Krispy Kreme Doughnut Corporation admits to hole in security

December 11, 2024 at 02:05PM Krispy Kreme has reported a cybersecurity attack affecting online orders, revealing unauthorized access to its IT systems. Despite engaging cybersecurity experts, the incident is expected to significantly impact revenues and operations. The company faces potential costs related to recovery and restoration, while maintaining that fresh doughnuts remain available in stores. … Read more

Ivanti warns of maximum severity CSA auth bypass vulnerability

December 10, 2024 at 02:45PM Ivanti has alerted customers about a severe authentication bypass vulnerability (CVE-2024-11639) in its Cloud Services Appliance, allowing attackers to gain admin access remotely. Users should upgrade to CSA 5.0.3. The company also patched other vulnerabilities but found no evidence of exploitation prior to disclosure. **Meeting Takeaways: Ivanti Security Advisory Update** … Read more

Major energy contractor reports ‘limited’ access to IT after ransomware locks files

December 3, 2024 at 03:07PM ENGlobal, an American energy contractor, is facing limited IT system access following a ransomware incident detected on November 25. The company is investigating and mitigating the breach, which involved unauthorized access and encryption of data. ENGlobal serves high-profile clients, including government departments, making it a prime target for cybercriminals. **Meeting … Read more

Critical Vulnerability Found in Zabbix Network Monitoring Tool

December 2, 2024 at 07:25AM Zabbix has announced a critical vulnerability (CVE-2024-42327) in its monitoring solution, allowing SQL injection attacks through API access for non-admin users. Affected versions include 6.0.0 to 6.0.31, 6.4.0 to 6.4.16, and 7.0.0. Patches are available in recent releases. Users are urged to update promptly. ### Meeting Takeaways on Zabbix Vulnerabilities … Read more

The Black Friday 2024 Cybersecurity, IT, VPN, & Antivirus Deals

November 27, 2024 at 08:49AM Black Friday 2024 offers significant discounts on computer security, software, online courses, and services. Notable deals include NordVPN’s 74% off, Avast’s up to 70% off antivirus software, and 50% off PuralSight courses. Limited-time offers encourage quick action on these promotions before they expire. **Meeting Takeaways: Black Friday 2024 Deals Overview** … Read more

CISA says BianLian ransomware now focuses only on data theft

November 21, 2024 at 01:39PM The BianLian ransomware group has transitioned to primarily data theft extortion techniques, as noted in a U.S. and Australian advisory. Since January 2024, they focus exclusively on this method, employing new tactics like exploiting Windows vulnerabilities and using RDP for access. Recent attacks include breaches of notable organizations. ### Meeting … Read more

Ford Investigating Potential Breach After Hackers Claim Data Theft

November 19, 2024 at 06:34AM Ford is investigating claims by hackers, IntelBroker and EnergyWeaponUser, who assert they stole 44,000 customer records, primarily from dealerships. While the leaked data appears to include non-sensitive information, Ford is actively looking into the potential breach and the hackers’ history of exaggerating claims against other companies. ### Meeting Takeaways: 1. … Read more

Veeam Patches High-Severity Vulnerability as Exploitation of Previous Flaw Expands

November 11, 2024 at 07:02AM Veeam has issued a hotfix for a critical authentication bypass vulnerability in Backup Enterprise Manager, addressing an expanding exploitation of the previous flaw. This update aims to enhance security and protect users from potential risks associated with the vulnerability. ### Meeting Notes Summary: – **Topic**: Veeam Hotfix Release – **Issue**: … Read more

German Law Could Protect Researchers Reporting Vulns

November 6, 2024 at 04:36PM Germany’s draft legislation aims to protect security researchers from criminal liability when reporting cyber vulnerabilities. It amends existing laws to define criteria for legitimate security research and proposes penalties for malicious acts, with the intent to encourage reporting flaws rather than punishing those who identify them. ### Meeting Takeaways: 1. … Read more

Meet Interlock — The new ransomware targeting FreeBSD servers

November 3, 2024 at 04:16PM Interlock is a new ransomware operation targeting FreeBSD servers, launched in September 2024. It has attacked six organizations, with data leaks occurring after ransom demands were ignored. The Windows encryptor operates effectively, while challenges persist with the FreeBSD version. Ransom demands range from hundreds of thousands to millions. **Meeting Takeaways: … Read more