What’s happened? A new strain of the HardBit ransomware has emerged in the wild. It contains a protection mechanism in an attempt to prevent analysis from security researchers. HardBit? I think I’ve heard of that before. Quite possibly. HardBit first emerged in late 2022, and quickly made a name for itself as it attempted to…
Read More
Cloud networking standout Aviatrix hires Google Cloud’s director of Anthos and Google Kubernetes Enterprise as its new CTO. Cloud networking standout Aviatrix has hired former Google Kubernetes and VMware NSX all-star engineer Anirban Sengupta as its new CTO and senior vice president of engineering. Sengupta was previously Google Cloud’s senior director for Anthos and Google…
Read More
As the landscape of modern work changes, with its distributed teams and quickly evolving cloud-based technologies, maintaining access controls is an increasingly Sisyphean task. The process of achieving and maintaining IT compliance certifications is the perfect microcosm of this challenge: The work involved in identifying and designating assets as “in scope” for each regulation has…
Read More
MarineMax, self-described as the world’s largest recreational boat and yacht retailer, is notifying over 123,000 individuals whose personal information was stolen in a March security breach claimed by the Rhysida ransomware gang. The company operates over 130 locations, including 83 dealerships and 66 marinas and storage facilities worldwide. Last year, it reported $2.39 billion in revenue…
Read MoreMarineMax, self-described as the world’s largest recreational boat and yacht retailer, is notifying over 123,000 individuals whose personal information was stolen in a March security breach claimed by the Rhysida ransomware gang. The company operates over 130 locations, including 83 dealerships and 66 marinas and storage facilities worldwide. Last year, it reported $2.39 billion in revenue…
Read More
‘You want AI to understand the conditions of the data and to act according to the data they provide. So this creates a big opportunity for connecting existing data platforms into AI systems and serving them with all the permission sets and all that. That’s the premise of the data intelligence service that we are…
Read More
While blue teams defend, red teams attack. They share a common goal, however – help identify and address gaps in organizations’ defenses before these weaknesses can be exploited by malicious actors. The blue/red team exercises provide invaluable insights across the technical, procedural and human sides of security and can ultimately help organizations fend off actual…
Read More
“Most SaaS providers don’t provide multi-tenant data protection and choose to rely on data at rest encryption for all of their customers’ data,” Ho explained. “They have avoided this highly effective security control because of the overhead of implementing the code changes to encrypt data for each of their customers separately and the complexity of…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-081 DATE(S) ISSUED: 07/17/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…
Read More
The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a tool known to be used by ransomware groups like Black Basta. “AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground…
Read More