Data Breaches

Accessibility should be a cybersecurity priority, says UK NCSC

The UK National Cyber Security Centre (NCSC) has urged businesses and security leaders to make accessibility a cybersecurity priority to help make systems more secure and human errors/workarounds less likely. It can also aid in meeting legal requirements, delivering better operational outcomes, and attracting and retaining more diverse talent, according to the NCSC. However, there are various examples of cybersecurity being presented in a way that is inaccessible for a lot of people, particularly for…

Read More

IOTW: Location data of two million customers exposed in Toyota data breach

A cloud misconfiguration in car manufacturer Toyota’s servers may have leaked sensitive information belonging to more than two million customers. The cloud misconfiguration meant that sensitive information for those who subscribed to Toyota services T-Connect, G-Link, G-Link Lite and/or G-BOOK between January 2, 2012 to April 17, 2023 was accessible to unauthorized parties from November 6, 2013 to April 17, 2023. The data includes location information for impacted vehicles andthe time the vehicle was at…

Read More

Critical remote code execution flaws patched in Cisco small business switches

Cisco patched several vulnerabilities this week that affect multiple models of its small business switches and could allow attackers to take full control of the devices remotely. The flaws are all located in the web-based management interface of the devices and can be exploited without authentication. While the company didn’t disclose which specific components of the web interface the flaws are located in, it noted in its advisory that the vulnerabilities are not dependent on…

Read More

OX Security adds ChatGPT plugin for AppSec

OX Security, an application security vendor, now has a plugin for ChatGPT, allowing users to leverage the power of the headline-making generative AI assistant to protect the software supply chain, generate personalized security recommendations and remedy security issues quickly. The Israel-based company, in a press release issued yesterday, said that generative AI has already altered the security landscape, and not for the better. AI models, according to OX, have been used to seek out new…

Read More

Organizations reporting cyber resilience are hardly resilient: Study

While most organizations have a cyber resilience program in place, more than half of them lack a comprehensive approach to assessing resilience, according to a study by Immersive Labs. The study aimed at understanding business preparedness amidst growing incidents found a strong intent to strengthen cybersecurity capabilities driven by external threats. “Rules of engagement for cyberthreat actors are constantly innovating to cause catastrophic and unavoidable situations,” said Michael Sampson, analyst at Osterman Research and author…

Read More

Aviatrix is transforming cloud network security with distributed firewalling

Cloud networking solutions provider Aviatrix has launched a distributed cloud firewall offering in a bid to strengthen network security for application traffic on multicloud environments. The offering is targeted at distributing both inspection and policy enforcement into the original path of application traffic, eliminating the need to redirect traffic to centralized firewalls or other network security services. “Aviatrix is the first to deliver a distributed cloud firewall,” said Rod Stuhlmuller, vice president of solutions marketing…

Read More

Russian national indicted for ransomware attacks against the US

Russian national, Mikhail Pavlovich Matveev, has been charged and indicted for launching ransomware attacks against thousands of victims in the US and across the world, the US Department of Justice (DoJ) said in a press release. The US Department of State has also announced an award of up to $10 million for information that leads to the arrest and/or conviction of the Russian national. “According to the indictment obtained in the District of New Jersey,…

Read More

IBM acquires Polar Security, bolstering data security capabilities

IBM has purchased application security startup Polar Security, in an attempt to address the security of application data in the cloud and help organizations track vulnerable information. In a statement issued this morning, IBM said that the increased cloud adoption driven by the pandemic has strained organizational capacity to track certain aspects of their application frameworks, including certain types of app data, permissions and more. The company said that this has led to “shadow data,”…

Read More

Researchers show ways to abuse Microsoft Teams accounts for lateral movement

With organizations increasingly adopting cloud-based services and applications, especially collaboration tools, attackers have pivoted their attacks as well. Microsoft services consistently rank at the top of statistics when it comes to malicious sign-in attempts, and Microsoft Teams is one application that recently seems to have attracted attackers’ interest. Researchers from security firm Proofpoint investigated how attackers could abuse access to a Teams account and found some interesting attack vectors that could allow hackers to move…

Read More

Entro exits stealth with context-based secrets management

Entro, the Israeli cybersecurity company focused on protection for secrets and programmatic access to cloud services and data, has exited stealth with its first-ever product offering context-based secrets management. The new offering is the first and only holistic secrets security platform that detects, safeguards, and provides context for secrets stored across vaults, source code, collaboration tools, cloud environments, and SaaS platforms, Entro claimed. “Entro implements proactive measures to secure secrets, such as real-time discovery, end-to-end visibility,…

Read More