Category: AI in news
Action1’s expertise in patch management aligns well with CrowdStrike’s current need to enhance its update mechanisms. By integrating Action1’s technology into its platform, CrowdStrike could significantly improve the testing and deployment of updates, something it faced widespread criticism for in the months following the Falcon goof-up. Implications for customers The $1 billion valuation is a…
Read More
Aug 09, 2024Ravie LakshmananNational Security / Identity Theft The U.S. Department of Justice (DoJ) on Thursday charged a 38-year-old individual from Nashville, Tennessee, for allegedly running a “laptop farm” to help get North Koreans remote jobs with American and British companies. Matthew Isaac Knoot is charged with conspiracy to cause damage to protected computers, conspiracy…
Read More
Aug 09, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data. The agency said it has seen adversaries “acquire system configuration files by leveraging available protocols or software on devices,…
Read More
The issue’s impact depends on what the vulnerable service stores in the bucket. With CloudFormation, an infrastructure-as-code tool, templates that are then used to automatically deploy infrastructure stacks as defined by the user are what is stored. These templates can contain sensitive information, such as environment variables, credentials, and more. But it gets worse: An…
Read More
The report also found that, for enterprises, the most-often attacked vertical was healthcare/pharmaceuticals, displacing the insurance vertical which had held the top spot for the last two years. Energy/utilities came in third, a slot it has held for the last three years, the KnowBe4 report said. Other often-attacked verticals were banking, consulting, financial services, and…
Read More
Aug 08, 2024Ravie LakshmananCyber Attack / Cyber Espionage The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error…
Read More
According to the FBI, billions of dollars have been lost through Business Email Compromise (BEC) attacks in recent years, so you may well think that there is little in the way of good news. However, it has been revealed this week that police managed to recover more than US $40 million snatched in a recent…
Read More
Aug 08, 2024Ravie LakshmananVulnerability / Browser Security Cybersecurity researchers have discovered a new “0.0.0.0 Day” impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability “exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local…
Read More
Moreover, such attacks could disrupt operations by compromising critical infrastructure, leading to downtime and financial losses. Industries with stringent compliance requirements, such as financial services, healthcare, and the public sector, are particularly vulnerable. A successful downgrade attack in these sectors could result in regulatory penalties and significant damage to an organization’s reputation and customer trust.”…
Read More
The DPC also plans to refer the matter to the European Data Protection Board. Kaur noted that X, already with a history of GDPR non-compliance, now faces heightened pressure to improve data protection practices, enhance transparency, and restore user trust, particularly in Europe. The DPC’s actions also underscore a broader trend of stringent data protection…
Read More