October 14, 2023 at 02:48AM Microsoft plans to eliminate NT LAN Manager (NTLM) in Windows 11, focusing instead on strengthening the Kerberos authentication protocol. New features in Windows 11 include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center (KDC) for Kerberos. NTLM has vulnerabilities that make it susceptible to … Read more
October 13, 2023 at 06:31PM Ransomware attacks on enterprises are causing disruption and data breaches. Recent attacks include Air Canada being targeted by BianLian, and state courts in Northwest Florida being attacked by ALPHV. Simpson Manufacturing experienced a cybersecurity incident, and a threat actor leaked the source code for the Hello Kitty ransomware. Ransomware trends … Read more
October 13, 2023 at 04:59PM Progress Software plans to collect on its $15 million cyber insurance policy in light of the recent class action lawsuits and fines it faces due to security breaches caused by its MOVEit file transfer software. This large payout is likely to impact how insurers approach their businesses as premiums increase … Read more
October 13, 2023 at 04:59PM US authorities, including the Cybersecurity Infrastructure and Security Agency (CISA) and FBI, have issued a warning about the AvosLocker ransomware-as-a-service (RaaS) operation that poses a threat to critical infrastructure. AvosLocker has targeted multiple industries in the US, using various tactics such as double extortion and trusted software. Ransomware attacks have … Read more
October 13, 2023 at 04:38PM Passkeys, a passwordless authentication technology supported by major internet firms like Apple, Google, and Microsoft, offer a user-friendly solution for accessing websites and cloud applications. However, their usability does not meet the control and attestation requirements of large corporations. Passkeys are expected to be integrated into the existing public key … Read more
October 13, 2023 at 04:16PM Genetic testing provider 23andMe is facing multiple class action lawsuits in the U.S. after a data breach that affected millions of its customers. A threat actor leaked customer data on hacker forums, including information such as account IDs, names, DNA profiles, and more. 23andMe claims the breach was due to … Read more
October 13, 2023 at 04:09PM Genetic testing provider 23andMe is facing multiple class action lawsuits in the U.S. after a data breach that affected millions of customers. The breach involved a leaked CSV file containing the data of around 1 million Ashkenazi Jews who used the service. 23andMe claims that the breach was a result … Read more
October 13, 2023 at 04:02PM Microsoft has acknowledged an issue where Windows 10 security updates, specifically the KB5031356 security update, may fail to install with 0x8007000d errors. Reports of this problem have been surfacing since October 10. Microsoft is currently investigating the root cause of the issue and encourages affected users to file a report … Read more
October 13, 2023 at 03:48PM The European Union (EU) is considering a rule that would require software publishers to disclose unpatched vulnerabilities to government agencies within 24 hours of exploitation. However, many IT security professionals are concerned about the potential abuse of this rule. They argue that the 24-hour window is too short and could … Read more
October 13, 2023 at 03:05PM French cloud service Shadow has confirmed that criminals stole a database containing customer data in a social-engineering attack against one of its employees. The stolen data includes personal information such as names, email addresses, dates of birth, billing addresses, and credit card expiration dates. The company reassured customers that no … Read more