Information Security and Security - Information Management Today

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures. These penalties apply to all aspects of GDPR compliance, including inadequate data security, improper consent, and data breach failures.

GDPR

GDPR Security Compliance Data Privacy

39M secrets exposed: GitHub rolls out new security tools

Security Affairs

APRIL 3, 2025

39 Million Secrets Leaked on GitHub in 2024 GitHub found 39M secrets leaked in 2024 and launched new tools to help developers and organizations secure sensitive data in code. The exposure of this sensitive information poses a serious risk to organizations, as malicious actors are ready to exploit it in attacks. .“Still,

Security

Security Risk Cloud Passwords

Artificial intelligence (AI) as an Enabler for Enhanced Data Security

Security Affairs

FEBRUARY 11, 2025

Artificial intelligence enhances data security by identifying risks and protecting sensitive cloud data, helping organizations stay ahead of evolving threats. With over 90% of enterprises storing at least some of their data in the cloud, AIs ability to enhance security across complex, distributed environments is more vital than ever.

Artificial Intelligence

Artificial Intelligence Security Unstructured data Cloud

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Why DSPM is Essential for Achieving Data Privacy in 2024

Security Affairs

OCTOBER 23, 2024

Data Security Posture Management (DSPM) helps organizations address evolving data security and privacy requirements by protecting and managing sensitive information. To add to the difficulty, the advent of Generative AI (GenAI) has brought unprecedented security and privacy risks. What is Data Security Posture Management?

Data Privacy

Data Privacy Privacy GDPR Compliance

Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools

Security Affairs

MARCH 24, 2025

Medusa ransomware uses a malicious Windows driver ABYSSWORKER to disable security tools, making detection and mitigation more difficult. Elastic Security Labs tracked a financially driven MEDUSA ransomware campaign using a HEARTCRYPT-packed loader and a revoked certificate-signed driver, ABYSSWORKER, to disable EDR tools.

Ransomware

Ransomware Security IT Access

Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites

Security Affairs

NOVEMBER 17, 2024

A Really Simple Security plugin flaw affects 4M+ sites, allowing attackers full admin access. Wordfence researchers warn of a vulnerability, tracked as CVE-2024-10924 (CVSS Score of 9.8), in the Really Simple Security plugin that affects 4M+ sites. It’s one of the most critical WordPress vulnerabilities ever.

Security

Security Authentication Access IT

China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March

Security Affairs

APRIL 3, 2025

Ivanti addressed a critical remote code execution flaw in Connect Secure, which has been exploited since at least mid-March 2025. Ivanti released security updates to address a critical Connect Secure remote code execution vulnerability tracked as CVE-2025-22457. The flaw impacts Ivanti Connect Secure (version 22.7R2.5

Security

Security Cybersecurity IT Information Security

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Security Affairs

FEBRUARY 27, 2025

Belgian authorities are investigating Chinese hackers for breaching its State Security Service (VSSE), stealing 10% of emails from 2021 to May 2023. The Belgian federal prosecutor’s office is probing a possible security breach on its State Security Service (VSSE) by China-linked threat actors. ” reported Reuters.

Security

Security Access Government Cybersecurity

Elon Musk's Federal Worker Email Sparks 'Security Nightmare'

Data Breach Today

FEBRUARY 25, 2025

Federal Agencies and Experts Alike Say Musk's Email Request Poses Security Threat The Department of Government Efficiency-led effort to assess whether millions of federal jobs are necessary through a bulleted list of weekly activities is causing a major security threat, in addition to mass confusion across the federal government, experts told Information (..)

Security

Security Government Information Security

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Security Affairs

NOVEMBER 12, 2024

Apple iOS supports a new feature that reboots locked devices after extended inactivity, aiming to enhance data security for users. Apple ‘quietly’ implemented a new security feature that automatically reboots a locked device if it has not been used for several days. at the end of October. reported 404 Media.

Encryption

Encryption Passwords Security Communications

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Security Affairs

OCTOBER 31, 2024

kzoldyck, the Threat Actor behind the alleged Interbank breach/leak posted the following on BreachForums [link] pic.twitter.com/A8SYASxmsT — Dark Web Informer (@DarkWebInformer) October 30, 2024 “We have identified that some data of a group of clients has been exposed by a third party without our authorization.

Data breaches

Data breaches Financial Services Passwords Security

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 30

Security Affairs

JANUARY 26, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Artificial Intelligence

Artificial Intelligence Security Ransomware Communications

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

DECEMBER 5, 2024

Security Operations Center (SOC) analyst burnout is a very real problem. The two key problems are: Alert Overload Modern security environments generate an extraordinary number of alerts. Gathering information from the huge number of sources inherent in modern IT environments is laborious, mundane, and mentally exhausting.

Cybersecurity

Cybersecurity Artificial Intelligence Risk Data collection

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Security Affairs

FEBRUARY 6, 2025

. “ At the international level, there has been collaboration with EUROPOL and the Homeland Security Investigations (HSI) of the USA.” ” The International Civil Aviation Organization (ICAO) is investigating a significant data breach that has raised concerns about the security of its systems and employees data.

Data breaches

Data breaches Information Security Government Access

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 33

Security Affairs

FEBRUARY 16, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Security

Security Data breaches Encryption Ransomware

Oracle privately notifies Cloud data breach to customers

Security Affairs

APRIL 6, 2025

Oracle confirms a cloud data breach, quietly informing customers while downplaying the impact of the security breach. Oracle confirms a data breach and started informing customers while downplaying the impact of the incident. Oracle Classic has the security incident. ” Beaumont wrote. Thats part of the wordplay.

Data breaches

Data breaches Cloud Encryption Communications

Google Pixel 9 supports new security features to mitigate baseband attacks

Security Affairs

OCTOBER 6, 2024

Google announced that its Pixel 9 has implemented new security features, and it supports measures to mitigate baseband attacks. Pixel phones are known for their strong security features, particularly in protecting the cellular baseband, which is the processor handling LTE, 4G, and 5G communications. ” concludes the announcement.

Security

Security Communications IT Access

Google fixed the first actively exploited Chrome zero-day since the start of the year

Security Affairs

MARCH 26, 2025

Google has released out-of-band fixes to address a high-severity security vulnerability, tracked as CVE-2025-2783 , in Chrome browser for Windows. Mojo is Googles IPC library for Chromium-based browsers, managing sandboxed processes for secure communication. The flaw was actively exploited in attacks targeting organizations in Russia.

Libraries

Libraries Communications Security IT

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

JANUARY 15, 2025

“Threat actor dubbedCodefingeruses compromised AWS keys to encrypt S3 bucket data via SSE-C, leveraging AWSs secure encryption infrastructure in a way that prevents recovery without their generated key.” We encourage all customers to follow security, identity, and compliance best practices.

Encryption

Encryption Ransomware Authentication Cloud

From Risk Assessment to Action: Improving Your DLP Response

Security Affairs

OCTOBER 25, 2024

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. They typically include an evaluation of data handling practices, security policies, and DLP solutions to identify and remediate any vulnerabilities that could result in a data breach.

Risk

Risk Cybersecurity Cloud Compliance

Security Affairs newsletter Round 512 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 23, 2025

Every week the best security articles from Security Affairs are free in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lazarus APT stole $1.5B

Security

Security CMS Phishing Encryption

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Security Affairs

NOVEMBER 8, 2024

.” Palo Alto Networks recommends reviewing best practices for securing management access to its devices. Cybersecurity and Infrastructure Security Agency (CISA) added a Palo Alto Expedition Missing Authentication Vulnerability, tracked as CVE-2024-5910 , to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication

Authentication Cybersecurity Access Communications

Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs

Security Affairs

AUGUST 14, 2024

Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 when including third-party bugs.

Security

Security IT Information Security

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 7, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog. CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. The researcher Brian Hysell reported the flaw to the security vendor.

IT

IT Authentication Cybersecurity Risk

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

” Immediately, the company launched an investigation, which is still ongoing, into the alleged security incident. ” reads the Reports of Security Incident published by the company. The networking giant doesn’t believe that its infrastructure was not compromised. for customers to use as needed.

Data breaches

Data breaches Access Cloud Security

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Veeam Backup and Replication vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8)

IT

IT Ransomware Authentication Cybersecurity

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

Over the years, multiple security experts have identified several vulnerabilities in MikroTik routers, such as a remote code execution vulnerability detailed by VulnCheck researchers here. The researchers found that the botnet comprises MikroTik routers with various firmware versions, including recent ones. ” concludes the report.

File names

File names Authentication Access Archiving

Malware campaign abused flawed Avast Anti-Rootkit driver

Security Affairs

NOVEMBER 25, 2024

Threat actors exploit an outdated Avast Anti-Rootkit driver to evade detection, disable security tools, and compromise the target systems. With the driver installed and running, the malware gains kernel-level access to the system, providing it with the ability to terminate critical security processes and take control of the system.”

Access

Access Security IT Information Security

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Security Affairs

NOVEMBER 16, 2024

Palo Alto Networks recommended reviewing best practices for securing management access to its devices. Restricting management interface access to specific IPs significantly reduces exploitation risk, requiring privileged access first. In this scenario, the CVSS score drops to 7.5 This week, the U.S.

Cybersecurity

Cybersecurity Access Communications Security

Authentication bypass CVE-2025-22230 impacts VMware Windows Tools

Security Affairs

MARCH 26, 2025

Broadcom released security updates to address a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230 (CVSS score 9.8), impacting VMware Tools for Windows. In early March, Broadcom released security updates to address three VMware zero-day vulnerabilities in ESX products that are actively exploited in the wild.

Authentication

Authentication Cloud Access Security

AMD fixed a flaw that allowed to load malicious microcode

Security Affairs

FEBRUARY 4, 2025

AMD released security patches to fix a flaw that could bypass SEV protection, letting attackers load malicious microcode. Researchers from Google disclosed an improper signature verification vulnerability, tracked asCVE-2024-56161 (CVSS score of 7.2), in AMD’s Secure Encrypted Virtualization (SEV).

Encryption

Encryption Security Access Information Security

Amazon discloses employee data breach after May 2023 MOVEit attacks

Security Affairs

NOVEMBER 11, 2024

Compromised data includes names, contact information, building locations, email addresses, and more. Exposed data did not include Social Security numbers or financial information. Amazon and AWS systems remain secure, and we have not experienced a security event.

Data breaches

Data breaches Ransomware Cybersecurity Security

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog.

IT

IT Cybersecurity Encryption Cloud

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

The security breach poses a major national security risk. The WSJ states that the compromise remained undisclosed due to possible impact on national security. In May 2023, T-Mobile threat actors had access to the personal information of hundreds of customers starting in late February 2023. and international telecom firms.

Data breaches

Data breaches Communications Artificial Intelligence Government

OnePoint Patient Care data breach impacted 795916 individuals

Security Affairs

OCTOBER 25, 2024

OPPC reported to the US Department of Health and Human Services that the security incident impacted 795916 individuals. The company started its incident response procedure to contain the incident with the help of a forensic security firm. ” reads the notice of Data Security Incident published by the company on its website.

Data breaches

Data breaches Ransomware Security IT

The source code of Banshee Stealer leaked online

Security Affairs

NOVEMBER 26, 2024

Researchers at Elastic Security Labs analyzed the malware and confirmed it can steal keychain passwords and data from multiple browsers. reads the report published by Elastic Security Labs. Banshee Stealer can target data from nine different browsers, Chrome, Firefox, Brave, Edge, Vivaldi, Yandex, Opera, OperaGX, and Safari.

Archiving

Archiving Encryption Passwords IT

DoubleClickjacking allows clickjacking on major websites

Security Affairs

JANUARY 2, 2025

It can also manipulate users into making unauthorized account changes, such as altering security settings or confirming transactions. Developers and security teams should: Tighten their control over embedded or opener-based windows. ” concludes the post. Be vigilant about all forms of clickjackingeven multi-click patterns.”

Authentication

Authentication IT Security Access

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OCTOBER 11, 2024

These scripts sometimes leveraged publicly available pentesting tools and security services to programmatically find vulnerable infrastructure.” ” reads the OpenAI’s report.

Phishing

Phishing Passwords Security IT

Citrix addressed NetScaler console privilege escalation flaw

Security Affairs

FEBRUARY 20, 2025

Citrix released security updates to address a high-severity security vulnerability, tracked as CVE-2024-12284 (CVSS score of 8.8) Citrix addressed a high-severity privilege escalation vulnerability impacting NetScaler Console and NetScaler Agent under certain conditions. ” reads the advisory.

Authentication

Authentication Cloud Access Security

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

Russia-linked cyber espionage group APT29 (aka SVR group , BlueBravo , Cozy Bear , Nobelium , Midnight Blizzard , and The Dukes ) target vulnerable Zimbra and JetBrains TeamCity servers as part of a mass scale campaign, U.S. cyber agencies warned.

Data collection

Data collection Authentication Access Cybersecurity

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Security Affairs

NOVEMBER 8, 2024

Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them harder to unlock, reported 404 Media. Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media.

Communications

Communications Passwords Security IT

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Security Affairs

JANUARY 15, 2025

” According to Heise security , the published data doesn’t appear to be linked to recently published vulnerabilities in the FortiOS appliance operating system. ” reported Heise Security. ” reported Heise Security. To make it easier for you, we have categorized the targets by country names.

Passwords

Passwords Security IT Data breaches

Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products

Security Affairs

SEPTEMBER 11, 2024

Adobe Patch Tuesday security updates addressed multiple vulnerabilities in its products, including critical flaws that could allow attackers to execute arbitrary code on Windows and macOS systems. Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS.

Security

Security Access IT Information Security

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

Despite Microsoft phasing it out, it remains an active security risk. The botnet operators used stolen credentials from infostealer logs to target accounts at scale “These attacks are recorded in Non-Interactive Sign-In logs, which are often overlooked by security teams. ” continues the report.

Passwords

Passwords Authentication Access Cybersecurity

Increased GDPR Enforcement Highlights the Need for Data Security

39M secrets exposed: GitHub rolls out new security tools

Webinars

Trending Sources

Artificial intelligence (AI) as an Enabler for Enhanced Data Security

Webinars

Why DSPM is Essential for Achieving Data Privacy in 2024

Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools

Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites

China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Elon Musk's Federal Worker Email Sparks 'Security Nightmare'

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 30

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 33

Oracle privately notifies Cloud data breach to customers

Google Pixel 9 supports new security features to mitigate baseband attacks

Google fixed the first actively exploited Chrome zero-day since the start of the year

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

From Risk Assessment to Action: Improving Your DLP Response

Security Affairs newsletter Round 512 by Pierluigi Paganini – INTERNATIONAL EDITION

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

MikroTik botnet relies on DNS misconfiguration to spread malware

Malware campaign abused flawed Avast Anti-Rootkit driver

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Authentication bypass CVE-2025-22230 impacts VMware Windows Tools

AMD fixed a flaw that allowed to load malicious microcode

Amazon discloses employee data breach after May 2023 MOVEit attacks

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

OnePoint Patient Care data breach impacted 795916 individuals

The source code of Banshee Stealer leaked online

DoubleClickjacking allows clickjacking on major websites

Iran and China-linked actors used ChatGPT for preparing attacks

Citrix addressed NetScaler console privilege escalation flaw

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices

Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products

A large botnet targets M365 accounts with password spraying attacks

Stay Connected