In the latest weekly update, four editors at ISMG discuss important cybersecurity issues, including the lessons we can learn from Okta's breach fallout and subsequent response, how the first NFT rug pull of 2022 has amounted to over $1 million, and the much-anticipated return to in-person events.
Two serious remote-code-execution vulnerabilities have been discovered in VMware's widely used Spring, which is a platform for building online applications. With at least one of the vulnerabilities already being actively exploited, VMware urges immediate patching.
Globant, the Luxembourg-based software development company, on Thursday confirmed that an undisclosed actor - reportedly Lapsus$ - has illegally accessed the company's code repository, containing source code associated with some of its clients.
Sophos says it has provided a fix to a critical RCE bug known to be actively exploited primarily in South Asia. Sophos says no customer action is needed if the "Allow automatic installation of hotfixes" feature is enabled, but versions close to their end of life need manual configuration.
Days after the recent Okta data breach, parts of a security report, allegedly created by Mandiant, were leaked, giving the breach timeline and how the threat group gained access to Okta's environment. Security experts, including an Okta customer, discuss the report, supply chain risks and redress.
The U.S. FCC's Public Safety and Homeland Security Bureau voted unanimously to ban Kaspersky Lab, China Telecom (Americas) Corp., and China Mobile International USA Inc., saying they pose a national security threat. And bug bounty platform HackerOne also suspended Kaspersky.
Life comes at you fast, especially when you're a breached business such as Okta, which may have exposed customer data or otherwise put the businesses paying for your product at risk. Here's how after detecting the breach, Okta fumbled its response, and what others should learn from this experience.
Okta says it should have notified customers of a breach earlier and that Lapsus$ compromised a laptop belonging to Sitel, a third-party customer support firm, via remote desktop protocol, enabling it to infiltrate Okta's network. Cybersecurity experts discuss the impact of the breach and offer mitigation advice.
HubSpot announced it had been the victim of a data breach resulting in the leak of client information for around 30 companies. Cryptocurrency organizations made up the bulk of the potential victims, and those companies are advising account holders to be on the lookout for phishing and other scams.
(ISC)² released results of an online poll about the Log4j vulnerability and the human impact of the efforts to remediate it. CISO Jon France shares findings from the survey, revealing the severity and long-term consequences of the Log4j attack for security teams and the organizations they protect.
If Russia uses hack attacks to support its invasion, would Western governments want to immediately attribute those attacks or disruptions? Enter a Thursday alert from the U.S. government warning that it is "aware of possible threats to U.S. and international satellite communication networks."
On Tuesday, Ireland's Data Protection Commission imposed an $18.6 million penalty on tech firm Meta. That same day, the privacy watchdog was sued by a member of the nonprofit Irish Council for Civil Liberties over its "prolonged inaction" in the Google data breach case.
Russian state-sponsored threat actors are exploiting default MFA protocols, along with PrintNightmare, the Windows Print Spooler vulnerability, to illegally access the network of a nongovernmental organization, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI say.
As the Russia-Ukraine war continues, healthcare sector entities need to be prepared to deal with potential spillover cyber incidents, says Anahi Santiago, CISO of ChristianaCare, the largest healthcare delivery organization in the state of Delaware. She discusses current cyber challenges.
Automotive technology/parts supplier Denso confirmed that it suffered a ransomware attack last week. Investigations are ongoing. The company has not disclosed the ransom demanded or the attacker's name, but dark web monitoring platform DarkTracer says it's the work of the Pandora ransomware group.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.
