For the third time since the discovery of the MOVEit Transfer application zero-day vulnerability, Progress Software has revealed a new critical SQL injection vulnerability that allows remote attackers to bypass authentication and execute arbitrary code.
The personal information of nearly 35 million Indonesian passport holders is up for sale on the dark web for $10,000 by notorious hacktivist Bjorka, who routinely criticizes the Indonesian government, publishing damaging information about lawmakers on social media. The government is investigating.
Granting third parties access to sensitive data introduces inherent risks that organizations must address effectively. So how does an organization best manage that third-party risk while balancing an organization's inherent need for usability?.
Watch this 30-minute webinar to explore some of the headline-grabbing incidents that illustrate the rapidly increasing problem of data loss and insider threats. You’ll gain valuable insights into best practices for managing insider threats and risks to your organization.
Ransomware continues to be the biggest threat to the European healthcare sector, but the region also is experiencing an uptick in distributed denial-of-service attacks tied to hacktivist groups, the European Union Agency for Cybersecurity warned.
This week, Charming Kitten targeted nuclear experts; over 130,000 solar energy monitoring systems are exposed; organizations confirmed a breach due to the MOVEit zero-day; Russian hackers took over a Ukrainian government agency's Facebook page; and a WordPress plug-in gave admin privileges to users.
A ransomware attack in May that and compromised the sensitive information of 319,500 individuals, including addiction treatment center patient data, has so far generated three proposed federal class action lawsuits against the Pennsylvania real estate firm that owns the medical group.
Legacy DLP is broken due to excess complexity, extended time to value and misalignment with security and business goals, said Next's Chris Denbigh-White. Addressing insider threats in a meaningful way is one of the biggest data protection challenges for organizations, he said.
A growing number of security teams are looking to consolidate tools to simplify operations, said Gartner analyst Dionisio Zumerle. "When you have the complexity, it's very hard to identify misconfigurations between the different overlapping tools, and it's also hard to identify security gaps."
Hackers use generative AI to churn out code that exploits vulnerabilities, while defenders use it to get more context around flaws discovered in their ecosystem, said CEO Amit Yoran. Tenable uses generative AI to spot and prioritize all the instances of MOVEit in a customer's environment.
Organizations need to adopt a creative approach when building policies around the legal, commercial and reputational risks raised by generative AI tools - such as with privacy, consumer protection and contractual obligations, said legal expert Anna King of Markel.
Ransomware believed to originate from the Russian LockBit 3.0 group locked up computer systems for the Port of Nagoya, Japan's largest cargo hub. The attack held up shipments of Toyota auto parts containers for two days, but the port reopened Thursday morning.
Buying both the networking and security pieces of SASE from a single vendor will be the predominant long-term approach, given the benefits of tight integration, said Cato Networks CEO Shlomo Kramer. Some three-fourths of Cato clients today get both SD-WAN and security service edge from the company.
Experts believe China's revised Counter-Espionage Law gives the Chinese Communist Party the power to retaliate against Western financial and technological sanctions and also control rising discontent among Chinese citizens. The law went into effect on Saturday.