🚨 CISA KEV 1[−]
28 Jun KEVCISA Adds GeoServer, Linux Kernel, and Roundcube Webmail Bugs to its Known Exploited Vulnerabilities CatalogThe US cybersecurity agency CISA has issued a warning about cyber threat actors exploiting vulnerabilities in GeoServer (CVE-2022-24816), the Linux kernel (CVE-2022-2586), and Roundcube Webmail (CVE-2020-13965).SECURITYAFFAIRS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
28 JunVanna AI Prompt Injection Vulnerability Enables RCEThe Vanna AI library has been found to have a vulnerability (CVE-2024-5565) that could allow for remote code execution (RCE) due to a prompt injection issue related to the Plotly script.SCMAGAZINE.COM
28 JunProgress Software Releases Security Bulletin for MOVEit TransferProgress Software released a security bulletin to address a vulnerability in MOVEit Transfer. A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following bulletin and apply the necess…CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 24[−]
28 JunTeamViewer Detects Security Breach in Corporate IT EnvironmentTeamViewer on Thursday disclosed it detected an "irregularity" in its internal corporate IT environment on June 26, 2024. "We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implem…THEHACKERNEWS.COM
28 JunChinese Hacker Groups Using Off-The-Shelf Tools To Deploy RansomwareCyberespionage actors are increasingly using ransomware as a final attack stage for financial gain, disruption, or to cover their tracks, as the report details previously undisclosed attacks by a suspected Chinese APT group, ChamelGang, who used CatB ransomware against a major In…GBHACKERS.COM
28 JunResearchers Warn of Flaws in Widely Used Industrial Gas Analysis EquipmentMultiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and…THEHACKERNEWS.COM
28 JunB+ Security Rating Masks Healthcare Supply Chain RisksThe healthcare sector received a "B+" security rating for the first half of 2024, indicating a decent level of security. However, it faces a significant vulnerability in the form of supply chain cyber risk.HELPNETSECURITY.COM
28 JunSnowblind Abuses Android seccomp Sandbox To Bypass Security MechanismsA new Android banking trojan named Snowblind was discovered that exploits the Linux kernel feature seccomp, traditionally used for security, which installs a seccomp filter to intercept system calls and bypasses anti-tampering mechanisms in apps, even those with strong obfuscatio…GBHACKERS.COM
28 JunTop 12 cloud security certificationsSince publishing our list of top cloud security certifications in 2021 , the sector has changed dramatically. Our new recommendations reflect these sweeping changes so that cloud security professionals can find the ideal certification for them. This ideal certification will vary …CSOONLINE.COM
28 JunNew SnailLoad Attack Exploits Network Latency to Spy on Users' Web ActivitiesA group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers…THEHACKERNEWS.COM
28 JunCISA Report Finds Critical Open-Source Memory Safety RisksCISA urges manufacturers to reduce memory safety vulnerabilities by ditching memory-unsafe languages, implementing secure coding practices, and adopting routine security testing measures.BANKINFOSECURITY.COM
28 JunFortra Patches Critical SQL Injection in FileCatalyst WorkflowFortra has patched a critical-severity vulnerability in FileCatalyst Workflow leading to the creation of administrator accounts. The post Fortra Patches Critical SQL Injection in FileCatalyst Workflow appeared first on SecurityWeek .SECURITYWEEK.COM
28 JunGitLab vulnerability permits running pipeline tasks under another usersubmitted by kid to cybersecurity 2 points | 0 comments https://stackdiary.com/gitlab-vulnerability-permits-running-pipeline-tasks-under-another-user/STACKDIARY.COM
28 Jun8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency MiningSecurity researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor employs fileless execution techniques, using DLL reflective and process injection, allow…THEHACKERNEWS.COM
28 JunDefense in Depth podcast - Securing Identities in the Cloudsubmitted by ashar to security_cpe 1 points | 0 comments https://assets.libsyn.com/secure/content/173444947/?height=90&width=90 Defense in Depth podcast - Securing Identities in the Cloud All links and images for this episode can be found on CISO Series . Check out this post …ASSETS.LIBSYN.COM
28 JunTeamViewer Corporate Network Breached in Alleged APT AttackIn a concerning development, TeamViewer, one of the world's leading remote access software providers, has disclosed a cyber attack that breached its corporate network environment.KNOWBE4.COM
28 JunVulnerability management empowered by AIVulnerability management involves an ongoing cycle of identifying, prioritizing and mitigating vulnerabilities within software applications, networks and computer systems. This proactive strategy is essential for safeguarding an organization’s digital assets and maintaining…SECURITYINTELLIGENCE.COM
28 JunGitleaks: Open-Source Solution for Detecting Secrets in Your CodeGitleaks is an open-source tool that detects and prevents hardcoded secrets in Git repositories, like passwords or API keys. It stands out for its easy-to-use and configurable system for scanning secrets.HELPNETSECURITY.COM
28 JunIn Other News: Malware Delivered by ISP, Temu Spying, Critical Dataverse VulnerabilityNoteworthy stories that might have slipped under the radar: Korean ISP delivers malware to customers, Temu sued for allegedly spying on users, Microsoft patches a critical Dataverse vulnerability. The post In Other News: Malware Delivered by ISP, Temu Spying, Critical Dataverse V…SECURITYWEEK.COM
28 JunGitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 OthersGitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and En…THEHACKERNEWS.COM
28 JunTeamViewer targeted by APT29 hackers, containment measures in placeRemote desktop software provider TeamViewer has disclosed a cyberattack on its corporate network, but maintains that no customer data or product functionality was compromised. The company said the notorious Russian hacking group APT29, also known as Midnight Blizzard, is behind t…CSOONLINE.COM
28 JunShifting Cybersecurity Philosophy from Threat-Centric to Compromise-Centric - Martin R... - ESW #366For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be dis…YOUTUBE.COM
28 JunInfosys McCamish says LockBit stole data of 6 million peopleInfosys McCamish Systems (IMS) disclosed that the LockBit ransomware attack it suffered earlier this year impacted sensitive information of more than six million individuals. [...]BLEEPINGCOMPUTER.COM
28 JunSupply-chain ransomware attack cripples thousands of car dealershipsCar dealerships have been brought to a standstill across the United States after a software provider was hit by a ransomware attack. The attack, believed to be by the BlackSuit ransomware gang, forced CDK Global, makers of a platform widely used by car dealerships to conduct thei…EXPONENTIAL-E.COM
28 JunLevelBlue Lays Off 15% of Employees After Being Sold by AT&TJob Cuts Come Less Than 2 Months After WillJam Ventures-Owned Company Rebranded LevelBlue laid off 15% of its 1,000-person workforce just months after AT&T sold a majority stake in the managed cybersecurity services firm to WillJam Ventures. The cuts will allow LevelBlue to r…DATABREACHTODAY.CO.UK
28 JunMoveIT, Entrust, Fed Reserve, ISPs, Volt Typhoon & More - SWN #395Healthcare and malware, MoveIT, Chrome won't trust Entrust, the discovery of Volt Typhoon, & more on this episode of the Security Weekly News! Segment Resources: https://therecord.media/volt-typhoon-targets-underestimated-cisa-says Visit https://www.securityweekly.com/swn for all…YOUTUBE.COM
📢 SECURITY ADVISORIES 6[−]
28 JunGartner: 55% of Firms Now Rely on AI Governance BoardsPoll Shows AI Risk Concerns Rising; 25% of CIOs Are Now in Charge of AI Initiatives A new Gartner poll shows 55% of organizations have established AI boards to govern artificial intelligence initiatives. As AI's influence grows across business functions, these boards can help red…DATABREACHTODAY.CO.UK
28 JunStartup Odaseva Raises $54M to Bolster Global Expansion, R&DSilver Lake Leads Series C Round for California-Based Data Security Startup Odaseva With 65% of its revenue coming from the United States, data security startup Odaseva will use its $54 million Series C funding round to enhance R&D, expand its product line and strengthen its …DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 24[−]
28 JunTicketek - 17,643,173 breached accountsIn May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform . The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storag…HAVEIBEENPWNED.COM
28 JunPhilippines Data Security Officer Hacked 93 Different Sitessubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://thecyberexpress.com/data-security-officer-philippines-93-websites/amp/THECYBEREXPRESS.COM
28 JunFormer IT Employee Stolen 1 Million Geisinger Patient’s Personal DataGeisinger Health System discovered a data breach involving the personal information of over one million patients. The breach was traced back to a former employee of Nuance Communications Inc., an external vendor providing IT services to Geisinger. The ex-employee accessed the dat…GBHACKERS.COM
28 JunU.S. Department of Justice Announced $10 Million Reward For Russian HackerThe U.S. Department of Justice has announced a $10 million reward for information leading to the arrest of Amin Timovich Stigal (Амин Тимович Стигал), a 22-year-old Russian citizen charged with conspiracy to hack into and destroy computer systems and data. A federal grand jury in…GBHACKERS.COM
28 JunThere's some possibly good news on the ransomware front. Companies are becoming more resilient to attacks, and the ransom payments extorted from businesses by hackers are on a downward trend. Read more in my article on the Tripwire State of Security blog.TRIPWIRE.COM
28 JunRussian APT Reportedly Behind New TeamViewer HackTeamViewer’s corporate network was hacked and some reports say the Russian group APT29 is behind the attack. The post Russian APT Reportedly Behind New TeamViewer Hack appeared first on SecurityWeek .SECURITYWEEK.COM
28 JunTeamViewer Internal Systems Accessed by APT HackersTeamViewer, a leading provider of remote access software, announced that attackers had compromised its internal corporate IT environment. The company’s security team detected the breach, who noticed an “irregularity” in their internal systems, prompting an immed…GBHACKERS.COM
28 JunWhisperGate Data-Wiping Malware Suspect IndictedThe US Department of Justice has indicted a 22-year-old Russian, Amin Timovich Stigal, for his alleged involvement in cyber attacks on Ukrainian government computers and critical infrastructure systems known as the "WhisperGate" attack.THEREGISTER.COM
28 JunNew Ransomware, Infostealers Pose Growing Risk in 2024In Q1 2024, BlackBerry detected and stopped 3.1 million cyberattacks, averaging 37,000 per day. They also detected 630,000 malicious hashes, a 40% increase from the previous reporting period.HELPNETSECURITY.COM
28 JunChicago Children’s Hospital Says 791,000 Impacted by Ransomware AttackAnn & Robert H. Lurie Children’s Hospital of Chicago says the recent data breach caused by a ransomware attack impacts 791,000 people. The post Chicago Children’s Hospital Says 791,000 Impacted by Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
28 JunNuance Ex-Employee Indicted for Breach Affecting 1 MillionA former employee of Nuance Communications, a unit of Microsoft, is the main suspect in a 2023 data breach that affected over 1 million patients of Geisinger, a healthcare system based in Pennsylvania.BANKINFOSECURITY.COM
28 JunRemote access giant TeamViewer says Russian spies hacked its corporate networkThe remote access giant linked the cyberattack to government-backed hackers working for Russian intelligence, known as APT29. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
28 JunTeamViewer links corporate cyberattack to Russian state hackersRMM software developer TeamViewer says a Russian state-sponsored hacking group known as Midnight Blizzard is believed to be behind a breach of their corporate network this week. [...]BLEEPINGCOMPUTER.COM
28 JunIs GenAI Having a Rough Time? We check in to see how it's doing. - ESW #366We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's [Return on Security newsletter](https://returnonsecurity.com) for the full list of funded and acquired companies ev…YOUTUBE.COM
28 JunRemote Access Giant TeamViewer Says Russian Spies Hacked Its Corporate NetworkTeamViewer, a leading provider of remote access tools, has confirmed that its corporate network is currently under a cyberattack. The company has identified the attackers as a government-backed Russian intelligence group known as APT29.TECHCRUNCH.COM
28 JunNew Unfurling Hemlock Threat Actor Floods Systems with MalwareUnfurling Hemlock is using a new method, referred to as a "malware cluster bomb," which allows the threat actor to use one malware sample to spread additional malware on compromised machines.BLEEPINGCOMPUTER.COM
28 JunBreaches Due to Credential Stuffing: Who's Accountable?The Theft of Snowflake's Customers' Data Shows That Vendors Need Robust Defenses Who's responsible for the data breaches experienced by customers of the data warehousing platform Snowflake due to credential stuffing attacks? While users have security responsibilities, multiple pl…DATABREACHTODAY.CO.UK
28 JunDairy giant Agropur says data breach exposed customer infoAgropur, one of the largest dairy cooperatives in North America, is notifying customers of a data breach after some of its shared online directories were exposed. [...]BLEEPINGCOMPUTER.COM
28 JunTicketmaster sends notifications about recent massive data breachTicketmaster has started to notify customers who were impacted by a data breach after hackers stole the company's Snowflake database, containing the data of millions of people. [...]BLEEPINGCOMPUTER.COM
28 JunISMG Editors: Growing Fallout From the Snowflake BreachAlso: Tackling Online Fraud; Highlights From ISMG's Midwest Summit In the latest weekly update, ISMG editors discussed the fallout from the recent Snowflake breach and its impact on 165 companies and their users, the ongoing challenges in combating online fraud, and takeaways fro…DATABREACHTODAY.CO.UK
28 JunMicrosoft Is Warning More Customers About Russian State HackCompany Is Sending Email Alerts to Customers Whose Data Was Accessed by Hackers Microsoft is alerting its customers whose data may have been accessed by Russian state hackers following a January attack that compromised the emails of company executives. Microsoft also shared a lin…DATABREACHTODAY.CO.UK
28 JunHubspot says it’s investigating customer account hacksThe company “identified a security incident that involved bad actors targeting a limited number of HubSpot customers and attempting to gain unauthorized access to their accounts” on June 22. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
28 JunMultiple Vulnerabilities Found in Gas ChromatographsCritical-Severity Flaws Expose Emerson Devices to Cyberattacks Multiple critical vulnerabilities in Emerson Rosemount 370XA gas chromatographs could allow malicious actors to access sensitive data, cause denial-of-service conditions and execute arbitrary commands. Emerson recomme…DATABREACHTODAY.CO.UK
28 JunInsurance Software Vendor Notifies 6.1 Million of 2023 HackInfoSys McCamish Systems Earlier Alerted 57,000 Bank of America Clients of Breach Infosys McCamish Systems, an insurance software product and services vendor, is notifying nearly 6.1 million people of a 2023 ransomware incident that potentially comprised their sensitive data, inc…DATABREACHTODAY.CO.UK
🕵️ THREAT INTELLIGENCE 23[−]
28 JunISC Stormcast For Friday, June 28th, 2024 https://isc.sans.edu/podcastdetail/9040, (Fri, Jun 28th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
28 JunCyber Security Today, June 28, 2024 - Cyber authorities remind developers to switch to memory-safe coding languagesAre attacks cybercrime or hiding espionage? Researchers investigate in this episodeCYBERSECURITYTODAY.LIBSYN.COM
28 JunXeno RAT Spread via .gg Domains and GitHubXenoRAT is being used by North Korean hackers and other actors targeting the gaming community. It is being spread through .gg domains and a GitHub repository disguised as Roblox scripting tools.HUNT.IO
28 JunPolyfill Domain Shut Down as Owner Disputes Accusations of Malicious ActivityNamecheap shut down polyfill.io amid reports of malicious activity, but the Chinese owner claims it has good intentions. The post Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity appeared first on SecurityWeek .SECURITYWEEK.COM
28 JunSupport of SSL 2.0 on web servers in 2024, (Fri, Jun 28th)We last discussed SSLv2 support on internet-exposed web servers about a year ago, when we discovered that there were still about 450 thousand web servers that supported this protocol left on the internet[ 1 ]. We also found that a significant portion of these servers wa…ISC.SANS.EDU
28 JunJames Bamford on Section 702 ExtensionLongtime NSA-watcher James Bamford has a long article on the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA).SCHNEIER.COM
28 JunTeamViewer investigating intrusion of corporate IT environmentsubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/teamviewer-investigating-intrusion-itTHERECORD.MEDIA
28 JunCombatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat ActorsThe modern kill chain is eluding enterprises because they aren’t protecting the infrastructure of modern business: SaaS. SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven’t rev…THEHACKERNEWS.COM
28 JunYour KnowBe4 Fresh Content Updates from June 2024Check out the 29 new pieces of training content added in June, alongside the always fresh content update highlights, events and new features.KNOWBE4.COM
28 JunKnowBe4 Recognized as Cyber Security Educator of the Year at IT Europa Awards 2024It's a great honor for KnowBe4 to be named the Cyber Security Educator of the Year at the prestigious IT Europa Channel Awards 2024.KNOWBE4.COM
28 JunFairness and Safety of LLMsThe fairness and safety guarantees of LLMs, while crucial to social impact, are equally as important to the cybersecurity challenges they present. The post Fairness and Safety of LLMs appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
28 JunMicrosoft Details ‘Skeleton Key’ AI Jailbreak TechniqueMicrosoft has tricked several gen-AI models into providing forbidden information using a jailbreak technique named Skeleton Key. The post Microsoft Details ‘Skeleton Key’ AI Jailbreak Technique appeared first on SecurityWeek .SECURITYWEEK.COM
28 JunKimsuky Deploys TRANSLATEXT to Target South Korean AcademiaKimsuky uploaded TRANSLATEXT to their attacker-controlled GitHub repository on March 7, 2024, and it is capable of bypassing security measures for prominent email service providers like Gmail, Kakao, and Naver.ZSCALER.COM
28 JunGetReal Labs Emerges From Stealth to Tackle DeepfakesIncubated for two years by Ballistic Ventures, GetReal Labs has launched to combat manipulated content and deepfakes. The post GetReal Labs Emerges From Stealth to Tackle Deepfakes appeared first on SecurityWeek .SECURITYWEEK.COM
28 JunAuthZed Raises $12 Million for Permissions Management TechnologyPermissions management technology startup AuthZed has raised $12 million in a Series A funding round led by General Catalyst. The post AuthZed Raises $12 Million for Permissions Management Technology appeared first on SecurityWeek .SECURITYWEEK.COM
28 JunThe risks and best practices of deploying AI to an enterprise - Anurag Lal - ESW #366We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his compan…YOUTUBE.COM
28 JunKimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive DataThe North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early…THEHACKERNEWS.COM
28 JunGoogle cuts ties with Entrust in Chrome over trust issuessubmitted by kid to cybersecurity 3 points | 1 comments https://www.theregister.com/2024/06/28/google_axes_entrust_over_six/THEREGISTER.COM
28 Jun'Poseidon' Mac stealer distributed via Google adssubmitted by kid to cybersecurity 5 points | 0 comments https://www.malwarebytes.com/blog/news/2024/06/poseidon-mac-stealer-distributed-via-google-ads?web_view=trueMALWAREBYTES.COM
28 JunMicrosoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard HackShockwaves from the Russian government's hack of Microsoft's corporate infrastructure continue to spread as the victim pool widens. The post Microsoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard Hack appeared first on SecurityWeek .SECURITYWEEK.COM
28 JunRussian hackers read the emails you sent us, Microsoft warns more customersMore of Microsoft's clients are being warned that emails they exchanged with the company were accessed by Russian hackers who broke into its systems and spied on staff inboxes. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
28 JunFriday Squid Blogging: New Squid SpeciesA new squid species—of the Gonatidae family—was discovered . The video shows her holding a brood of very large eggs. Research paper .SCHNEIER.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
28 JunPolyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operatorThe recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API ke…BLEEPINGCOMPUTER.COM
28 JunMalware Peddlers Experimenting with BPL Sideloading and Masking Malicious Payloads as PGP KeysThe campaign involves a Bollywood pirate movie download site leading to a Bunny content delivery platform, which then points to a ZIP file. Inside the ZIP file, there is another password-protected ZIP file with a text file containing the password.HELPNETSECURITY.COM
28 JunAI Pulse: Siri Says Hi to OpenAI, Deepfake Olympics & moreAI Pulse is a new blog series from Trend Micro on the latest cybersecurity AI news. In this edition: Siri says hi to OpenAI, fraud hogs the AI cybercrime spotlight, and why the Paris Olympics could be a hotbed of deepfakery.TRENDMICRO.COM
28 JunKey trends shaping the threat landscape in H1 2024 – Week in security with Tony AnscombeLearn about the categories of threats that 'topped the charts' and the kinds of techniques that bad actors leveraged most commonly in the first half of this year.WELIVESECURITY.COM
📡 INFOSEC NEWS 11[−]
28 JunExamining Water Sigbin's Infection Routine Leading to an XMRig CryptominerWe analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner.TRENDMICRO.COM
28 JunNo Patches for Hospital Temperature Monitors' Critical FlawsResearchers at Nozomi Networks uncovered four vulnerabilities in Sensor Net Connect and three flaws in the Thermoscan IP desktop application, both made by a division of French firm Proges Plus.BANKINFOSECURITY.COM
28 JunMitigating Skeleton Key, a New Type of Generative AI Jailbreak TechniqueMicrosoft has discovered a new type of jailbreak attack called Skeleton Key. This technique uses a multi-turn strategy to make the model ignore its guardrails, allowing it to generate forbidden content or override its decision-making rules.MICROSOFT.COM
28 JunCalifornia Privacy Regulator to Partner With French Data AuthorityThe California Privacy Protection Agency (CPPA) has signed a partnership agreement with France's Commission Nationale de l'Informatique et des Libertés (CNIL) to conduct joint research and share investigative findings on data privacy issues.THERECORD.MEDIA
28 JunCyber Insurance Terms Drive Companies To Invest More in Security, Report FindsApproximately three-quarters of companies have made investments in cyber defense in order to qualify for cyber insurance, according to a report by Sophos and Vanson Bourne.CYBERSECURITYDIVE.COM
28 JunUS Federal Agencies Warn Healthcare Sector of Payment Diversion SchemesFederal authorities are warning about social engineering and phishing scams that target IT help desk workers and allow attackers to steal login credentials in order to access healthcare sector entities' IT systems.BANKINFOSECURITY.COM
28 JunCrypto-Gang Leader Convicted of Vicious Kidnaps, RobberyA 24-year-old leader of an international robbery crew, Remy St Felix, has been convicted in the US for carrying out violent home invasions to steal cryptocurrency tokens.THEREGISTER.COM
28 JunHijacking GitHub accounts using phishing emails | Kaspersky official blogHow developers' GitHub accounts are being hijacked using the service's notification system to deliver phishing emails with fake job offers.KASPERSKY.COM
28 Jun‘Poseidon’ Mac stealer Distributed via Malicious Google AdsA new campaign targeting Mac users through malicious Google ads for the Arc browser has been observed. This is the second time Arc has been used as a lure, indicating its popularity.MALWAREBYTES.COM
28 JunOn Point: Risk Management Strategies for AI ToolsWhat to Do to Protect the Sensitive Data You Submit to Online AI Tools Artificial intelligence tools are both a blessing and a curse for companies. They enable staff to be more efficient and get tasks done quicker, but they also allow an ever-increasing amount of sensitive data t…DATABREACHTODAY.CO.UK