Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Microlise Admits Hac ...

 Cyber News

Microlise, a Nottingham-based telematics company specializing in transport management solutions, has confirmed that hackers breached its corporate network three weeks ago. The Microlise cyberattack, which temporarily disrupted customer operations, has now largely been contained, with most systems restored to normal   show more ...

functionality. The Microlise cyberattack, disclosed in a statement to the London Stock Exchange on Monday, involved the exfiltration of corporate data from Microlise’s headquarters. Details of Microlise Cyberattack The company emphasized that no customer system data was compromised during the breach, alleviating concerns over potential widespread operational fallout. Despite this reassurance, the Microlise cyberattack had significant repercussions for some customers. British prison vans, for instance, were left without functioning tracking systems or panic alarms during the disruption. These services have since been restored as the company works to ensure full operational stability. Microlise reported that most customer systems are back online, although a few clients are conducting their own security verifications before reactivating user access. The company stated, “The vast majority of customer systems are back online, with some remaining customers conducting their own security verifications before enabling users.” In an earlier update, Microlise announced that employee data might have been exposed during the breach. To address this, the company has notified affected individuals, in compliance with regulatory requirements, and has been in communication with the Information Commissioner’s Office (ICO). Ongoing Impact and Future Outlook The company is continuing to assess the broader implications of the cyberattack but remains optimistic about its financial stability. Microlise’s Board stated that it does not anticipate a material adverse impact on trading forecasts or its financial position for fiscal year 2024. In its statement, the company added, “We are making substantial progress in containing and clearing the threat from our network. Services are being brought back online and are expected to return to normal by the end of next week.” Microlise has involved international authorities and is cooperating with law enforcement to investigate the breach. This includes notifying regulatory bodies about the exfiltration of corporate data from its headquarters. About Microlise Founded in 1982, Microlise is a leader in SaaS-based transport technology solutions designed to optimize fleet operations. Its software helps reduce fuel consumption, minimize mileage, improve driver performance, and enhance overall efficiency. The company serves over 400 enterprise clients globally, providing critical tools for fleet management, safety, and emissions reduction. With a staff of over 750 employees, including 463 based at its Nottingham headquarters, Microlise operates offices in France, Australia, and India. The company’s solutions have earned it a reputation as an innovator in the transport technology sector, and it continues to play a pivotal role in modernizing fleet management. Corporate data breaches can disrupt operations, erode trust, and lead to significant financial and reputational risks. Notably, Microlise managed to prevent customer data from being compromised—a critical factor in maintaining stakeholder confidence. However, the temporary disruption to customer services, including critical systems for British prison vans, highlights the real-world impact of such incidents. Companies must prioritize strong cybersecurity strategies to protect against evolving threats. This includes: Regularly updating security protocols and software. Conducting comprehensive security audits and employee training. Establishing incident response plans for rapid containment and recovery. Engaging with external cybersecurity experts for proactive threat management. As the investigation continues, the company aims to use the lessons learned to strengthen its cybersecurity measures and prevent similar incidents in the future.

image for AI Firm iLearningEng ...

 Cyber News

iLearningEngines, an artificial intelligence company, recently disclosed a cybersecurity breach that resulted in the misdirection of a $250,000 wire payment. The iLearningEngines cyberattack, reported through an 8-K filing with the U.S. Securities and Exchange Commission (SEC) on Monday, highlights the increasing   show more ...

risks businesses face from cyberattacks. The company revealed that a threat actor illegally accessed its network, compromising files and redirecting a significant wire payment. In addition, several email messages were deleted during the breach. iLearningEngines stated that the stolen funds have not been recovered. Details of the iLearningEngines Cyberattack According to the SEC filing, the iLearningEngines data breach has been contained, and the company swiftly activated its cybersecurity response plan upon discovering the intrusion. The response included launching an internal investigation and hiring a nationally recognized forensic firm and external advisors to assess the situation. “The ongoing investigation has revealed that a threat actor illegally accessed the Company’s environment and certain files on its network, misdirected a $250,000 wire payment and deleted a number of email messages,” the filing reads. Impact on the Company While the incident is expected to have a material impact on iLearningEngines' operations for the quarter ending December 31, 2024, the company remains optimistic about its full-year results. However, the breach poses several challenges, including potential litigation, regulatory scrutiny, and changes in customer and investor behavior. “The Company remains subject to various risks due to the incident, including diversion of management’s attention, potential litigation, changes in customer or investor behavior, and regulatory scrutiny,” the filing further noted. The iLearningEngines data breach comes at a time when iLearningEngines is already under scrutiny. Recently, the company faced allegations of artificially inflating revenue figures. CEO Harish Chidambaran has publicly defended the company, calling the accusations baseless. “iLearningEngines has a long-standing track record, audited financials, and has delivered significant innovation in AI for enterprise learning and work automation,” Chidambaran stated. Adding to its woes, a law firm announced a class action lawsuit last week, alleging that iLearningEngines misled investors about its financial health. Business Email Compromise: A Growing Threat The type of attack experienced by iLearningEngines is known as business email compromise (BEC). This form of cybercrime targets organizations that rely on wire transfers or automated clearing house (ACH) payments, tricking employees into sending funds to hacker-controlled accounts. BEC schemes are a significant global issue, with the FBI reporting losses of $2.9 billion in 2023 alone. Cybercriminals are increasingly leveraging custodial accounts at financial institutions for cryptocurrency exchanges and third-party payment processors, making fund recovery challenging. Response and Recovery Efforts To mitigate the breach's effects, iLearningEngines is continuing its investigation and assessing impacted systems and data. The company has emphasized that the recovery efforts, while incurring additional expenses, will not have a lasting impact on its annual financial performance. Despite these assurances, the short-term implications are evident. The breach will likely divert management’s focus, strain resources, and potentially damage the company’s reputation among customers and investors. Company Overview and Recent Challenges iLearningEngines, which reported $135.5 million in revenue last quarter, provides automation tools for over 1,000 companies spanning healthcare, education, and retail sectors. The firm has positioned itself as a pioneer in enterprise learning and AI-driven work automation. However, the recent breach compounds existing challenges, including public scrutiny over its financial practices and the looming class action lawsuit. The Cyber Express has reached out to iLearningEngines for further comment on the breach. At the time of reporting, no additional information has been provided. This remains a developing story, and updates will be shared as they become available.

image for Meridian Man Sentenc ...

 Cyber News

Robert Purbeck, a 45-year-old resident of Meridian, Idaho, has been sentenced to 10 years in federal prison for conducting a series of cyberattacks and extortion schemes targeting victims across the United States. Purbeck's crimes, which included hacking into computer servers and stealing sensitive personal   show more ...

information from public and private entities, affected over 132,000 individuals and caused significant financial and operational damage to his victims. A Campaign of Cyber Intrusion Purbeck’s cybercriminal activities date back to at least 2017. He gained unauthorized access to servers through darknet marketplaces, where he purchased stolen credentials to exploit vulnerabilities in computer systems. His targets included a Griffin, Georgia, medical clinic, the City of Newnan Police Department, and 17 other organizations nationwide. June 2017: Purbeck breached the computer systems of a medical clinic in Griffin, Georgia, and extracted sensitive records containing personal data—including names, addresses, birth dates, and Social Security numbers—of over 43,000 individuals. February 2018: He hacked into the City of Newnan Police Department’s systems, stealing police reports and other documents with personal data of more than 14,000 people. A Brazen Attempt at Extortion Purbeck’s cybercrimes escalated in July 2018, when he attempted to extort a Florida orthodontist. After stealing sensitive patient records, Purbeck demanded payment in Bitcoin, threatening to expose the stolen data publicly if his ransom was not met. He even extended his threats to the orthodontist’s minor child, demonstrating a callous disregard for the well-being of his victims. Over 10 days, Purbeck harassed the orthodontist and patients through a barrage of threatening emails and text messages. Investigation and Arrest In August 2019, FBI agents executed a federal search warrant at Purbeck’s home in Meridian, Idaho. The raid uncovered a trove of electronic devices and computers containing the stolen personal data of over 132,000 individuals. Evidence confirmed that Purbeck’s hacking activities had caused substantial financial losses and disruptions to his victims, who faced remediation costs and operational setbacks as a result of his actions. Following his guilty plea in March 2024 to two counts of computer fraud and abuse, Purbeck was sentenced by Chief U.S. District Judge Timothy C. Batten, Sr. to 10 years in prison. In addition, he received three years of supervised release and was ordered to pay restitution amounting to $1,048,702.98 to his victims. Law Enforcement and Legal Collaboration The investigation was led by the FBI’s Atlanta Field Office, with assistance from the FBI Boise (Idaho) Resident Agency. The prosecution team included Assistant U.S. Attorneys Michael Herskowitz, Nathan Kitchens, and Alex R. Sistla, as well as Trial Attorney Brian Mund of the Department of Justice’s Computer Crime and Intellectual Property Section. U.S. Attorney Ryan K. Buchanan of the Northern District of Georgia praised the collective effort and said: "Purbeck’s crimes reflect the actions of a callous cybercriminal who stole sensitive information and used threats to extort his victims. Thanks to the tireless work of law enforcement, his time hiding behind a computer to intimidate and harm others has come to an end." Sean Burke, Acting Special Agent in Charge of the FBI Atlanta, added: "Cyber extortion is a growing threat, highlighting the critical need for organizations to prioritize cybersecurity. This sentencing is a testament to the FBI’s commitment to holding cybercriminals accountable, regardless of their location." Purbeck’s sentencing highlights the serious consequences of cybercrime, offering a measure of justice to his victims while sending a strong message to those who attempt to use technology for malicious purposes.

image for CISA Rolls Out Next- ...

 Cyber News

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled CISA Learning, a next-generation learning management system (LMS) aimed at modernizing training and education for its employees and key stakeholders. This transformative platform is part of CISA's broader commitment to streamlining its   show more ...

enterprise learning environment and expanding access to critical cybersecurity training for government personnel, veterans, and partners across the nation. CISA Learning replaces the Federal Virtual Training Environment (FedVTE) while retaining and enhancing its core functionalities. Through this transition, the agency aims to ensure that users experience no interruptions in accessing vital training content, which is now centralized and more user-friendly. Expanding Access to Cybersecurity Training CISA Learning offers its comprehensive training resources not only to federal employees but also to state, local, tribal, and territorial (SLTT) government agencies, U.S. military personnel, veterans, and the general public—free of charge. “This modernized learning management system represents a major leap forward,” said Dr. Elizabeth Kolmstetter, CISA's Chief People Officer. “CISA Learning builds upon the tools and resources that have been instrumental in delivering free cybersecurity training to government employees, contractors, and U.S. veterans. This is part of CISA’s commitment to training and growing the nation’s cybersecurity workforce to better protect the critical infrastructure Americans rely on every day.” Enhanced Capabilities for Scalable Training CISA Learning introduces a range of advanced features designed to meet the agency's evolving needs. These include: Classroom-Based Courses: In-person training sessions for hands-on learning. Virtual Instructor-Led Training: Remote learning opportunities with real-time interaction. Self-Paced Online Modules: Flexible training options that cater to individual schedules. By offering these diverse formats, CISA Learning ensures a more adaptable and engaging experience for users, whether they are learning from an office, at home, or in the field. A Unified and Centralized Learning Hub One of the standout features of CISA Learning is its centralized platform, which consolidates all training programs under one system. This eliminates the need for multiple platforms and provides a seamless user experience. Key benefits include: Improved Student Administration: Simplified processes for course enrollment, tracking, and reporting. Enhanced Reporting Capabilities: Comprehensive insights into course completion and student progress to support data-driven training program improvements. The centralization of training resources is expected to streamline educational efforts, making it easier for users to access, track, and complete their training goals. Transitioning from FedVTE to CISA Learning The transition from FedVTE to CISA Learning has been carefully planned to ensure continuity for users. The Office of the Chief People Officer’s Training and Education branch, in collaboration with the Office of Personnel Management’s (OPM) USA Learning platform, is overseeing this transition. FedVTE users will now benefit from a more robust and scalable system designed to address modern cybersecurity challenges. All content previously available on FedVTE has been migrated to CISA Learning, including: Over 850 hours of training aligned with the National Initiative for Cybersecurity Education (NICE) Framework. Certification preparation courses for Ethical Hacking, Certified Information Security Manager (CISM), and Certified Information Systems Security Professional (CISSP). Training programs suitable for all skill levels, from beginner to advanced. Flexibility to learn at one's own pace using any computer or mobile device. Broad Access and Inclusivity CISA Learning is accessible to a wide audience, reflecting CISA's mission to build a stronger cybersecurity workforce. The platform is available to: Federal government employees and contractors. SLTT government employees. U.S. military personnel and veterans. The general public interested in advancing their cybersecurity knowledge. By making these resources freely available, CISA underscores its commitment to inclusivity and collaboration in securing the nation’s critical infrastructure. A Milestone in Cybersecurity Education CISA Learning represents a major milestone in the agency's efforts to address the ever-changing demands of the cybersecurity landscape. By investing in advanced training tools, CISA aims to enhance the skillsets of its workforce and partners, ensuring they are better equipped to tackle emerging threats. This modernized platform serves as the cornerstone of CISA’s strategy to maintain its leadership in cybersecurity education and training. It also aligns with the agency's broader vision of fostering innovation and resilience within the cybersecurity workforce.

image for Bunnings Facial Reco ...

 Compliance

Australia’s Privacy Commissioner has ruled against Bunnings Group Limited for violating privacy laws through its use of facial recognition technology, a decision that intensifies scrutiny on the ethics of biometric surveillance. Bunnings, an Australian retail giant, deployed facial recognition technology in 63   show more ...

stores across Victoria and New South Wales between November 2018 and November 2021. Through CCTV systems, the retailer captured facial images of potentially hundreds of thousands of customers, a move deemed “disproportionately intrusive” by Privacy Commissioner Carly Kind. Ethical Dilemma in Surveillance Technology “Facial recognition technology, and the surveillance it enables, has emerged as one of the most ethically challenging new technologies in recent years,” Kind said. While the system’s ability to deter violence and crime is acknowledged, she said the privacy rights must outweigh convenience. The investigation found that Bunnings lacked transparency and failed to obtain explicit consent from customers. This absence of informed consent violated Australia’s Privacy Act, which classifies biometric data, such as facial images, as “sensitive information” requiring stringent protections. “Individuals who entered the relevant Bunnings stores at the time would not have been aware that facial recognition technology was in use and especially that their sensitive information was being collected, even if briefly,” Kind said. “We can’t change our face. The Privacy Act recognises this, classing our facial image and other biometric information as sensitive information, which has a high level of privacy protection, including that consent is generally required for it to be collected.” Governance and Privacy Gaps The Privacy Commissioner’s report notes systemic governance failures, including insufficient measures to inform customers and a lack of clarity in Bunnings’ privacy policy. The retailer did not adequately notify customers that their biometric data was being recorded or explain how it would be used. The Office of the Australian Information Commissioner (OAIC) has now ordered Bunnings to cease these practices, delete the collected data within a year, and publish a statement on its website detailing the breach. The OAIC also released a privacy guide for businesses on the responsible use of facial recognition technology. Also read: Australia Faces Surge in Data Breaches to Highest Level in 3.5 Years Bunnings Defends Its Actions Bunnings managing director Mike Schneider expressed disappointment over the ruling, defending the use of the technology as a necessary safety measure. “Our use of facial recognition was never about convenience or saving money,” Schneider told local Australian media. “It was about safeguarding our team, customers, and suppliers amid increasing exposure to violent and organized crime.” According to Schneider, 70% of security incidents in Bunnings stores involved repeat offenders, and facial recognition provided an efficient way to enforce store bans. The retailer maintained that customer privacy was not compromised, citing automatic deletion of unmatched facial data within milliseconds. Bunnings also clarified that the data was never used for marketing or behavioral tracking. However, the Commissioner’s findings stated that any collection of biometric data, even briefly, requires prior consent and robust safeguards. A Growing Industry Trend The investigation into Bunnings’ practices followed a 2022 report by consumer advocacy group Choice, which revealed that multiple retailers, including Kmart and The Good Guys, were using facial recognition technology. While all three companies suspended the practice after public backlash, Kmart remains under investigation, and The Good Guys were cleared by regulators . The growing public concern over the ethics of facial recognition technology is especially sharp in retail settings, where its use may not align with societal values. Critics argue that such technology disproportionately infringes on privacy while offering limited benefits. CHOICE senior campaigns and policy advisor Rafi Alam said: "We know the Australian community has been shocked and angered by the use of facial recognition technology in a number of settings, including sporting and concert venues, pubs and clubs, and big retailers like Bunnings. We hope that today's decision from the Information Commissioner will put businesses on notice when it comes to how they're using facial recognition." "While the decision from the OAIC is a strong step in the right direction, there is still more to be done. Australia's current privacy laws are confusing, outdated and difficult to enforce. CHOICE first raised the alarm on Bunnings' use of facial recognition technology over two years ago, and in the time it took to reach today's determination the technology has only grown in use." Balancing Privacy and 'Justifiable' Security “Just because a technology is available doesn’t mean its use is justifiable,” Kind said, urging organizations to prioritize community expectations and regulatory compliance. The ruling sends a strong message to businesses that the deployment of surveillance technologies must be proportional to their intended purpose and that privacy considerations cannot be sidelined. Schneider, however, remained steadfast in his stance. "FRT (facial recognition technology) was an important tool for helping to keep our team members and customers safe from repeat offenders. Safety of our team, customers and visitors is not an issue justified by numbers. We believe that in the context of the privacy laws, if we protect even one person from injury or trauma in our stores the use of FRT has been justifiable," he said. Regulatory Implications The ruling not only penalizes Bunnings but also sets a precedent for how businesses must approach privacy in the digital age. Organizations using emerging technologies must ensure transparency, accountability, and alignment with privacy laws. As part of the penalty, Bunnings is required to educate customers on their rights and explain how the breach occurred. This decision shows the importance of proactive privacy measures in an era of increasing reliance on advanced surveillance tools. While Bunnings has announced plans to seek a review of the decision, the case shows the tension between technological advancements and ethical considerations. It raises critical questions about where to draw the line between security measures and the fundamental right to privacy. With the OAIC publishing new guidelines, businesses must rethink their reliance on surveillance technologies and evaluate the broader implications for customer trust and regulatory compliance. This decision serves as a stark reminder: the path to safeguarding security cannot come at the cost of undermining public confidence in privacy protections.

image for AI Startup Founder I ...

 Startups

The promise of artificial intelligence in education offered by a startup company founded at Harvard was apparently misused for personal gains, which eventually led to millions in investor fraud losses. Federal authorities arrested Joanna Smith-Griffin, founder and chief executive of AllHere Education, Inc., an   show more ...

AI-driven edtech startup. She has been charged with securities fraud, wire fraud, and identity theft. Allegations include inflating the company’s financial health to secure investments, deceiving stakeholders, and misusing funds for personal gain. Misrepresentation and Deception Led to Investor Fraud Founded at Harvard, AllHere aimed to use AI to improve student attendance and engagement in K-12 schools. Prosecutors allege that Smith-Griffin misled investors during the company’s Series A funding round in late 2020. She claimed the company had generated $3.7 million in revenue that year and secured partnerships with major school districts like the NYC Department of Education and Atlanta Public Schools. In reality, the indictment reveals, AllHere only earned $11,000 in 2020, held $494,000 in cash, and had no contracts with the school districts cited. These false claims helped Smith-Griffin secure nearly $10 million in investments between 2020 and 2024. Fraudulent Financial Documents When discrepancies between actual and reported financials emerged, Smith-Griffin allegedly doubled down on her scheme. Prosecutors accuse her of creating a fake email account for AllHere’s financial consultant, using it to distribute fraudulent financial documents to investors. One investor narrowly avoided additional losses after uncovering inconsistencies during a review of the company’s records. By this point, Smith-Griffin had already sought $35 million in private equity funding, though the deal fell through. Personal Gains Amid Bankruptcy As the company unraveled, Smith-Griffin reportedly used investor funds for personal expenses, including a down payment on a North Carolina home and her wedding. AllHere ultimately declared Chapter 7 bankruptcy, resulting in the loss of all jobs within the company and the appointment of a court-ordered bankruptcy trustee to manage its remaining assets. Federal officials said suggested broader implications of the alleged fraud. “Her actions affected the potential for improved learning environments in major school districts, prioritizing personal expenses over public benefit,” said FBI Assistant Director James Dennehy. The collapse of AllHere shows the risks of unchecked claims in tech startups, particularly those in emerging fields like AI. Fraudulent activity not only jeopardizes investor trust but also impacts communities relying on promised innovations. Smith-Griffin faces severe penalties if convicted. Charges include securities fraud and wire fraud, each carrying a maximum 20-year prison sentence, as well as aggravated identity theft, which mandates a two-year minimum sentence. Also read: OpenAI Announces Safety and Security Committee Amid New AI Model Development

image for Kaspersky Password M ...

 Products

Were always working to ensure our products and solutions remain top-tier — both in our own view and in the eyes of independent researchers. We take a comprehensive approach to this, adding new features, combating emerging malware, simplifying migration, and continually enhancing user experience. Today, were excited   show more ...

to introduce a major update to Kaspersky Password Manager for mobile devices. This update will roll out across all app stores throughout November 2024. Were confident this refresh will make storing and managing passwords, two-factor authentication codes, and encrypted documents even easier. In this article, well cover advanced filtering, search functionality, synchronization, and more. Highlights The mobile version of our password manager is celebrating its 10th  anniversary this year (while the desktop version turns 15), and in those 10 years weve managed to consolidate all the best features into a single app. In recent years, weve been conducting extensive Kaspersky Password Manager user-behavior research and, based on the findings, weve completely revamped the navigation in our mobile app. Whats new: The side menu has been replaced with a navigation bar at the bottom of the screen. The products core features are now organized into sections. Weve created a dedicated section for the in-app search, and improved the search scenarios. Managing favorite entries is now more convenient; theyre now pinned at the top of the list. Weve added a Sync button and placed it in a prominent location. The password generator, import, and security-check features have been grouped into a separate Tools section. These changes are available to all Kaspersky Password Manager users on both Android (app version 9.2.106 and later) and iOS (app version 9.2.92 and later). Navigation bar All core Kaspersky Password Manager functions are now accessible through the navigation bar at the bottom of the screen. Updated home screen of Kaspersky Password Manager for iOS (left) and Android (right) Lets look at each element of the new bar from left to right. All Entries. This is the main menu – the heart of our password manager.  Subscription. Here, you can view your current subscription, including the expiry date and provider. If you dont have a subscription, you can create or log in to a My Kaspersky account to activate or purchase one. Tools. Here, youll find the Password Generator, Password Check, and Import Passwords tools. The names speak for themselves. With a single click, you can create strong, unique passwords, check your existing passwords for uniqueness, strength, security, and compromise in data breaches, and import passwords from built-in browser password managers and similar products into our secure vault. Search. If youre an active internet user and have dozens or even hundreds of unique passwords for different accounts saved in Kaspersky Password Manager, simply click on the magnifying glass icon and type just a few characters to quickly find the entry you need. Settings. This is where you can enable notifications, change your primary password, configure auto-lock and login methods, choose sorting options, access help resources, check the app version, and log out of your account. New filtering Lets dive a little deeper. Another additional feature is the option to select entry categories within a section. Now, clicking All Entries opens a dropdown menu with these categories: websites, apps, other, bank cards, documents, addresses, notes, authenticator, and folders (you can create new folders as needed). New entry category display in Kaspersky Password Manager for iOS (left) and Android (right) Other additions In the top right corner, youll notice a new Sync icon – replacing the Search button, which now resides in the navigation bar. Clicking this new icon displays the current synchronization status of your entries between your cloud storage and devices. If everything is in order, and your smartphone is connected to the internet and operating normally, youll see All data is synced with the date and time of the last sync. To refresh the data manually, click Sync. The Search function has not only gotten its own tab in the navigation bar, but now also remembers your last search within the current session. For example, lets say you were searching for your virtual card details while shopping, then switched to the All Entries menu, checked the settings and sync status, and then returned to Search. Your query and results will remain, despite your little wander through Kaspersky Password Manager. However, if you restart the app or clear the search, youll have to enter the query again. Important note for Kaspersky Password Manager users on iOS 18. Due to Apples policies, the default source for auto-filling passwords and logins in iOS 18 is Apples built-in Passwords app, not Kaspersky Password Manager. This is easy to fix: After updating to iOS 18, you need to launch Apples Passwords app at least once. This will activate the AutoFill & Passwords section in your device settings. Go to AutoFill & Passwords in the device settings. Select Kaspersky Password Manager as the preferred password auto-filling source. In the Set Up Codes In section, select Kaspersky Password Manager. Everything is now set for secure password management. On Android devices, when you first launch the password manager, enable autofill permissions. Simply follow the in-app instructions to do so.

 China

Data privacy experts, advocates and a former FTC commissioner said a new Trump administration and Republican-led Congress could treat data privacy issues seriously. But some remain worried given Trump’s industry friendly bent.

 Feed

Ubuntu Security Notice 7116-1 - It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated.

 Feed

Ubuntu Security Notice 7015-5 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that the Python email   show more ...

module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.

 Feed

Ubuntu Security Notice 7114-1 - It was discovered that Glib incorrectly handled certain trailing characters. An attacker could possibly use this issue to cause a crash or other undefined behavior.

 Feed

Ubuntu Security Notice 7104-1 - It was discovered that curl could overwrite the HSTS expiry of the parent domain with the subdomain's HSTS entry. This could lead to curl switching back to insecure HTTP earlier than otherwise intended, resulting in information exposure.

 Feed

Ubuntu Security Notice 7113-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

 Feed

U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information. The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone communications of "high-value intelligence targets." It's not clear what information was taken, if any,

 Feed

Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog. It was

 Feed

Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News. "Given the recent development of ransomware targeting ESX, it appears that the group

 Feed

The malware known as Ngioweb has been used to fuel a notorious residential proxy service called NSOCKS, as well as by other services such as VN5Socks and Shopsocks5, new findings from Lumen Technologies reveal. "At least 80% of NSOCKS bots in our telemetry originate from the Ngioweb botnet, mainly utilizing small office/home office (SOHO) routers and IoT devices," the Black Lotus Labs team at

 Feed

Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools. The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report shared with The

 Feed

Privileged accounts are well-known gateways for potential security threats. However, many organizations focus solely on managing privileged access—rather than securing the accounts and users entrusted with it. This emphasis is perhaps due to the persistent challenges of Privileged Access Management (PAM) deployments. Yet, as the threat landscape evolves, so must organizational priorities. To

 AI

In episode 25 of The AI Fix, humanity creates a satellite called Skynet and then loses it, Graham folds proteins in the comfort of his living room, a Florida man gets a robot dog, Grok rats on its own boss, and a podcast host discovers Brazil nuts. Graham meets an elderly grandmother who's taking on the AI   show more ...

scammers, our hosts learn why Google is listening to phone calls, and Mark looks at how OpenAI and Anthropic are preparing to prevent “large scale devastation” by their own AIs. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

 Breaking News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada Recently disclosed VMware vCenter Server bugs are actively exploited in attacks – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Foreign adversary hacked email communications of the Library of   show more ...

Congress says – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada T-Mobile is one of the victims of the massive Chinese breach of   show more ...

telecom firms – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Increased GDPR Enforcement Highlights the Need for Data Security   show more ...

– Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Critical Really Simple Security plugin flaw impacts 4M+   show more ...

WordPress sites – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada WhatsApp: NSO Group Operates Pegasus Spyware for Customers – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Security Industry Association Announces SIA RISE Scholarship   show more ...

Awardees – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 About-Face

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada AI About-Face: ‘Mantis’ Turns LLM Attackers Into   show more ...

Prey – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.darkreading.com – Author: PRESS RELEASE NEW YORK, Nov. 14, 2024 /PRNewswire/ — Kyndryl (NYSE: KD), the world’s largest IT infrastructure services provider, today introduced a new suite of services, co-developed with Microsoft, to enhance cyber resilience for businesses globally.   show more ...

Kyndryl and Microsoft have built upon their successful, long-standing partnership to develop differentiated, scalable security and resiliency services. The new services […] La entrada Kyndryl & Microsoft Unveil New Services to Advance Cyber Resilience for Customers – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.darkreading.com – Author: PRESS RELEASE CAMBRIDGE, Mass., Nov. 7, 2024 /PRNewswire/ — Akamai Technologies, Inc. (NASDAQ: AKAM), the cybersecurity and cloud computing company that powers and protects business online, today reported financial results for the third quarter ended September 30,   show more ...

2024. “Akamai delivered another solid quarter, highlighted by continued momentum in security and cloud computing. Together, these solutions […] La entrada Akamai Reports Third Quarter 2024 Financial Results – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Swiss Cyber Agency Warns of QR Code Malware in Mail Scam –   show more ...

Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 ClickFix

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada ‘ClickFix’ Cyber-Attacks for Malware Deployment on the Rise   show more ...

– Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.hackerone.com – Author: johnk. Besides being the world’s most popular way to buy and sell bitcoin, ethereum, and litecoin, Coinbase is a trailblazer in hacker-powered security. They started their bug bounty program way back in 2012, moved onto the HackerOne Platform in early 2014, and paid out more   show more ...

than $175,000 in bounties in the […] La entrada XOXO: We Love Coinbase for Loving Bug Bounties – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada US Government Agencies Impersonated in Aggressive DocuSign   show more ...

Phishing Scams – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada Join in the festive cybersecurity fun – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 added

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada iOS 18 added secret and smart security feature that reboots   show more ...

iThings after three days – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Actively

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Ford ‘actively investigating’ after employee data   show more ...

allegedly parked on leak site – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Critical 9.8-rated VMware vCenter RCE bug exploited after patch   show more ...

fumble – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada T-Mobile US ‘monitoring’ China’s   show more ...

‘industry-wide attack’ amid fresh security breach fears – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Sweden’s ‘Doomsday Prep for Dummies’ guide   show more ...

hits mailboxes today – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Deepen your knowledge of Linux security – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Entrust, Jumio, Sumsub Lead Identity Verification Gartner MQ   show more ...

– Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada WordPress Plug-In Vulnerability Threatens 4 Million Sites – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Report: Over 100M Americans Rely on Vulnerable Water Systems   show more ...

– Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Navigating SaaS Security Risks: Key Strategies and Solutions – Source:levelblue.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Middle East Cybersecurity in 2024: From Zero-Day Exploits to   show more ...

Supply Chain Attacks  – Source:cyble.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Russian Man Extradited to US, Face Charges in Phobos Ransomware   show more ...

Operation – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Enhancing Traveler Data Security: Best Practices for Managing   show more ...

Sensitive Info – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Critical Windows Kerberos Flaw Exposes Millions of Servers to Attack – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Access Management

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Application Allowlisting: Definition, Challenges & Best   show more ...

Practices – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-11
Aggregator history
Tuesday, November 19
FRI
SAT
SUN
MON
TUE
WED
THU
NovemberDecemberJanuary