Month: April 2024
Surveillance by the New Microsoft Outlook App The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to:…
Read More
New research has found that ransomware remediation costs can explode when backups have been compromised by malicious hackers – with overall recovery costs eight times higher than for those whose backups are not impacted. Read more in my article on th Exponential-e blog. Source link lol
Read More
Who within my company is responsible for compliance? The GDPR defines several roles that are responsible for ensuring compliance: data controller, data processor, and the data protection officer (DPO). The data controller defines how personal data is processed and the purposes for which it is processed. The controller is also responsible for making sure that…
Read More
Does Your Business Have an Effective Data Security Policy? In today’s big data focused environment, a comprehensive information security policy is more important than ever. As well as dealing with increasing volumes of sensitive information, IT teams will need to manage data stored across a wide variety of systems, including cloud networks and personally-owned mobile…
Read More
VMware Tools is a component installed in VMware-based virtual machines in order to communicate with the host system and enable file and clipboard operations as well as shared folders and drivers. “Although the origin of the malicious code in vmtoolsd.exe in this incident is unknown, there have been documented infections wherein vulnerabilities in legitimate applications…
Read More
Apr 04, 2024NewsroomNetwork Security / Vulnerability Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of flaws is as follows – CVE-2024-21894 (CVSS score: 8.2) – A heap overflow vulnerability in the IPSec component of Ivanti…
Read More
Google says it is deleting the your Google Chrome Incognito private-browsing data that it should never have collected anyway. Can a zero-risk millionaire-making bot be trusted? And what countries are banned from buying your sensitive data? All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity…
Read More
According to the National Institute of Standards and Technology (NIST), cyber resilience is “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” Resilience focuses on reducing the consequences that could be caused by a cyber incident. The more resilient an…
Read More
The CSRB’s recommendations cover many areas, starting with implementing modern control mechanisms and baseline practices across digital identity and credential systems. The report also stresses the importance of establishing a minimum standard for default audit logging in cloud services. “CSPs should maintain sufficient forensics to detect exfiltration of those data, including logging all access to…
Read More
Welcome to this week’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. At Canary Trap, it is our mission to keep you up-to-date with the most crucial news in the world of cyber security and this bi-weekly publication is your gateway to the latest news. In this week’s edition of the roundup, we will…
Read More