Category: Privacy/Governance Feed

Tanto Security uncovered three vulnerabilities which could allow attackers to execute sandbox escapes and gain root permissions on host machines    – Read More  –  

Coffee County has discovered malicious cyber-activity on its IT systems, and it reportedly severed its connection to Georgia’s state voter registration system    – Read More  –  

European non-profit Noyb has filed a complaint to the Austrian data protection authority (DSB) over OpenAI’s ChatGPT providing false personal information    – Read More  –  

IoT manufacturers, retailers and importers must comply with new security legislation, the PSTI act, from today    – Read More  –  

Okta has issued customers with new advice on how to block mounting credential stuffing attacks    – Read More  –  

CISA’s RVWP program sent 1754 ransomware vulnerability notifications to government and critical infrastructure entities in 2023, leading to 852 devices being secured    – Read More  –  

The US Federal Trade Commission will send $5.6m worth of refunds to the spied-on customers of the Amazon-owned home camera company    – Read More  –  

The two founders of Samourai Wallet have been charged with money laundering and unlicensed money-transmitting offenses    – Read More  –  

An advisory from Cisco Talos has highlighted a sophisticated cyber-espionage campaign targeting government networks globally    – Read More  –  

Cyber threat intelligence provider Cyble found that DragonForce was using a ransomware binary based on LockBit Black’s builder    – Read More  –  

A new ISC2 study highlights the lack of diversity in cybersecurity with only 4% of teams having a majority of women, while 11% have none at all    – Read More  –  

Consumer rights group Which? has found more security gaps in UK banking sites and apps    – Read More  –  

Email-borne fraud accounted for more insurance claims than any other category in 2023, says Coalition    – Read More  –  

Jake Humphrey and Professor Damian Hughes, the minds behind the High Performance Podcast, share their top non-negotiable behaviours for success in cybersecurity    – Read More  –  

The bill that could see TikTok banned in the US has been approved by the House of Representatives and the Senate    – Read More  –  

The US Treasury announced sanctions on two companies and four individuals for cyber campaigns conducted on behalf of the Iranian government    – Read More  –  

The proximity of organizations’ headquarters, like Asda’s and NHS England’s, prompted BlueVoyant to choose Leeds as the location for its first UK SOC    – Read More  –  

Netacea research found that 93% of security leaders expect to face daily AI-driven attacks by the end of 2024, with 65% predicting that offensive AI will be the norm for cybercriminals    – Read More  –  

One in five UK organizations have had corporate data exposed via generative AI, says RiverSafe    – Read More  –  

North Korean hackers ran a year-long cyber-espionage campaign against South Korean defense companies    – Read More  –  

The move is reportedly part of a broader effort to counter the misuse of surveillance technology    – Read More  –  

The call comes amid the rollout of end-to-end encryption on Meta’s Messenger platform    – Read More  –  

Millions of Americans may be impacted by the Change Healthcare data breach as UnitedHealth confirms exposed data includes personal and health information    – Read More  –  

Mandiant’s latest M-Trends report found that vulnerability exploitation was the most common initial infection vector in 2023, making up 38% of intrusions    – Read More  –  

Notorious APT44 group Sandworm launched a major campaign against Ukrainian critical infrastructure in March    – Read More  –  

Microsoft has warned of a long-running credential stealing campaign from Russia’s APT28    – Read More  –  

The scheme was uncovered by Kaspersky and has been operational since November 2023    – Read More  –  

This occurs when a private package fetches a similar public one, leading to exploit due to misconfigurations in package managers    – Read More  –  

CrushFTP is urging customers to download v11 of its file transfer platform, with attackers actively exploiting a vulnerability that allows them to download system files    – Read More  –  

The new document is the first release from NSA’s Artificial Intelligence Security Center (AISC), in partnership with other government agencies in the US and other Five Eyes countries    – Read More  –  

The UK’s National Cyber Security Centre will see Richard Horne take over as its new boss in the autumn    – Read More  –  

Non-profit MITRE says a sophisticated state group breached its network via two chained Ivanti zero-days    – Read More  –  

This drop represents a direct threat to US national cybersecurity infrastructure, said CyberSN representatives in their report    – Read More  –  

A joint advisory from Europol and US and Dutch government agencies estimated that Akira made around $42m in ransomware proceeds from March 2023 to January 2024    – Read More  –  

The figures come from Egress’s latest report, which also suggests secure email gateways lag behind tech advancements    – Read More  –  

Mandiant has confirmed that Sandworm is responsible for many cyber-attacks against Ukraine has close ties with a Russian hacktivist group    – Read More  –  

Zscaler also confirmed MadMxShell uses DLL sideloading and DNS tunneling for C2 communication    – Read More  –  

A US government advisory sets out actions election officials need to take to mitigate the impact of nation-state influence campaigns ahead of the November elections    – Read More  –  

Bridewell report reveals critical infrastructure firms are losing faith in their defensive tooling    – Read More  –  

The Metropolitan Police and partners have disrupted the prolific LabHost phishing-as-a-service platform    – Read More  –  

The attacks exploit CVE-2023-22518, a critical flaw in Atlassian Confluence Data Center and Server    – Read More  –  

Proofpoint confirmed Kimsuky has directly contacted foreign policy experts since 2023 through seemingly benign email conversations    – Read More  –  

OpenSSF, in collaboration with the US Government, has developed Protobom, a open source tool designed to simplify SBOM management for organizations    – Read More  –  

This year’s EU elections will be a stress test to see whether the newly adopted Digital Services Act can efficiently mitigate misinformation threats    – Read More  –  

Cifas reveals 14% rise in dishonest employees, driven mainly by financial necessity last year    – Read More  –  

Ivanti has fixed two critical vulnerabilities in its Avalanche MDM product which could lead to remote code execution    – Read More  –  

WithSecure researchers said it is likely Russian state group Sandworm has added a novel backdoor dubbed ‘Kapeka’ to its arsenal    – Read More  –  

According to Pentera, firms are allocating 13% of their total IT security budgets to pentesting    – Read More  –  

Orca Security said the issue mirrors a previously identified vulnerability in Azure CLI    – Read More  –  

An open letter signed by 50 cybersecurity practitioners requires the US Congress to support NIST in restoring operations at the National Vulnerability Database    – Read More  –