Author: nlqip
The kingpin of the LockBit ransomware is named and sanctioned, a cybersecurity consultant is charged with a $1.5 million extortion, and a romance fraudster defrauded women he met on Tinder of £80,000. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and…
Read More
Ascension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a “cyber security event.” As a major U.S. nonprofit health system, Ascension operates 140 hospitals and 40 senior care facilities across 19 states and the District of Columbia. It also…
Read More
Image: Georgia Institute of Technology Tech Tower (RobRainer) The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks. USG is a state government agency that operates 26 public colleges and universities in Georgia with over 340,000 students. The Clop ransomware gang leveraged a zero-day vulnerability in Progress…
Read More
‘Our goal is to essentially get in front of every single one of those customers and convert them all, make them all love of us over time,’ says Kaseya CMO Mike Sanders. Mike Sanders believes that Kaseya’s new Kaseya 365 offering is “disruptively priced and gives MSPs that utilize it a competitive advantage is important.”…
Read More
“The initial vector is a SQL Injection in the login form,” Vlad Babkin, the Eclypsium security researcher who found the flaw, told CSO. “Theoretically it should be possible to bypass the login, but we felt our proof of exploitability was sufficient to diagnose the vulnerability.” Weak hashes contributed to vulnerability In theory cryptographic hashes should…
Read More
That has upset a noisy element among the government’s own MPs, many of whom see China as a major threat to UK security and would prefer it if the government were more explicit about this. In March, China was blamed for a cyber-campaign targeting MPs. Not long after, two Parliamentary aides were charged with spying…
Read More
A recent partnership announcement between OpenAI and Stack Overflow has some members concerned that their data is being used without permission and will only lead to inaccurate information being created by LLMs. The partnership was announced on Monday, with OpenAI getting access to Stack Overflow’s API and feedback from developers and StackCommerce getting links in ChatGPT back to its source material and…
Read More
F5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create hidden rogue accounts on any managed assets. Next Central Manager allows administrators to control on-premises or cloud BIG-IP Next instances and services via a unified management user interface. The flaws are an SQL injection vulnerability…
Read More
“Among other things, traffic should be appropriately encrypted prior to even entering a VPN. All technology has vulnerabilities. The mere fact that a tool has a particular vulnerability doesn’t mean it can’t be helpful in a robust defense in depth strategy.” Noah Beddome, Leviathan’s CISO in residence, said that CISOs need to remember the origin…
Read More
‘Money is moving away from commodity and old tech to advanced cloud technologies and platforms and generative AI. In fact, I’m talking to many companies now that are pulling money from their R&D budget to put it into the GenAI line item so they can get this going. Think about this: 80 percent of the…
Read More