Cybersecurity and Security - Information Management Today

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Security Affairs

OCTOBER 28, 2024

A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. Each company brings its own security (or lack thereof) into the game, so your overall security status is essentially the average of yours, plus anyone else’s to whom you’re connected (i.e.,

B2B

B2B Cybersecurity Risk Access

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Security Affairs

JANUARY 4, 2025

Treasury Department sanctioned Chinese cybersecurity firm Integrity Tech for its involvement in attacks attributed to the Flax Typhoon group. Treasury sanctioned a Chinese cybersecurity firm, Integrity Tech, for links to cyberattacks by Chinas state-backed Flax Typhoon APT group (also called Ethereal Panda or RedJuliett).

Cybersecurity

Cybersecurity IoT Risk IT

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

DECEMBER 5, 2024

SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and the effectiveness of organizational defenses. Security Operations Center (SOC) analyst burnout is a very real problem. What we do know, however, is that effective cybersecurity relies on these analysts being happy and healthy.

Cybersecurity

Cybersecurity Artificial Intelligence Risk Data collection

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

From Risk Assessment to Action: Improving Your DLP Response

Security Affairs

OCTOBER 25, 2024

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. Data loss prevention (DLP) is a cornerstone of any effective cybersecurity strategy. Protecting sensitive data is what cybersecurity is all about. Why Conduct a DLP Risk Assessment?

Risk

Risk Cybersecurity Cloud Compliance

Zero Trust Mandate: The Realities, Requirements and Roadmap

and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines. Join us and learn how to better advise your agency clients on strategy, architect Zero Trust solutions, and win more cybersecurity business!

Cybersecurity

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Raising security baselines across industries is essential, with risk mitigationnot acceptancebecoming the standard. Salzman Shirley Slazman , CEO, SeeMetrics In 2025, organizations will recognize that adding more tools doesnt equate to better security. Alkove Jim Alkove , CEO, Oleria Identity is cybersecurity’s biggest challenge.

Security

Security Phishing IoT Risk

Global Cybersecurity Agencies Release OT Security Guidelines

Data Breach Today

OCTOBER 3, 2024

Principles to Ensure Critical Infrastructure's Operational Technology Security Don't pull data from an operational technology network: OT networks should push data out. Don't introduce cybersecurity systems into an OT network unless administrators can guarantee they won't hinder a restart after a complete loss of electricity.

Cybersecurity

Cybersecurity Security

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security. Warn “Small businesses face a unique set of cybersecurity challenges and threats and must be especially proactive with cybersecurity training,” said Dara Warn, CEO of INE Security. “At Cary, NC, Oct.

Security

Security Data breaches Passwords Cybersecurity

BlackLock Ransomware Targeted by Cybersecurity Firm

Security Affairs

MARCH 26, 2025

Cybersecurity experts were able to exploit misconfiguration in vulnerable web-app used by ransomware operators to publish victims data – leading to clearnet IP addresses disclosure related to their network infrastructure behind TOR hidden services (hosting them) and additional service information acquired from server-side.

Ransomware

Ransomware Cybersecurity Government IT

Bringing the Cybersecurity Imperative Into Focus

This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Tech leaders today are facing shrinking budgets and investment concerns. Download today to learn more!

Cybersecurity

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Security Affairs

DECEMBER 3, 2024

Securities and Exchange Commission (SEC), the company discovered the attack on November 25. The investigation into the security breach is still ongoing and the company is remediating the incident with the help of external cybersecurity specialists. million year-to-date. According to the FORM 8-K report filed with the U.S.

Ransomware

Ransomware Encryption Cybersecurity Access

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Security Affairs

NOVEMBER 8, 2024

The cybersecurity company has no further details on the vulnerability and said has yet to detect active exploitation. ” Palo Alto Networks recommends reviewing best practices for securing management access to its devices. The company currently believes Prisma Access and cloud NGFW are unaffected by this potential vulnerability.

Authentication

Authentication Cybersecurity Access Communications

Artificial intelligence (AI) as an Enabler for Enhanced Data Security

Security Affairs

FEBRUARY 11, 2025

Artificial intelligence enhances data security by identifying risks and protecting sensitive cloud data, helping organizations stay ahead of evolving threats. With over 90% of enterprises storing at least some of their data in the cloud, AIs ability to enhance security across complex, distributed environments is more vital than ever.

Artificial Intelligence

Artificial Intelligence Security Unstructured data Cloud

South African telecom provider Cell C disclosed a data breach following a cyberattack

Security Affairs

APRIL 13, 2025

“Cell C is aware that data compromised in the recent cybersecurity incident has been unlawfully disclosed by RansomHouse, the threat actor claiming responsibility.” ” Cell C has taken swift action to contain a recent cyberattack, secure its systems, and limit the impact. . ” states the company.

Data breaches

Data breaches Unstructured data Ransomware Cybersecurity

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Today’s technology leaders play a more strategic role in establishing cybersecurity strategy for their organizations. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?” Register today! November 14th, 2023 at 9:30am PST, 12:30pm EST, 5:30pm GMT

Cybersecurity

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Security Affairs

NOVEMBER 16, 2024

The cybersecurity company had no further details on the vulnerability and was not aware of the active exploitation of the flaw. Palo Alto Networks recommended reviewing best practices for securing management access to its devices. Base Score: 9.3) 173.239.218[.]251 251 216.73.162[.]* In this scenario, the CVSS score drops to 7.5

Cybersecurity

Cybersecurity Access Communications Security

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Veeam Backup and Replication vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8) reads the advisory.

IT

IT Ransomware Authentication Cybersecurity

GUEST ESSAY: The promise and pitfalls of using augmented reality– ‘AR’ — in cybersecurity

The Last Watchdog

NOVEMBER 11, 2024

Related: Is the Metaverse truly secure? However, before we get too carried away, it is crucial to explore the symbiotic relationship between AR and cybersecurity. Are there any applications of augmented reality in cybersecurity? Foremost among these are privacy and security concerns.

Cybersecurity

Cybersecurity Phishing Risk Privacy

Oracle privately notifies Cloud data breach to customers

Security Affairs

APRIL 6, 2025

Oracle confirms a cloud data breach, quietly informing customers while downplaying the impact of the security breach. The incident has raised serious concerns about the security of Oracles cloud infrastructure and the potential implications for affected customers. Oracle Classic has the security incident. “Oracle Corp.

Data breaches

Data breaches Cloud Encryption Communications

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

And despite your SaaS adoption offering many positives, there is now an exponential increase in IT, security, and business complexity. By focusing on SaaS security posture management, your team can finally accomplish the following: Discover both known and unknown SaaS apps.

Security

DOGE Now Has Access to the Top US Cybersecurity Agency

WIRED Threat Level

FEBRUARY 19, 2025

DOGE technologists Edward Coristinethe 19-year-old known online as Big Ballsand Kyle Schutt are now listed as staff at the Cybersecurity and Infrastructure Security Agency.

Cybersecurity

Cybersecurity Access Security

Top US Election Security Watchdog Forced to Stop Election Security Work

WIRED Threat Level

FEBRUARY 14, 2025

The US Cybersecurity and Infrastructure Security Agency has frozen efforts to aid states in securing elections, according to an internal memo viewed by WIRED.

Security

Security Cybersecurity

Career Advice: Cybersecurity Means Business

Data Breach Today

OCTOBER 30, 2024

Understanding the Impact of Security on the Business Makes You More Effective With cybersecurity now embedded across all industries and functions, the importance of aligning security measures with business objectives has never been greater.

Cybersecurity

Cybersecurity Security IT

Texas oilfield supplier Newpark Resources suffered a ransomware attack

Security Affairs

NOVEMBER 8, 2024

The company immediately activated its cybersecurity response plan and launched an investigation into the incident with the help of external experts. Upon detection, the Company activated its cybersecurity response plan and launched an investigation internally with the support of external advisors to assess and to contain the threat.”

Ransomware

Ransomware Manufacturing Cybersecurity Access

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device.

Passwords

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds. The four companies agreed to stop future violations, pay penalties, and improve cybersecurity controls without admitting guilt.

Cybersecurity

Cybersecurity Risk Access Government

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog.

IT

IT Cybersecurity Encryption Cloud

Cybersecurity giant Fortinet discloses a data breach

Security Affairs

SEPTEMBER 12, 2024

The threat actor taunted the company, doubting its capabilities even after the acquisition of firms specializing in cloud security and data loss prevention. They’ve also acquired Lacework, a cloud security company. “Fortinet has recently acquired Next DLP. FYI, DLP is Data Loss Prevention. Guess what?

Data breaches

Data breaches Cybersecurity Cloud Access

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

From the push for quantum-resilient cryptography to Software Bill of Material (SBOM ) requirements aimed at bolstering supply chain security, this installment examines the regulatory changes and evolving technical standards poised to reshape compliance expectations. EU AI Act) demand proactive adaptation.

Compliance

Compliance Cybersecurity Risk Privacy

The Ultimate Guide to Hardening Windows Servers

With cyber threats increasing, and businesses becoming more vulnerable, the need to invest in the right cybersecurity solutions has never been more important. How to secure your IT Infrastructure to help protect your business from cyberattacks.

Cybersecurity

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 7, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog. CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. The researcher Brian Hysell reported the flaw to the security vendor.

IT

IT Authentication Cybersecurity Risk

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Security Affairs

FEBRUARY 27, 2025

Belgian authorities are investigating Chinese hackers for breaching its State Security Service (VSSE), stealing 10% of emails from 2021 to May 2023. The Belgian federal prosecutor’s office is probing a possible security breach on its State Security Service (VSSE) by China-linked threat actors. ” reported Reuters.

Security

Security Access Government Cybersecurity

China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March

Security Affairs

APRIL 3, 2025

Ivanti addressed a critical remote code execution flaw in Connect Secure, which has been exploited since at least mid-March 2025. Ivanti released security updates to address a critical Connect Secure remote code execution vulnerability tracked as CVE-2025-22457. The flaw impacts Ivanti Connect Secure (version 22.7R2.5

Security

Security Cybersecurity IT Information Security

American Water Shuts Down Services After Cybersecurity Breach

eSecurity Planet

OCTOBER 15, 2024

The American Water cyber breach has sparked conversations about the importance of cybersecurity in safeguarding essential services and the growing frequency of cyber threats targeting public utilities. While necessary for security reasons, this pause led to customer confusion and concerns about how they would manage their water payments.

Cybersecurity

Cybersecurity Phishing Encryption Access

Hacker Poses as Israeli Security Vendor to Deliver Wiper

Data Breach Today

OCTOBER 18, 2024

Phishing Emails Impersonating Eset Target Cybersecurity Professionals With Malware Cybercriminals posing as a top security firm in Israel have launched wiper attacks on local cybersecurity professionals after bypassing significant security measures, according to recent reports.

Security

Security Phishing Cybersecurity IT

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

Russia-linked cyber espionage group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ) target vulnerable Zimbra and JetBrains TeamCity servers as part of a mass scale campaign, U.S. cyber agencies warned.

Data collection

Data collection Authentication Access Cybersecurity

U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 31, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Smart Licensing Utility vulnerability, tracked as CVE-2024-20439 , to its Known Exploited Vulnerabilities (KEV) catalog.

IT

IT Cybersecurity Access Passwords

The rising cybersecurity crisis in healthcare: Are you prepared?

OpenText Information Management

MARCH 24, 2025

Why healthcare organizations care about cybersecurity? Key cybersecurity challenges facing healthcare organizations: Ransomware attacks & data breaches Cybercriminals are deploying sophisticated attacks that encrypt data, disrupt services, and demand exorbitant ransoms. Cyberattacks are no longer just an IT issue.

Cybersecurity

Cybersecurity Data breaches Ransomware Compliance

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Security and Exchange Commission (SEC) recently laid down the hammer charging and fining four prominent cybersecurity vendors for making misleading claims in connection with the SolarWinds hack. So, we should allow leaders to speak more publicly and ask for more security resources.

Cybersecurity

Cybersecurity Risk Government Compliance

Amazon discloses employee data breach after May 2023 MOVEit attacks

Security Affairs

NOVEMBER 11, 2024

Exposed data did not include Social Security numbers or financial information. Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon.

Data breaches

Data breaches Ransomware Cybersecurity Security

Government contractor Conduent disclosed a data breach

Security Affairs

APRIL 16, 2025

The business services provider Conduent told the SEC a January cyberattack exposed personal data, including names and Social Security numbers. The business services provider Conduent revealed that personal information, including names and Social Security numbers, was stolen in a January cyberattack.

Data breaches

Data breaches Government Business Services Personal data

Hackers stole OpenAI secrets in a 2023 security breach

Security Affairs

JULY 5, 2024

The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised. OpenAI suffered a security breach in 2023, the New York Times reported. Intelligence and cybersecurity experts have different opinions on AI development. technologies.”

Security

Security Artificial Intelligence Risk Access

A critical flaw in Kubernetes Image Builder could allow attackers to gain root access

Security Affairs

OCTOBER 17, 2024

“A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the image build process. ” The vulnerability was discovered by the cybersecurity researcher Nicolai Rybnikar Rybnikar Enterprises GmbH. ” reads the advisory. The flaw has been fixed in version 0.1.38.

Access

Access Passwords Cybersecurity Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 34

Security Affairs

FEBRUARY 23, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Military & Defense Sector: A Cybersecurity Disaster in the Making Analyzing ELF/Sshdinjector.A!

Security

Security Military Ransomware Cybersecurity

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Webinars

Trending Sources

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Webinars

From Risk Assessment to Action: Improving Your DLP Response

Zero Trust Mandate: The Realities, Requirements and Roadmap

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Global Cybersecurity Agencies Release OT Security Guidelines

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

BlackLock Ransomware Targeted by Cybersecurity Firm

Bringing the Cybersecurity Imperative Into Focus

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Artificial intelligence (AI) as an Enabler for Enhanced Data Security

South African telecom provider Cell C disclosed a data breach following a cyberattack

Software Composition Analysis: The New Armor for Your Cybersecurity

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

GUEST ESSAY: The promise and pitfalls of using augmented reality– ‘AR’ — in cybersecurity

Oracle privately notifies Cloud data breach to customers

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

DOGE Now Has Access to the Top US Cybersecurity Agency

Top US Election Security Watchdog Forced to Stop Election Security Work

Career Advice: Cybersecurity Means Business

Texas oilfield supplier Newpark Resources suffered a ransomware attack

Prevent Data Breaches With Zero-Trust Enterprise Password Management

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

Cybersecurity giant Fortinet discloses a data breach

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Ultimate Guide to Hardening Windows Servers

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March

American Water Shuts Down Services After Cybersecurity Breach

Hacker Poses as Israeli Security Vendor to Deliver Wiper

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog

The rising cybersecurity crisis in healthcare: Are you prepared?

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

Amazon discloses employee data breach after May 2023 MOVEit attacks

Government contractor Conduent disclosed a data breach

Hackers stole OpenAI secrets in a 2023 security breach

A critical flaw in Kubernetes Image Builder could allow attackers to gain root access

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 34

Stay Connected