CISA proposes new security requirements to protect govt, personal data
CISA proposes new security requirements to protect govt, personal data
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is proposing security requirements to prevent adversary states from accessing American's personal data as well as government-related information.
·bleepingcomputer.com·
CISA proposes new security requirements to protect govt, personal data
Windows 10 KB5045594 update fixes multi-function printer bugs
Windows 10 KB5045594 update fixes multi-function printer bugs
Microsoft has released the optional KB5045594 preview cumulative update for Windows 10 22H2 with fixes for problems printing to multi-function printers and other issues.
·bleepingcomputer.com·
Windows 10 KB5045594 update fixes multi-function printer bugs
AWS, Azure auth keys found in Android and iOS apps used by millions
AWS, Azure auth keys found in Android and iOS apps used by millions
Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches.
·bleepingcomputer.com·
AWS, Azure auth keys found in Android and iOS apps used by millions
Foreign influence operations will expand before election and linger afterward, US agencies say
Foreign influence operations will expand before election and linger afterward, US agencies say
Officials from U.S. intelligence agencies are warning that foreign adversaries — especially Russia — will intensify their influence efforts in the final two weeks before the U.S. election and will seek to undermine the legitimacy of the election process afterward.
·therecord.media·
Foreign influence operations will expand before election and linger afterward, US agencies say
Four cyber companies fined for SolarWinds disclosure failures
Four cyber companies fined for SolarWinds disclosure failures
The Securities and Exchange Commission (SEC) said Check Point, Avaya, Unisys and Mimecast would each pay fines related to how they disclosed information related to the impact of the breach of SolarWinds software in 2020.
·therecord.media·
Four cyber companies fined for SolarWinds disclosure failures
SEC charges tech companies for downplaying SolarWinds breaches
SEC charges tech companies for downplaying SolarWinds breaches
The SEC has charged four companies—Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast—for allegedly misleading investors about the impact of their breaches during the massive 2020 SolarWinds Orion hack.
·bleepingcomputer.com·
SEC charges tech companies for downplaying SolarWinds breaches
Lawmakers ask DOJ to prosecute tax prep firms for sharing customer data with big tech
Lawmakers ask DOJ to prosecute tax prep firms for sharing customer data with big tech
Democratic lawmakers are asking the Department of Justice to prosecute major tax preparation firms for sharing customers’ sensitive personal and financial data with Google and Meta, the latter of whom they say used the information for advertising and to train its artificial intelligence algorithm.
·therecord.media·
Lawmakers ask DOJ to prosecute tax prep firms for sharing customer data with big tech
Exploit released for new Windows Server "WinReg" NTLM Relay attack
Exploit released for new Windows Server "WinReg" NTLM Relay attack
Proof-of-concept exploit code is now public for a vulnerability in Microsoft's Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the authentication process.
·bleepingcomputer.com·
Exploit released for new Windows Server "WinReg" NTLM Relay attack
VMware fixes bad patch for critical vCenter Server RCE flaw
VMware fixes bad patch for critical vCenter Server RCE flaw
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024.
·bleepingcomputer.com·
VMware fixes bad patch for critical vCenter Server RCE flaw
The struggle for software liability: Inside a ‘very, very, very hard problem’
The struggle for software liability: Inside a ‘very, very, very hard problem’
Legal experts, technologists and tech-industry representatives say software liability is extremely difficult to design, with multiple competing approaches. But some lawmakers want to make it a top priority.
·therecord.media·
The struggle for software liability: Inside a ‘very, very, very hard problem’
After prodding from lawmakers, Cyber Command readies a plan for the future
After prodding from lawmakers, Cyber Command readies a plan for the future
Officials are making progress on a far-reaching internal review dubbed “Cyber Command 2.0,” which is intended to revamp the digital warfighting organization for the future, as some in Congress are growing restless about its readiness problems and other potential issues.
·therecord.media·
After prodding from lawmakers, Cyber Command readies a plan for the future
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor.
·blog.talosintelligence.com·
Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
Malware Trends Report: Q3, 2024
Malware Trends Report: Q3, 2024
Explore the Q3 2024 malware trends report from ANY.RUN to learn about the most prevalent malware families, types, and TTPs.
·any.run·
Malware Trends Report: Q3, 2024
CFPB: New regulations will better protect consumers’ personal financial data
CFPB: New regulations will better protect consumers’ personal financial data
A new Consumer Financial Protection Bureau rule that gives consumers more choice over financial products and services includes significant privacy protections safeguarding individual’s data, the agency announced Tuesday.
·therecord.media·
CFPB: New regulations will better protect consumers’ personal financial data
Hackers exploit Roundcube webmail flaw to steal email, credentials
Hackers exploit Roundcube webmail flaw to steal email, credentials
Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union.
·bleepingcomputer.com·
Hackers exploit Roundcube webmail flaw to steal email, credentials
Crypto payment services firm says more than 92,000 affected by data breach
Crypto payment services firm says more than 92,000 affected by data breach
The Stormous ransomware gang took credit for the theft on Monday, claiming to have stolen 300 gigabytes of data that includes “government-issued IDs, proof of address, financial statements, and user selfies.”
·therecord.media·
Crypto payment services firm says more than 92,000 affected by data breach