Sensitive Data

Vulnerabilities

Issued by: DataBreach Today

Vulnerabilities in internet-connected temperature monitoring devices mainly used in hospitals, and their accompanying desktop application, could allow hackers to gain administrator privileges to the technology. Researchers at Nozomi Networks uncovered four vulnerabilities in Sensor Net Connect and three flaws in the Thermoscan IP desktop application, both made by a division of French firm Proges Plus….

Malware & Threats

Issued by: Dark Reading

Blackbaud, a South Carolina-based software company, has been ordered by the California Attorney General’s Office to pay $6.75 million to settle a ransomware attack that took place in May 2020. The attack occurred due to poor security practices, the AG’s office said. After Blackbaud revealed that the threat actors compromised unencrypted Social Security numbers, bank…

Malware & Threats

Issued by: Dark Reading

“One of the most dangerous financial criminal groups” — and growing in sophistication. That is Microsoft’s assessment of the 0ktapus cyberattack collective, which was most recently in the news for carrying out the strikingly disruptive MGM and Caesars Entertainment ransomware hits. The English-speaking group (aka Scatter Swine, UNC3944 or, as Microsoft calls it, “Octo Tempest”)…

Software Security

Issued by: Dark Reading

Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn’t in place for the service. In a recent…

Mobile Security

Issued by: Dark Reading

A version of the Shein shopping application in the Google Play store with more than 100 million downloads was unnecessarily accessing Android-device clipboard contents, creating a potential security threat, according to Microsoft. The software giant said in a blog post from Microsoft Threat Intelligence that it asked Shein to remove the feature from its Android…

News

Issued by: DataBreach Today

Hackers earlier this month maliciously encrypted a system belonging to the U.S. Marshals Service, compromising and exfiltrating sensitive data law enforcement data. Department of Justice officials classify the attack as a “major incident,” said NBC, which broke news of the attack. Exposed data include returns from legal process, administrative information and personal identifiable information pertaining…

Network Security

Issued by: Malwarebytes

It seems like not a day goes by where we don’t hear about a local government cyberattack. Indeed, from 911 call centers to public schools, cyberattacks on local governments are as common as they are devastating. Just how often do threat actors attack local governments? A survey of 14 mainly larger US local governments found…

Cloud Security

Issued by: Security Week

Referred to as #AttachMe and mentioned in Oracle’s July 2022 Critical Patch Update, the vulnerability could have exposed sensitive data to attackers knowing the victim’s Oracle Cloud Identifier (OCID). “OCI customers could have been targeted by an attacker with knowledge of #AttachMe. Any unattached storage volume, or attached storage volumes allowing multi-attachment, could have been…

Vulnerabilities

Issued by: Dark Reading

Titaniam, Inc., the industry’s most advanced data security platform, announced today the ‘State of Data Exfiltration & Extortion Report.’ The survey revealed that while over 70% of organizations have an existing set of prevention, detection, and backup solutions, nearly 40% of organizations have been hit with ransomware attacks in the last year, and more than…

Software Security

Issued by: Security Week

Designed to harvest real-time metrics from various endpoints, Prometheus enables organizations to keep a close eye on systems’ state, network usage, and the like. Close to 800 cloud-native platforms, including Slack and Uber, leverage the solution. In January 2021, Prometheus added support for Transport Layer Security (TLS) and basic authentication, to prevent access to the…