News

An analysis of the numerous LDAP queries that Russian cyberespionage group APT29 had made to the Active Directory system has led to the discovery of a vulnerability in Windows’ ‘credential roaming’ functionality. Also referred to as Cozy Bear, the Dukes, and Yttrium, APT29 is a Russian cyberespionage group likely sponsored by the Russian Foreign Intelligence Service (SVR). The group is believed to be responsible for multiple high-profile attacks, including the 2016 targeting of the Democratic…

Read More

Security posture management startup Veriti has emerged from stealth mode with $18.5 million raised in two funding rounds led by Insight Partners and NFX and AMITI. Founded in 2021, the Tel Aviv-based company seeks to help organizations improve their security posture by proactively and continually hunting for and addressing security gaps and misconfigurations across the entire business environment. Veriti says it has designed its Unified Security Posture Management platform based on feedback from CISOs and…

Read More

Canadian meat giant Maple Leaf Foods has confirmed that it is experiencing an outage after falling victim to a cyberattack. Created in 1991 by the merger of Canada Packers and Maple Leaf Mills, the packaged meats company is headquartered in Mississauga, Ontario. Maple Leaf Foods has more than 14,000 employees and has market presence in Canada, the US, and Asia, offering products under several brands, including Maple Leaf, Schneiders, Mina, Greenfield Natural Meat Co., Lightlife,…

Read More

Thirty-nine cybersecurity-related merger and acquisition (M&A) deals were announced in October 2022. An analysis conducted by SecurityWeek showed that more than 230 mergers and acquisitions were announced in the first half of 2022. October 1-15 11:11 Systems acquires Sungard Availability Services’ Recovery Services business  Managed infrastructure solutions provider 11:11 Systems has acquired the Recovery Services business of Sungard Availability Services. Earlier this year, 11:11 announced the acquisition of Sungard’s Cloud and Managed Services business. 11:11…

Read More

The mysticism that has allowed tech firms to make billions of dollars from surveillance is finally clearing, the boss of encrypted messaging app Signal told AFP. Meredith Whittaker, who spent years working for Google before helping to organise a staff walkout in 2018 over working conditions, said tech was “valorised” and “fetishised” when she first began in the industry in 2006. “The idea that technology represented the apex of innovation and progress was fairly pervasive…

Read More

For many, proactively monitoring ESG risks is not only the right thing to do – it’s the right business strategy. More than ever investors, consumers and partners are using ESG factors to determine who they do business with.  In this session, Mastercard’s Johan Gerber, EVP, Cyber and Security Products, discusses: ● New industry findings on how organizations are navigating this new landscape ● The strategies and tools needed to mitigate ESG risk on a business’s supply chain and…

Read More

The International Committee of the Red Cross said Thursday it is seeking support to create a “digital red cross/red crescent emblem” that would make clear to military and other hackers that they have entered the computer systems of medical facilities or Red Cross offices. The Geneva-based humanitarian organization said it was calling on governments, Red Cross and Red Crescent societies, and IT experts to join forces in developing “concrete ways to protect medical and humanitarian…

Read More

Fortinet on Tuesday informed customers about 16 vulnerabilities discovered in the company’s products, including six flaws that have been assigned a ‘high’ severity rating. One of the high-severity issues affects FortiTester and it allows an authenticated attacker to execute commands via specially crafted arguments to existing commands. FortiSIEM is affected by a vulnerability that allows a local attacker with command-line access to perform operations on the Glassfish server directly via a hardcoded password. The remaining…

Read More

A missing authentication check vulnerability in Azure Cosmos DB could have allowed an attacker to execute arbitrary code remotely, Orca Security warns. Azure Cosmos DB is a NoSQL database used on e-commerce platforms to store catalog data, and in order processing pipelines for event sourcing. The security defect was identified in Azure Cosmos DB Jupyter notebooks, an open-source interactive developer environment (IDE) that allows developers to share documents, live code, visualizations, and more. Built into…

Read More

Twitter’s unending fight against spam accounts is now a problem for new owner Elon Musk, who pledged in April to defeat the bot scourge or “die trying!” He later cited bots as a reason to back out of buying the social platform. Now that the billionaire has completed the deal, he’s faced with the task of delivering on his promise to clean up the fake profiles that have preoccupied him and bedeviled Twitter since long…

Read More