Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Sophos to Acquire Se ...

 Business News

Sophos has announced plans to acquire Secureworks for $859 million in a bid to improve its position in the XDR market and enhance its threat intelligence, detection, and response capabilities. The deal, the largest in Sophos' nearly four-decade history, highlights the Oxford-based cybersecurity firm's   show more ...

aggressive expansion strategy. The deal for Sophos to acquire Secureworks - which was founded in 1999 and known for its AI-driven Taegis XDR platform - will add Secureworks' extensive expertise in managed detection and response (MDR), security information and event management (SIEM), and other critical areas to Sophos’ already broad security portfolio. Sophos to Acquire Secureworks to Strengthen Cybersecurity Sophos and Secureworks both hold strong reputations in the cybersecurity market, but with different areas of focus. While Sophos is well-known for endpoint, network, and cloud security solutions, Secureworks specializes in threat detection and response. The combination of these two companies aims to fill gaps in the security market by offering a unified, comprehensive solution. Sophos plans to integrate Secureworks' capabilities, such as identity detection and response (ITDR), SIEM, and operational technology (OT) security, into its current offerings. This merger intends to not only speed up threat detection and response times but also offer a stronger defense for businesses of all sizes. "Secureworks offers an innovative, market-leading solution with their Taegis XDR platform," said Sophos CEO Joe Levy. "Combined with our security solutions and industry leadership in MDR, we will strengthen our collective position in the market and provide better outcomes for organizations of all sizes globally." Addressing Cyber Threats with AI and Automation The acquisition comes as cybersecurity risks continue to escalate, driven by increasingly sophisticated cybercriminal tactics and global political tensions. The combined resources of Sophos and Secureworks will focus on addressing these evolving threats with a mix of AI, automation, and world-class threat intelligence. Sophos' plan to acquire Secureworks reflects the industry's growing emphasis on leveraging AI to detect threats more rapidly and automate responses across both native tools and third-party integrations. Also Read: Top 10 Threat Intelligence Companies Protecting Businesses in 2025 The two companies already cater to different types of customers, and by combining their technologies, they hope to make advanced security more accessible. This approach aims to deliver significant value for small to medium-sized businesses while also benefiting large enterprises. Channel Partners Set to Benefit The merger is not just a strategic win for both companies but also for their channel partners. Sophos and Secureworks are partner-centric organizations, with nearly all of Sophos’ business conducted through channel partners. Secureworks also generates a significant portion of its revenue through partnerships with value-added resellers (VARs), managed security service providers (MSSPs), and other channel partners. By offering a wider set of capabilities and a broader range of solutions, the merger is expected to create more value for these partners and their customers. Wendy Thomas, CEO of Secureworks, noted, "Sophos’ portfolio of leading endpoint, cloud, and network security solutions – in combination with our XDR-powered managed detection and response – is exactly what organizations are looking for to strengthen their security posture and collectively turn the tide against the adversary. Can Deal Reverse Falling Revenues? Secureworks has faced difficulties over the past few years, including a significant decline in revenue and workforce reductions. Despite the growing adoption of its Taegis XDR platform, revenue for the company fell 21.1% from $463.5 million in 2023 to $365.9 million in 2024. Additionally, the company has cut nearly 44% of its staff since 2021. This acquisition by Sophos could provide a much-needed boost to Secureworks, potentially reversing its downward trajectory by streamlining operations and focusing on high-growth areas such as XDR. The integration of Secureworks' advanced capabilities will help Sophos expand its reach in the market and reinforce its position as a leader in cybersecurity solutions. Arguably, acquiring Secureworks for a little more than two times annual sales could make the deal a bargain for Sophos if the Secureworks sales decline turns around. Financial and Transactional Details The acquisition is valued at approximately $859 million in an all-cash transaction, with Secureworks shareholders set to receive $8.50 per share. This offer represents a 28% premium over the company’s 90-day volume-weighted average price. Private equity firm Thoma Bravo, which acquired Sophos for $3.9 billion in 2020, will back the deal, along with financial advisors from Goldman Sachs, Barclays, BofA Securities, and other firms. Pending regulatory approval, the transaction is expected to close in early 2025. In the interim, both companies will continue to operate independently. Why the Acquisition Matters Sophos’ purchase of Secureworks signals a broader trend of consolidation in the cybersecurity industry, and the SIEM market in particular, following Cisco’s (CSCO) acquisition of Splunk in March and the merger of LogRhythm and Exabeam in May. Faced with increasingly sophisticated cyberthreats, companies seek to merge capabilities to provide more comprehensive platforms and solutions. The move also shows the importance of managed services and AI in modern cybersecurity strategies. By combining forces, Sophos and Secureworks aim to accelerate the delivery of advanced cybersecurity services, streamline threat response efforts, and ultimately offer stronger defenses against persistent cyber adversaries. With the new 'Age of AI' threats, integrating tools and services across companies will become crucial for staying ahead of attackers. The merger of Sophos and Secureworks could set a precedent for future industry consolidation, with other firms likely to follow suit to maintain competitive advantages.

image for AI in Remote Sensing ...

 Cyber News

Researchers from Northwestern Polytechnical University in China and Hong Kong Polytechnic University have revealed a flaw in the AI models powered by Deep Neural Networks (DNNs) used for remote sensing applications. Their findings have raised concerns about the reliability of AI systems in critical fields like   show more ...

intelligence gathering, disaster management, transportation, and climate monitoring. AI's Expanding Role in Remote Sensing In recent years, AI models have increasingly taken over tasks previously performed by human analysts. Airborne and satellite sensors collect vast amounts of raw data, and deep learning (DL) models process this information to identify objects, make classifications, and provide actionable insights. These models are used in everything from mapping to disaster response, and their ability to process data quickly and efficiently is seen as a game changer in many industries. However, as advanced as AI models may seem, their decision-making is still shrouded in mystery. While they may generate accurate outputs, the rationale behind their decisions remains opaque. Unlike humans, AI lacks intuition and the capacity for creative problem-solving, making them susceptible to mistakes. The team of researchers aimed to dive deeper into this opacity to uncover the vulnerabilities hidden within DNNs used in these crucial applications. Uncovering the Vulnerabilities “We sought to address the lack of comprehensive studies on the robustness of deep learning models used in remote sensing tasks, particularly focusing on image classification and object detection,” explained lead author Shaohui Mei from the School of Electronic Information at Northwestern Polytechnical University. The team’s objective was to evaluate the models’ resilience to both natural and adversarial noise. They specifically analyzed how AI systems handled tasks in challenging conditions, such as poor weather, random noise, and deliberate attacks aimed at manipulating their decision-making. Natural Challenges and Digital Attacks Deep learning models are vulnerable to a variety of factors in the physical world. Conditions like fog, rain, or dust can distort the data gathered by sensors, reducing the clarity needed for accurate object detection. These environmental challenges pose significant threats to the accuracy of AI-driven systems, especially in real-world scenarios like disaster response, where the conditions are far from ideal. Over time, natural wear and tear on the equipment itself can also contribute to degraded data quality. While natural interference is a known challenge, digital attacks represent a more targeted and deliberate threat. Hackers can exploit weaknesses in AI models through various attack methods. The team tested well-known techniques such as the Fast Gradient Sign Method (FGSM), Projected Gradient Descent, and AutoAttack, among others. These attacks often manipulate the data fed into the AI model, tricking it into making incorrect classifications. One notable observation was that digital attacks can even involve one AI system attacking another. In such cases, a more robust AI model is likely to prevail, but attackers often use tricks like "momentum" or "dropout" to give their weaker models an edge. Physical Manipulation – An Overlooked Threat One of the team’s most intriguing discoveries was that physical manipulation can be just as effective as digital attacks. Physical attacks involve placing or altering objects in the environment that confuse the AI model. Surprisingly, the manipulation of the background around an object had an even greater impact on AI’s ability to recognize the object than changes to the object itself. For example, altering the environment or adding visual noise in the background could significantly impair a model’s object detection performance. This finding suggests that while much of the focus on AI security has been on defending against digital threats, physical manipulation—such as subtle changes in the landscape or environment—can be just as dangerous, if not more so. This could have critical implications for real-world AI applications, especially in fields like urban planning, disaster response, and climate monitoring, where accuracy is paramount. Addressing AI’s Weaknesses The study highlights the importance of training AI models to handle a wider variety of scenarios. Instead of focusing only on ideal conditions, AI systems need to be robust enough to operate effectively under challenging, real-world circumstances. According to the research team, the next steps will involve further refining their benchmarks and conducting more extensive tests with a broader range of models and noise types. “Our ultimate goal is to contribute to developing more robust and secure DL models for remote sensing, thereby enhancing the reliability and effectiveness of these technologies in critical applications such as environmental monitoring, disaster response, and urban planning,” Mei stated. Implications for the Future The findings highlight an urgent need for more secure and resilient AI systems. As AI continues to play a growing role in remote sensing, ensuring its reliability is essential. Cybersecurity and AI researchers will need to work hand in hand to develop better defenses against both digital and physical threats. This research brings to light the vulnerabilities that remain in current AI technology, calling into question the level of trust that should be placed in these systems without significant improvements in their robustness. With AI being increasingly integrated into critical infrastructure and services, understanding and addressing these vulnerabilities is more important than ever. In conclusion, while AI holds incredible potential for remote sensing and other vital applications, its current vulnerabilities—both digital and physical—could undermine its effectiveness.

image for Internet Archive Str ...

 Cyber News

The Internet Archive, a non-profit organization widely known for preserving the digital history of the web through its Wayback Machine, has fallen victim to its third major cyberattack in October 2024. On October 20, hackers exploited unrotated API tokens to gain unauthorized access to the Archive’s Zendesk support   show more ...

platform, putting sensitive user data at risk. The Internet Archive data breach follows two earlier attacks this month, making it a challenging period for the firm, which serves as a vital resource for millions of researchers, historians, and the general public. This Internet Archive data breach could potentially expose personal identification documents submitted by users in support tickets dating back to 2018. API Token Vulnerability Leads to Internet Archive Data Breach The root cause of the October 20 cyberattack appears to be the Internet Archive’s failure to rotate API tokens for its Zendesk system. Despite being aware of previous security vulnerabilities, the organization did not implement the necessary changes to secure its API, enabling hackers to exploit these unrotated tokens. As a result, they gained unauthorized access to the Zendesk support platform, which manages user support tickets. These support tickets may include highly sensitive information, such as personal identification documents submitted by users seeking assistance with various aspects of the Archive’s services. The extent of the data compromised is still being assessed, but the potential for significant privacy violations looms large. Internet Archive's Response Brewster Kahle, founder of the Internet Archive, acknowledged the security breaches and emphasized the organization’s ongoing efforts to enhance security. In a statement shared on the Internet Archive’s official social media channels, Kahle provided insight into the behind-the-scenes work taking place to restore services and bolster security measures. "I talked to many people with more to come, and I'm sneaking out this verified fact: People are working so incredibly hard," reads the Reddit post. "The teams have getting the site back secure and safe as the number one priority. They have taken no days off this past week. They are taking none this weekend." [caption id="attachment_91636" align="aligncenter" width="483"] Source: RedditThe[/caption] This statement highlights the round-the-clock efforts of the Archive’s developers and system administrators to secure the platform and protect user data. Despite the tireless work, Internet Archive acknowledged the toll these incidents have taken on the staff, noting that many were exhausted yet determined to resolve the issues and restore normalcy. The public has shown strong support for the Internet Archive, with many users on social media tweeting messages like “We stand with @internetarchive,” expressing solidarity with the organization during this tumultuous time. [caption id="attachment_91635" align="aligncenter" width="633"] Source: X[/caption] Series of Cyberattacks in October This Internet Archive data breach is the latest in a series of cyberattacks that have hit the Internet Archive over the past few weeks. The wave of attacks began on October 9, when hackers exploited an exposed GitLab token to access the Archive’s source code and user database, compromising the personal information of 31 million users. This breach was a significant blow to the Archive’s security, as it exposed usernames, email addresses, and salted-encrypted passwords. Following the initial breach, the organization was also hit by a Distributed Denial of Service (DDoS) attack, which temporarily disrupted the Archive’s operations. Hackers further defaced the Archive’s website by exploiting a vulnerability in its JavaScript library. In a tweet addressing the October 9 attack, Kahle provided details about the organization's response, writing, "DDOS attack—fended off for now; defacement of our website via JS library; breach of usernames/email/salted-encrypted passwords. What we’ve done: Disabled the JS library, scrubbing systems, upgrading security." These incidents have exposed critical vulnerabilities in the Internet Archive’s security infrastructure, raising concerns about the organization's ability to safeguard its vast collection of data. The Archive, which holds over 42.1 million print materials, 13 million videos, 1.2 million software programs, and an astounding 866 billion web pages as of September 2024, plays a pivotal role in preserving the digital history of the internet. Any compromise of its systems could have far-reaching consequences for users and the integrity of the web’s historical record. Impact on Users and Data Security The potential fallout from the October 20 attack is significant. If personal identification documents and sensitive user data were indeed accessed and downloaded by the hackers, the affected users could face a heightened risk of identity theft, fraud, and other forms of cybercrime. While it remains unclear exactly how much data the attackers were able to obtain, the breach highlights the growing threat of cyberattacks on non-profit organizations and public institutions. The Internet Archive’s failure to rotate API tokens is a particularly concerning oversight, given the increase in cyberattacks and the well-documented importance of regularly updating security protocols. The organization’s slow response to previous security vulnerabilities likely contributed to the hackers' ability to infiltrate its systems repeatedly throughout October. Strengthening Security Measures The Internet Archive has pledged to improve its security infrastructure to prevent future incidents. The organization is reportedly upgrading its systems, rotating API tokens, and conducting a thorough review of its security practices. However, given the frequency and severity of the recent breaches, these steps may not be enough to fully reassure users who have trusted the Archive with their data. As the Internet Archive works to recover from these attacks, the broader lesson for organizations, both non-profit and otherwise, is clear: cybersecurity must remain a top priority. The failure to address known vulnerabilities can have devastating consequences, as demonstrated by the repeated attacks on the Archive in October 2024.

image for Addressing Vulnerabi ...

 Firewall Daily

The industrial control systems (ICS) sector has increasingly been the focus of both cybersecurity officials and threat actors due to vulnerabilities that threaten the integrity and security of critical infrastructure. Among these concerns, specific ICS vulnerabilities from major manufacturers like Siemens, Rockwell,   show more ...

and Delta have emerged as challenges that must be addressed to protect operational technology (OT) environments.  The cybersecurity landscape for ICS has become complex. With the rise of interconnected systems, the risk of exploitation through ICS vulnerabilities has escalated. These vulnerabilities can result in unauthorized access, disruption of operations, or even catastrophic failures in critical infrastructure sectors, including energy, water, and transportation.  A recent report from the Cybersecurity and Infrastructure Security Agency (CISA) highlighted a series of ICS vulnerabilities and underscores the necessity for organizations to prioritize the security of their ICS environments. Cyble, meanwhile, identified 54 ICS vulnerabilities spanning multiple vendors that security teams should address, showcasing widespread security issues in the industry.  Specific Critical ICS Vulnerabilities Explained One of the most prominent concerns are 14 vulnerabilities in Siemens products. According to CISA, certain Siemens products contained flaws that could allow attackers to execute arbitrary code. The report emphasized that these ICS vulnerabilities were critical due to the potential impact on safety and operational integrity. Organizations using Siemens products are urged to implement necessary patches and updates to mitigate these risks.  Similarly, Rockwell vulnerabilities have also come to the forefront. Rockwell Automation's products, which are widely used in various industrial settings, were found to have several vulnerabilities that could be exploited by malicious actors. Delta Electronics has not been immune to these challenges either. The Delta vulnerabilities identified in their products highlighted flaws that could enable unauthorized access to control systems. With many industries dependent on Delta's automation solutions, addressing these vulnerabilities is critical to maintaining secure operations.  Impact of Vulnerabilities in Critical ICS Products The implications of these critical ICS vulnerabilities are beyond individual organizations. The exploitation of any of these ICS systems could lead to widespread disruptions, affecting supply chains and essential services. For instance, a breach in a power grid control system could lead to blackouts, endangering public safety and causing significant economic repercussions.  To illustrate the severity of these issues, a cybersecurity incident involving an ICS vulnerability could result in millions of dollars in damages, not to mention the potential harm to reputation and trust with clients and the public.  Best Practices for ICS Mitigation In light of the vulnerabilities present in critical ICS products, organizations must adopt a proactive approach to cybersecurity. Addressing these issues effectively requires a series of best practices that can help safeguard operational technology environments. First and foremost, organizations should stay informed about updates from manufacturers, especially widely used products from the likes of Siemens, Rockwell, and Delta. Timely application of patches can significantly reduce the risk of exploitation, ensuring that systems remain secure against known vulnerabilities. Another crucial step is to isolate ICS networks from corporate networks. This separation minimizes the potential impact of an attack by creating a barrier that prevents threats from spreading between systems. By maintaining distinct networks, organizations can better protect their critical infrastructure. Implementing security monitoring solutions is also essential. Real-time detection of unusual activity allows for early intervention, which can mitigate the effects of a potential breach before it escalates. Employee education plays a vital role in cybersecurity as well. Staff members are often the first line of defense, and raising their awareness about best practices can help prevent many attacks. Ongoing training ensures that everyone understands their role in maintaining security. Finally, organizations should develop and regularly test an incident response plan. Being well-prepared for a breach can make all the difference in minimizing damage and recovering swiftly. Regular drills and updates to the plan will enhance readiness and resilience against potential threats.

image for New U.S. Rule Takes ...

 Compliance

Disinformation is fueled by sensitive data, and the United States has learned some hard lessons in the build-up to this year's presidential elections, where its adversaries have run rampant disinformation campaigns. So what is it doing about it? The U.S. is introducing a new rule that targets foreign threats   show more ...

exploiting sensitive data of its citizens. The U.S. Department of Justice on Monday, in a Notice of Proposed Rulemaking (NPRM), proposed a significant initiative to protect Americans' sensitive data from foreign adversaries. The rule, derived from President Biden’s Executive Order 14117, aims to curb the exploitation of U.S. data by countries identified as threats. The new proposal doesn’t impose sweeping changes immediately but instead seeks public feedback for refining the rule before it takes effect. A Response to Foreign Threats Exploiting Sensitive Data Countries such as China, Russia, and others have increasingly utilized sensitive U.S. data to bolster their cyber capabilities. This data, often obtained through commercial transactions, can be exploited for blackmail, espionage, and cyberattacks. The NPRM outlines stringent measures targeting data transactions that risk providing foreign adversaries access to bulk sensitive data, such as biometric, genomic, and geolocation information. These regulations build on the framework previewed in the Department’s March Advance Notice of Proposed Rulemaking (ANPRM) and introduce specific classes of restricted transactions. Key Provisions and Covered Data The proposed rule introduces prohibitions and restrictions on data transactions with designated "countries of concern" and "covered persons." It defines six categories of sensitive personal data, including biometric identifiers and financial data, that could be exploited for national security threats if linked to identifiable U.S. individuals. For instance, transactions involving over 1,000 individuals' biometric data or 10,000 individuals' financial data would trigger regulatory scrutiny. Also Read: FTC Fines Cerebral $7 Million for Sharing Millions of Patients’ Data In terms of scope, the rule designates China, Cuba, Iran, North Korea, Russia, and Venezuela as countries of concern due to their documented threats to U.S. national security. The rule also regulates data associated with U.S. government personnel, given its potential for misuse in intelligence operations​. Restrictions and Security Requirements The NPRM details three primary categories of restricted transactions: vendor agreements, employment agreements, and certain investment agreements. These can proceed only if stringent security measures are in place, as outlined by the Department of Homeland Security's Cybersecurity and Infrastructure Agency (CISA). Requirements include encryption, data minimization, and organizational policies that mitigate risks associated with data access by foreign entities. The rule proposes multiple exemptions, such as those for telecommunications services, financial services incidental to routine operations, and certain intra-corporate data transfers. Exemptions also cover clinical-trial data, reflecting industry concerns raised during the ANPRM comment period. Compliance and Reporting Obligations To ensure adherence, the rule would require affected U.S. entities to develop risk-based compliance programs tailored to their operational scale and geographic exposure. Compliance programs must include audits, data-flow logging, and secure data handling practices. The NPRM also sets forth reporting requirements for U.S. persons involved in data transactions that might pose risks due to foreign affiliations. Non-compliance carries substantial penalties, including fines up to $1 million and imprisonment for willful violations. This stringent enforcement aligns with the broader U.S. strategy of using economic tools to counter national security threats posed by foreign adversaries. What's Next and Stakeholder Involvement The Justice Department invited public comments within 30 days of the NPRM’s publication in the Federal Register. This outreach follows a robust consultation process initiated with the ANPRM, where the Department engaged over 100 stakeholders to shape the rule’s development. While the NPRM does not introduce new surveillance capabilities, it significantly raises the bar for safeguarding sensitive data from misuse by foreign powers. As regulatory frameworks evolve, companies handling high volumes of sensitive data must adapt quickly to these emerging security expectations.

image for Tougaloo College Lau ...

 Firewall Daily

Tougaloo College has officially opened its new cybersecurity clinic, dedicated to providing free cybersecurity services to underserved entities. Launched on October 4, 2024, the clinic is strategically located in Kincheloe Hall, Room 105, and aims to support organizations such as churches, healthcare providers, small   show more ...

businesses, and community organizations that often lack the resources to defend against cyberattacks.  As digital threats continue to proliferate, the need for better cybersecurity measures has never been more critical. According to the 2023 Hiscox Cyber Readiness Report, 53% of firms reported experiencing cyberattacks that year, with a staggering 36% of those incidents affecting businesses with ten or fewer employees.   Tougaloo College Cybersecurity Clinic  The clinic's director, Demetria White, emphasizes the urgent need for increased awareness and training in the field. Every aspect of how we live comes with a cyber threat," she remarked. This is a growing field that our students really need to be exposed to; they need to receive training in it." Through the clinic, students not only gain practical experience but also contribute to the safety of their communities.  Funded by a generous $1 million grant from the Google Cybersecurity Clinics Fund, the initiative aligns with a national effort to establish cybersecurity clinics across various colleges and universities. These clinics not only serve their local communities but also offer invaluable hands-on experience for students pursuing careers in cybersecurity.  The clinic's offerings extend beyond direct services. It will also provide cyber awareness training to students, faculty, staff, and community clients, fostering a culture of security literacy. Sharron Streeter, the clinic’s client liaison, highlighted the pervasive misconception that cyber threats primarily target large organizations. Most people think, ‘It’s not going to be me; I’m just a little fry.’ But it can happen to anyone, and we know that one single breach can impact millions of people at a time," she cautioned.  Roles and Duties  Computer science majors Aeries Hoskins and Noel Ricks play pivotal roles in the clinic's operations, leading the first cohort of interns. They are keen to attract students from various disciplines, emphasizing that cybersecurity is a field that welcomes diverse skill sets. Ricks articulated this sentiment: “I hope that they can see that cybersecurity isn’t just for computer science; it’s for everyone.”  Hoskins echoed this, warning of the subtlety with which cyber intrusions can occur. "People can log into your phone, take everything from you, and then go on about their day. And you would never know that they ever did that," he noted. Such insights highlight the need for ongoing education and proactive measures in the digital age.  The cybersecurity clinic follows a model akin to law and medical schools that offer free community clinics, focusing on serving those most vulnerable to cyber threats. It highlights Tougaloo College’s commitment to diversity by actively recruiting students from a variety of academic backgrounds, aiming to cultivate a new generation of cybersecurity professionals.  As one of 15 higher education institutions nationwide launching a cybersecurity clinic in 2024, Tougaloo College is part of a groundbreaking collaboration with Google and the Consortium of Cybersecurity Clinics. This initiative not only recognizes the escalating importance of cybersecurity but also addresses the urgent need for accessible security services tailored for at-risk communities.  With the rise in digital threats, the establishment of the Tougaloo College cybersecurity clinic is a timely and essential step in safeguarding vulnerable organizations.  

image for Security and privacy ...

 Privacy

Weve previously explained why its essential to configure privacy settings before using training trackers — both on your phone in general and within the app itself. Doing so minimizes the risk of exposing your personal data, including your location, to the public. You wouldnt want just anyone to be able to follow   show more ...

your runs and know exactly where and when to find you offline, would you? You can check out our already published guides on configuring smartphones and the popular running apps Strava and Nike Run Club. Today, were focusing on privacy settings in MapMyRun. MapMyRun (available for Android and iOS) has a rather interesting history. In September 2024, it was acquired as part of the MapMyFitness suite of apps by the media company Outside (led by CEO Robin Thurston) from the American sportswear manufacturer Under Armour. And Under Armour, in turn, had acquired this suite for $150 million back in 2013 from… Robin Thurston, the very same person who founded MapMyFitness in 2007! So, after 11 years, Thurston regained the company he had founded 17 years earlier. Setting up privacy in MapMyRun Unlike many apps, you wont find the privacy settings under the usual cog icon in the top right corner of the main screen – thats for workout settings. Instead, tap the three dots in the bottom right corner for iOS, or the three-line burger menu in the top left corner for Android, then select Settings (not Privacy Center — thats something else). On the next screen, choose Privacy. Where to find privacy settings in MapMyRun: ••• -> Settings -> Privacy What should you configure here? First, under Profile Sharing, make sure its set to My Friends or, even better, Only me. Its also a good idea to toggle off the switch next to Find me by email address so people cant do just that. Next, check Route Sharing and Workout Sharing and ensure theyre also set to My Friends or, preferably, Only me. Finally, go back to Settings, find Push Notifications, and disable any unnecessary notifications — or just turn them all off with the toggle at the top. Configuring privacy in MapMyRun If you decide to stop using MapMyRun, its a good idea to delete your account. To do this, navigate to Settings -> Privacy Center and choose Delete Account. If you use other fitness apps to track your workouts, you can set their privacy settings using our guides: Strava Nike Run Club adidas Running (formerly Runtastic) – still to come ASICS Runkeeper (ditto) You can also learn how to configure privacy in other apps — from social networks to browsers — on our website Privacy Checker. And Kaspersky Premium will maximize your privacy protection and shield you from digital identity theft on all your devices. Dont forget to subscribe to our blog to stay ahead of scammers with more guides and helpful articles.

 Feed

Ubuntu Security Notice 7077-1 - Enrique Nissim and Krzysztof Okupski discovered that some AMD processors did not properly restrict access to the System Management Mode configuration when the SMM Lock was enabled. A privileged local attacker could possibly use this issue to further escalate their privileges and execute arbitrary code within the processor's firmware layer.

 Feed

Debian Linux Security Advisory 5793-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

 Feed

Helper is an enumerator written in PHP that helps identify directories on webservers that could be targets for things like cross site scripting, local file inclusion, remote shell upload, and remote SQL injection vulnerabilities.

 Feed

Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organization’s attack surface, both internal and external. By providing a structured approach, these checklists help testers systematically

 Feed

Hi there! Here’s your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies were hit with attacks, while others fixed their vulnerabilities just in time. It's a constant battle.

 Feed

Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data. "The vulnerabilities range in severity: in many cases a malicious server can inject files, tamper with file data, and even gain direct access to plaintext," ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong

2024-10
Aggregator history
Monday, October 21
TUE
WED
THU
FRI
SAT
SUN
MON
OctoberNovemberDecember