Data Breaches

An advanced persistent threat (APT) group named Flea has been carrying out attacks against foreign affairs ministries in North and South America using a new backdoor called Graphican, according to a report by the Symantec Threat Hunter Team. The campaign ran from late 2022 into early 2023. It also targeted a government finance department in a country in the Americas and a corporation that sells products in Central and South America. There was also one…

Read More

Opaque Systems has announced new features in its confidential computing platform to protect the confidentiality of organizational data during large language model (LLM) use. Through new privacy-preserving generative AI and zero-trust data clean rooms (DCRs) optimized for Microsoft Azure confidential computing, Opaque said it also now enables organizations to securely analyze their combined confidential data without sharing or revealing the underlying raw data. Meanwhile, broader support for confidential AI use cases provides safeguards for machine…

Read More

Cyber defense upskilling company RangeForce has announced the release of the Defense Readiness Index (DRI) to enable companies to measure and improve their cybersecurity capabilities. Integrated into RangeForce’s Threat Centric platform and mapped to both the MITRE ATT&CK and D3FEND frameworks, the DRI scores an organization’s readiness to respond to cyberattacks, the firm said in a press release. It also provides cybersecurity upskilling rooted in United States Department of Defense and NATO training to help…

Read More

Apple has shipped patches for the remote code execution (RCE) vulnerabilities in iOS that have already been exploited in the wild under the digital spy campaign, dubbed Operation Triangulation. The campaign used two zero-click iMessage exploits and compromises without any user interactions based on a pair of bugs respectively in the kernel and Webkit. Apple has attributed the discovery of these vulnerabilities to Kaspersky Lab just two weeks after the Russian cybersecurity firm reported discovering…

Read More

Security and threat intelligence company Silobreaker has announced new geopolitical threat intelligence capabilities with RANE (Risk Assistance Network + Exchange). The tie-up will see Silobreaker integrate global risk intelligence company RANE’s enterprise geopolitical intelligence into its own platform, providing cyber threat intelligence teams with real-time information about world events that could heighten the risk of cyberattacks. The integration, announced at Infosecurity Europe 2023 in London, will provide context into highly complex, interconnected events, allowing teams…

Read More

Once upon a time, the boundary that I worried about and considered that I was responsible for stopped at my Active Directory domain and at the firewall that protected it. Then the boundary of my network moved from the computers under my control to the internet and the connected devices and cloud applications that I now have access to and am linked into. We went from where the stakeholders of the firm were resistant to…

Read More

Brute-force credential guessing attacks against database servers are ramping up with MSSQL being at the top of the target list. That’s because attackers can leverage the many extensibility features that Microsoft’s database server provides to integrate with other Windows components and features to elevate their privileges and gain full control of the underlying servers. Last week, researchers from security firm Trustwave released data collected over four months from their global honeypot project, a network of…

Read More

In the early morning of May 3, the City of Dallas, Texas, was hit by a ransomware attack, for which the Royal ransomware gang later took credit. The city’s police, fire rescue, water service payment, and development systems, among others, were significantly hampered by the incident, forcing many departments to revert to handwritten and radio-related communications. In a report dated May 31, released on June 9, the city said that more than 90% of the…

Read More

Data security software provider Baffle has released Baffle Manager 2.0, an interface upgrade to automate enterprise-level data protection for applications, analytics, and AI. The user interface upgrade is aimed at simplifying application-level encryptions, which were difficult and time-consuming with legacy systems, the company said in a press statement. “Baffle Manager 2.0 is a single platform where users can create and manage their data protection policies across the cloud, legacy, and third-party applications and stay on…

Read More