Data Breaches

Intel boosts VM security, guards against stack attacks in new Xeon release

Intel today announced the rollout of the fourth generation of its Xeon family of server chipsets, detailing several new features under the company’s confidential computing umbrella of security features. Improvements to Intel’s trusted execution environment and a new technique for combatting jump- and return-oriented programming attacks were the most notable upgrades. Xeon’s fourth generation introduces a number of new features across the board, including marked improvements to energy efficiency, AI processing, and edge workload handling,…

Read More

Identity Thieves Bypassed Experian Security to View Credit Reports

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address,…

Read More

If governments are banning TikTok, why is it still on your corporate devices?

TikTok, the viral app resident on millions of devices, was recently banned from executive branch devices in the United States, as set out in in the recent Omnibus Bill signed by President Joe Biden. The Omnibus Bill, as detailed in CSO Online’s overview, highlighted that the “legislation required the Office of Management and Budget in consultation with the administrator of general services, the director of CISA, the director of national intelligence, and the secretary of…

Read More

11 top XDR tools and how to evaluate them

Little in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat detection, possibly even automating aspects of threat mitigation. This need has given rise to extended detection and response (XDR) tools.…

Read More

IOTW: Almost 50,000 UK government workers vulnerable to cyber attacks

A large number of UK government ministers and civil servants have been warned that they are vulnerable to hackers after their personal information was posted online and remained visible for months. The personal information for more than 45,000 civil servants was available until March 2020 via the Government Communication Service (GCS) website. The information included names, email addresses, phone numbers and job titles as well as links to social media profiles including Twitter and LinkedIn.…

Read More

14 UK schools suffer cyberattack, highly confidential documents leaked

More than a dozen schools in the UK have suffered a cyberattack which has led to highly confidential documents being leaked online by cybercriminals. That’s according to a report from the BBC which claimed that children’s SEN information, child passport scans, staff pay scales and contract details have been stolen by notorious cybercrime group Vice Society, known for disproportionately targeting the education sector with ransomware attacks in the UK and other countries. Passport, contract data…

Read More

Twitter’s mushrooming data breach crisis could prove costly

Since Elon Musk purchased Twitter in late October, non-stop turmoil and controversy have dogged the company, from massive staff firings and resignations to reputational damage from Musk’s careless and often bizarre tweets. Now, mushrooming concern around a possible data breach stemming from a now-fixed Twitter flaw is poised to drive the company further down unless Twitter takes quick action. Even as regulators in Europe begin to probe what appears to be a massive Twitter data…

Read More

Attackers create 130K fake accounts to abuse limited-time cloud computing resources

A group of attackers is running a cryptomining operation that leverages the free or trial-based cloud computing resources and platforms offered by several service providers including GitHub,  Heroku, and Togglebox. The operation is highly automated using CI/CD processes and involves the creation of tens of thousands of fake accounts and the use of stolen or fake credit cards to activate time-limited trials. Researchers from Palo Alto Networks’ Unit 42 have dubbed the group Automated Libra…

Read More

IOTW: Almost 50,000 UK government ministers vulnerable to cyber attacks

A large number of UK government ministers and civil servants have been warned that they are vulnerable to hackers after their personal information was posted online and remained visible for months. The personal information for more than 45,000 civil servants was available until March 2020 via the Government Communication Service (GCS) website. The information included names, email addresses, phone numbers and job titles as well as links to social media profiles including Twitter and LinkedIn.…

Read More

NATO tests AI’s ability to protect critical infrastructure against cyberattacks

Autonomous intelligence, artificial intelligence (AI) that can act without human intervention, can help identify critical infrastructure cyberattack patterns and network activity, and detect malware to enable enhanced decision-making about defensive responses. That’s according to the preliminary findings of an international experiment of AI’s ability to secure and defend systems, power grids and other critical assets by cyber experts at the North Atlantic Treaty Organization’s (NATO) Cyber Coalition 2022 event late last year. The simulated experiment…

Read More