking as the third largest release this year. Of these, two actively exploited flaws require immediate attention. One, CVE-2024-43573, is a spoofing vulnerability in MSHTML, while the other, CVE-2024-43572, is a remote code execution (RCE) flaw in Microsoft Management Console. Three publicly known … Read more
September 23, 2024 at 06:13PM In a surprising move, Telegram CEO Pavel Durov announced a shift in the platform’s stance on disclosing user information to authorities. The updated Terms of Service now allow for the disclosure of IP addresses and phone numbers to relevant authorities for criminal activity cases, a change from previously cooperating with … Read more
September 5, 2024 at 01:36AM Planned Parenthood experienced a cyberattack, prompting the organization to shut down parts of its IT systems to mitigate the impact. Based on the meeting notes, it appears that Planned Parenthood experienced a cyberattack that impacted its IT systems, leading to the need to take certain parts of its infrastructure offline … Read more