About the security content of macOS Sonoma 14.7.2 – Apple Support

December 11, 2024 at 01:33PM Multiple vulnerabilities were identified in macOS Sonoma 14.7.2, impacting user data access, kernel privileges, and sandbox security. Updates addressing various issues, including logic, path handling, memory management, and permissions, have been released to mitigate risks. Users are encouraged to install the latest security updates. ### Meeting Takeaways on macOS Sonoma … Read more

About the security content of macOS Ventura 13.7.2 – Apple Support

December 11, 2024 at 01:33PM On December 11, 2024, Apple is releasing updates for macOS Ventura 13.7.2, addressing various vulnerabilities (CVE-2024-54477, CVE-2024-54527, etc.) that could allow apps to access sensitive data or execute arbitrary code. Improved checks and validations were implemented for better security measures. ### Meeting Takeaways #### Release Details: – **Apple ID**: 121842 … Read more

Wald.ai Raises $4M in Seed Funding to Protect Data in Conversations With AI Assistants

December 10, 2024 at 11:16AM Palo Alto startup Wald.ai launched a contextual AI and data loss protection platform, enabling enterprises to safely use AI assistants while automatically redacting sensitive information. Priced at $19.99 per user monthly, the platform is currently utilized in healthcare, finance, and legal sectors, and offers a 14-day free trial. ### Meeting … Read more

Cyber-Unsafe Employees Increasingly Put Orgs at Risk

December 3, 2024 at 01:45PM A survey of over 14,000 employees reveals risky behaviors regarding sensitive data access. Eighty percent use unsecure personal devices, while 40% download customer data without controls. Many also reuse passwords and bypass security policies. Increased use of AI tools raises concerns, as compliance with data handling guidelines is low. **Meeting … Read more

FTC bans data brokers from selling Americans’ sensitive location data

December 3, 2024 at 11:08AM The FTC has banned data brokers Mobilewalla and Gravy Analytics from collecting and selling Americans’ sensitive location data, including visits to churches and healthcare facilities. They must erase historical data, establish sensitive location programs, and are prohibited from future sales of such data, following earlier actions against similar companies. ### … Read more

Data broker leaves 600K+ sensitive files exposed online

November 27, 2024 at 01:07PM Over 600,000 sensitive files, including personal criminal histories, were exposed online by SL Data Services in an unprotected database. Security researcher Jeremiah Fowler reported the issue, highlighting risks of phishing and social engineering. Although the database was eventually closed, the exposed information could severely impact individuals and their associates. ### … Read more

Microsoft Power Pages misconfigurations exposing sensitive data

November 15, 2024 at 01:39AM Misconfigured Microsoft Power Pages websites are exposing sensitive data of millions, including personal identifiable information (PII), due to lax access controls. Aaron Costello of AppOmni highlights significant leaks, such as one affecting 1.1 million NHS employees. Organizations must enhance security measures for external-facing sites to prevent data breaches. **Meeting Takeaways:** … Read more

Microsoft Power Pages Leak Millions of Private Records

November 14, 2024 at 08:09AM Misconfigured access controls in Microsoft Power Pages are exposing millions of sensitive records online, as many sites fail to implement necessary security measures. This widespread issue affects various industries, allowing unauthorized access to personal data, including that of 1.1 million NHS employees. Awareness exists, but negligence persists among developers. ### … Read more

MIND Launches “Intelligent” DLP Platform

October 30, 2024 at 09:54PM MIND launched a data loss prevention platform aimed at enhancing data visibility and preventing leaks by using AI for data classification and risk assessment. Founded in 2023, it raised $11 million in seed funding. The platform aims to secure sensitive data across various IT environments, including SaaS and GenAI applications. … Read more

CISA proposes new security requirements to protect govt, personal data

October 22, 2024 at 06:12PM The U.S. Cybersecurity & Infrastructure Security Agency (CISA) proposes new security requirements to protect Americans’ personal and government-related data from adversarial states. Aimed at organizations handling sensitive information, the measures include asset management, vulnerability remediation timelines, and encryption protocols. Public input is encouraged via regulations.gov. Here are the key takeaways … Read more