From Dark Reading – New California Delete Act Tightens Rules for Data Brokers
Companies with customers in California need to prepare for a new process for demanding deletion of personal data. Read More
Tag data breaches
From Dark Reading – Uber’s Ex-CISO Appeals Conviction Over 2016 Data Breach
Joe Sullivan’s lawyers have claimed his conviction on two felony charges is based on tenuous theories and criminalizes the use of bug bounty programs. Read More
From Cyber Security News – New WordPress Malware as Cache Plugin Creates Rogue Admin Account
A novel kind of malware that acts as a sophisticated backdoor that can carry out several operations while impersonating a legitimate plugin has been identified. The malware has several features, including the ability to modify files, create an admin account,…
From Cyber Security News – Large-scale Akira Ransomware Attacking Unsecured Computers
In order to disrupt human-operated ransomware attacks and prevent attackers from advancing their objectives through lateral movement, it is crucial to swiftly contain any compromised user accounts. Taking this step is essential to limit the attackers’ ability to spread their…
From Security Week – LinkedIn Smart Links Abused in Phishing Campaign Targeting Microsoft Accounts
A recently observed phishing campaign targeting Microsoft accounts is using LinkedIn smart links to bypass defenses. The post LinkedIn Smart Links Abused in Phishing Campaign Targeting Microsoft Accounts appeared first on SecurityWeek. Read More
From Cyber Security News – Google Initiates the End of Passwords, Making Passkeys the Default for Users
Google, a well-known tech giant, has introduced a new feature called “passwordless by default”. This feature aims to simplify the login process for users by eliminating the need for traditional passwords and instead relying on passkeys for authentication purposes. In…
From The Hacker News – ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers
The threat actors behind ShellBot are leveraging IP addresses transformed into its hexadecimal notation to infiltrate poorly managed Linux SSH servers and deploy the DDoS malware.
"The overall flow remains the same, but the download URL used by the threat actor to install ShellBot has changed from a regular IP address to a hexadecimal value," the AhnLab Security Emergency response Center (ASEC)
From Security Week – Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks
Industrial routers made by Chinese company Yifan are affected by several critical vulnerabilities that can expose organizations to attacks. The post Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks appeared first on SecurityWeek. Read More
From Security Week – CISO Pay Increases Are Slowing – a Look Behind the Figures
How much do CISOs make? Survey provides compensation trends for Chief Information Security Officers, but don’t take surveys at full face value. The post CISO Pay Increases Are Slowing – a Look Behind the Figures appeared first on SecurityWeek. Read More
From The Hacker News – How to Guard Your Data from Exposure in ChatGPT
ChatGPT has transformed the way businesses generate textual content, which can potentially result in a quantum leap in productivity. However, Generative AI innovation also introduces a new dimension of data exposure risk, when employees inadvertently type or paste sensitive business data into ChatGPT, or similar applications. DLP solutions, the go-to solution for similar challenges, are
From The Hacker News – Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack
Microsoft on Wednesday said that a user containment feature in Microsoft Defender for Endpoint helped thwart a "large-scale remote encryption attempt" made by Akira ransomware actors targeting an unknown industrial organization in early June 2023.
The tech giant's threat intelligence team is tracking the operator as Storm-1567.
The attack leveraged devices that were not onboarded to Microsoft
From Security Week – Simpson Manufacturing Takes Systems Offline Following Cyberattack
Simpson Manufacturing is experiencing disruptions after taking IT systems offline following a cyberattack. The post Simpson Manufacturing Takes Systems Offline Following Cyberattack appeared first on SecurityWeek. Read More
From Security Week – SYN Ventures Announces $75 Million Seed Fund for US Cybersecurity Firms
Venture capital firm SYN Ventures announces first closing of $75 million cybersecurity seed fund for US cybersecurity companies. The post SYN Ventures Announces $75 Million Seed Fund for US Cybersecurity Firms appeared first on SecurityWeek. Read More
From Dark Reading – Pan-African Financial Apps Leak Encryption, Authentication Keys
Cryptocurrency apps were the most high risk for exposing sensitive information, a reverse-engineering study shows. Read More
From The Hacker News – Researchers Uncover Malware Posing as WordPress Caching Plugin
Cybersecurity researchers have shed light on a new sophisticated strain of malware that masquerades a WordPress plugin to stealthily create administrator accounts and remotely control a compromised site.
"Complete with a professional looking opening comment implying it is a caching plugin, this rogue code contains numerous functions, adds filters to prevent itself from being included in the list