Data Breaches

Are robots too insecure for lethal use by law enforcement?

In late November, the San Francisco Board of Supervisors voted 8-3 to give the police the option to launch potentially lethal, remote-controlled robots in emergencies, creating an international outcry over law enforcement use of “killer robots.” The San Francisco Police Department (SFPD), which was behind the proposal, said they would deploy robots equipped with explosive charges “to contact, incapacitate, or disorient violent, armed, or dangerous suspects” only when lives are at stake. Missing from the…

Read More

14 lessons CISOs learned in 2022

We’re about to finish yet another erratic year, in which Elon Musk bought Twitter, Russia invaded Ukraine, and many workers returned to their offices. We also saw, for the first time, a security chief sentenced to prison for concealing a data breach. These events and many more have changed the business landscape and forced CISOs to steer a course through uncertain waters. “With the shifts in the cybersecurity landscape, 2022 has been a milestone year…

Read More

The biggest data breaches and leaks of 2022

More than 4,100 publicly disclosed data breaches occurred in 2022 equating to approximately 22 billion records being exposed. Cyber security publication Security Magazine reported that the figures for 2022 are expected to exceed this figure by as much as five percent. In this article, we reveal which data breaches and leaks and the phishing, malware and cyber attacks ranked among our top ten most-read cyber security news stories of 2022. Read on to hear about…

Read More

Uptycs launches agentless cloud workload scanning

CNAPP (cloud native application protection platform) and XDR (extended detection and response ) provider Uptycs announced Friday that it has added agentless scanning to its existing cloud workload protection platform, which it said will open up a range of new use cases and attract new potential customers. The company said that its agentless workload scanning system will be fully interoperable with its agent-based Uptycs sensors, providing security metadata in the same format and letting users…

Read More

JSON-based SQL injection attacks trigger need to update web application firewalls

Security researchers have developed a generic technique for SQL injection that bypasses multiple web application firewalls (WAFs). At the core of the issue was WAF vendors failing to add support for JSON inside SQL statements, allowing potential attackers to easily hide their malicious payloads. The bypass technique, discovered by researchers from Claroty’s Team82, was confirmed to work against WAFs from Palo Alto Networks, Amazon Web Services (AWS), Cloudflare, F5, and Imperva. These vendors have released…

Read More

IOTW: Metallica encourages fans to seek and destroy crypto scams

Metal band Metallica has warned fans of scammers posing as them and offering fake cryptocurrency giveaways ahead of the launch of their album, 72 Seasons. ⚠️ pic.twitter.com/KmlofVdiBM — Metallica (@Metallica) December 6, 2022 In a tweet, the band warned fans that any websites, YouTube channels and livestreams claiming to offer Metallica cryptocurrency were fake. To avoid getting scammed, the band urged fans to “always look for official verification before believing something wild and crazy to…

Read More

Microsoft’s rough 2022 security year in review

We soon close out the security year of 2022. Only time will tell what 2023 will bring, but for IT and security admins of Microsoft networks, 2022 has been the year of blended attacks, on-premises Exchange Server flaws, and vulnerabilities needing more than patching to mitigate. Here’s a month-by-month look at the past year. January: A bad start for on-premises Microsoft Exchange Server vulnerabilities It seems fitting that 2022 began with the release of the…

Read More

Apple finally adds encryption to iCloud backups

Apple today introduced several new security features focused on fending off threats to user data in the cloud, including end-to-end encryption for backups for iCloud users. Along with end-to-end encryption for iCloud, Apple’s cloud storage and computing platform, the company announced iMessage Contact Key Verification, allowing users to verify they are communicating only with whom they intend. Apple Apple also announced hardware Security Keys for Apple ID, giving users the choice to require two-factor authentication to sign…

Read More

US Congress rolls back proposal to restrict use of Chinese chips

The US Congress is rolling back proposed legislation that would place restrictions on the use of Chinese-made chips by the government and its contractors, after  companies argued that the measures would raise costs. While the draft legislation still provides for restrictions to be enacted, contractors now have five years to comply with them, rather than the two years stipulated in an earlier version of the proposal, and the language of the new draft leaves room…

Read More

New Zealand government compromised in third-party cyber attack

An IT managed service provider that supports a range of organizations across New Zealand including several within its government has suffered a cyber attack, compromising access to its data and systems. Those affected by the cyber security incident includes some providers contracted to Te Whatu Ora – Health New Zealand, although health service delivery has not been affected.  The Ministry of Justice was also affected by the third-party data breach and confirmed the cyber attack…

Read More