November 20, 2024 at 04:52AM Ford’s investigation into alleged customer data theft by hackers revealed no breach of its systems. The claimed 44,000 records, primarily public dealer addresses, originated from a third-party supplier. Ford confirmed the issue is resolved, stating the information leaked was not sensitive and belonged to publicly available business addresses. ### Meeting … Read more
November 20, 2024 at 04:45AM Multiple security vulnerabilities have been found in the needrestart package on Ubuntu Server, allowing local attackers to gain root privileges. Identified by Qualys, these flaws are easy to exploit, prompting users to upgrade to the latest version (3.8) or temporarily disable interpreter scanners to mitigate risks. ### Meeting Takeaways – … Read more
November 20, 2024 at 03:08AM For five years, the African Union’s headquarters faced espionage, with data uploaded to China-based systems. As reliance on foreign technology increases, African nations aim to enhance local tech capabilities, seeking independence from external influences. The focus is on balancing investment needs with security risks associated with foreign supply chains. ### … Read more
November 20, 2024 at 02:27AM A new China-linked cyber espionage group named Liminal Panda targets telecommunications entities in South Asia and Africa, employing advanced tools for unauthorized access and data extraction. CrowdStrike highlights prior misattribution and notes that these activities exploit trust relationships among telecom providers, underscoring vulnerabilities in critical infrastructure to state-sponsored attacks. ### … Read more
November 20, 2024 at 02:21AM At a roundtable of CISOs, concerns shifted from funding to data management challenges. While data visibility has increased, so have security risks. As data becomes ubiquitous, CISOs worry that the cost of managing it may outweigh its benefits, likening it to “yellowcake”—potentially valuable yet hazardous if mismanaged. ### Meeting Takeaways: … Read more
November 20, 2024 at 12:32AM A contest invites submissions for a cybersecurity-related caption about the work-from-anywhere trend, with a $25 gift card prize for the best entry. Submissions are due by December 11 via email or social media. Last month’s winner was Matthew Tompkins for his caption on the “The Big Jump” cartoon. ### Meeting … Read more
November 20, 2024 at 12:25AM RIIG, a Charlottesville-based cybersecurity provider, leverages AI and machine learning for advanced threat detection. With partnerships among 17 intelligence agencies, it offers risk intelligence and cybersecurity solutions, including vulnerability assessments. Recently emerging from stealth, RIIG raised $3 million in seed funding to enhance product development and client support. ### Meeting … Read more
November 20, 2024 at 12:18AM Apple has released security updates for multiple operating systems to fix two actively exploited zero-day vulnerabilities: CVE-2024-44308, allowing arbitrary code execution, and CVE-2024-44309, enabling cross-site scripting (XSS) attacks. Users are urged to update their devices promptly to mitigate security risks. **Meeting Takeaways: November 20, 2024 – Security Updates on Zero-Day … Read more
November 20, 2024 at 12:18AM Oracle has alerted users about a high-severity vulnerability (CVE-2024-21287) in the Agile Product Lifecycle Management Framework, which is being actively exploited. This flaw allows unauthenticated access to sensitive files. Users are urged to apply patches immediately for protection, as details on the attackers remain unknown. **Meeting Takeaways – Nov 20, … Read more
November 19, 2024 at 10:45PM The SWEEPS initiative, funded by a $2.5 million grant, aims to enhance secure coding skills among software developers through workshops, courses, and bootcamps. Targeting all career stages, it addresses the skills gap in software security, promoting best practices to defend against cyberattacks. Enrollment prioritizes U.S. citizens with military backgrounds. **Meeting … Read more