Information Management Today

Weekly Update 140

Troy Hunt

MAY 25, 2019

I'm a day and a half behind with this week's update again - sorry! Next week's update will be with Scott Helme again so if there's anything in particular you'd like to hear from him (us), drop me a note on it. I spend quite a bit of time this week talking about that, I'm curious to hear other people's thoughts on it too.

Passwords

Passwords IT

‘Absolute joke’: customers’ personal data exposed amid Pandemonium Rocks festival refund stoush

The Guardian Data Protection

APRIL 23, 2024

But when Gilroy hit the send button on her partial refund application, which would have recouped $140 of her outlay of $516 for two tickets, her anger turned to disbelief.

Personal data

Personal data Data breaches Privacy

CISA recommends immediately patch Exchange ProxyShell flaws

Security Affairs

AUGUST 23, 2021

CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s Security Update from May 2021 —which remediates all three ProxyShell vulnerabilities—to protect against these attacks.” HuntressLabs has seen 140+ webshells across 1900+ unpatched boxes in 48hrs.

Cybersecurity

Cybersecurity Ransomware Security Access

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Organizations paid at least $602 million to ransomware gangs in 2021

Security Affairs

FEBRUARY 13, 2022

“Sure enough, we updated our ransomware numbers a few times throughout 2021, reflecting new payments we hadn’t identified previously.” ” “There is a slight time lag in ransomware data, so we expect when these numbers get updated in a few months, 2021 will have higher numbers than 2020.” added the company. .

Ransomware

Ransomware Blockchain Cybersecurity IT

Microsoft Issues ProxyShell Advisory After Attacks Begin

eSecurity Planet

AUGUST 26, 2021

In its own advisory, Microsoft this week urged organizations running Exchange servers to install patches issued in security updates in May and July , which protect against the vulnerabilities. Further reading: Top Patch Management Tools. Microsoft Faces Criticism for Response. … These vulnerabilities are worse than ProxyLogon.”.

Cybersecurity

Cybersecurity Ransomware Manufacturing Security

Expert discovered a Critical Remote Code Execution flaw in Apache Struts (CVE-2018-11776)

Security Affairs

AUGUST 22, 2018

Maintainers of the Apache Struts 2 open source development framework has released security updates to address a critical remote code execution vulnerability. Security updates released this week for the Apache Struts 2 open source development framework addressed a critical RCE tracked as CVE-2018-11776. through 2.3.34, Struts 2.5

Security

Security IT

Leaky Buckets in a Multi-Cloud World

Thales Cloud Protection & Licensing

APRIL 16, 2018

Servers both on-premises and operating on Amazon EC2 can gain the security benefits of the FIPS 140-2 certified Vormetric Transparent Encryption solution as well as the cost-effectiveness of S3 storage. We’ve also made significant updates to other products in our portfolio including VTE supporting Microsoft Azure Files, and Amazon Linux.

Cloud

Cloud Encryption Big data Compliance

Portnox Cloud: NAC Product Review

eSecurity Planet

APRIL 19, 2023

For example, encryption keys, administrator passwords, and other critical information are stored in the Azure Key Vault in FIPS 140-2 Level 2-validated hardware security modules (HSMs). per device per year for each additional 30 (RADIUS+) to 45 (ZTNA) days.

Cloud

Cloud Authentication IoT Access

Microsoft Fights Off Another Record DDoS Attack as Incidents Soar

eSecurity Planet

JANUARY 28, 2022

That attack was 140 percent larger than a 1 Tbps attack in 2020 and larger than any similar event ever detected on the Azure public cloud, they said. Ransomware attacks can be avoided by simply following best practices around information security, backups , and updates, but DDoS can occur despite doing everything correctly,” Rosen said.

IoT

IoT Cloud Cybersecurity Ransomware

Guarding Against Solorigate TTPs

eSecurity Planet

FEBRUARY 3, 2021

A March 2020 software update of the SolarWinds Orion management platform gave malicious actors unhindered access to key government and enterprise networks. This update touches on the newly detected malware , attack vectors to guard against, and why the targeting of security vendors is a critical development in cybersecurity.

Cybersecurity

Cybersecurity Access Authentication Cloud

The Week in Cyber Security and Data Privacy: 19 – 25 February 2024

IT Governance

FEBRUARY 27, 2024

We also found 4 organisations providing a significant update on a previously disclosed incident. We also found 4 organisations providing a significant update on a previously disclosed incident. million individuals in its systems. The incident was caused by the MOVEit Transfer vulnerability. None definitely haven’t had data breached.

Data Privacy

Data Privacy Manufacturing Privacy Data breaches

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

IT Governance

FEBRUARY 6, 2024

38,846,799 known records breached in 140 publicly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. Publicly disclosed data breaches and cyber attacks: full list This week, we found 38,846,799 records known to be compromised, and 140 organisations suffering a newly disclosed incident.

Data Privacy

Data Privacy Privacy Insurance Security

Predictions 2016: How’d I Do?

John Battelle's Searchblog

DECEMBER 29, 2016

Voice search volume did indeed explode in 2016, but we’ll have to wait for Mary Meeker’s mid year update to know by exactly how much. I wasn’t sure this was going to happen, but just this month, Medium released its growth numbers – up 140% year on year, to 60 million users. 8 – Apple endures a boring year.

IoT

IoT Blockchain Marketing IT

Have I Been Pwned Domain Searches: The Big 5 Announcements!

Troy Hunt

JUNE 15, 2023

For example, one particular domain was searched 140 times after a breach was loaded in April, followed by another 40 times immediately after a breach the following month: Clearly, this is just unnecessary. Each and every time. All sorts of commercial organisations running businesses and using data sourced from HIBP to help them do so.

IT

IT Cloud Mining Metadata

SolarWinds Attackers Targeting Resellers, Service Providers: Microsoft

eSecurity Planet

OCTOBER 26, 2021

Microsoft first detected the latest campaign in May, and has since notified more than 140 resellers and tech service providers that Nobelium has targeted. With SolarWinds , the group was able to insert malicious code into the company’s Orion software updates. Russia Seeking Access to Tech Assets.

Cybersecurity

Cybersecurity Cloud Access Phishing

Information Management Today

Weekly Update 140

‘Absolute joke’: customers’ personal data exposed amid Pandemonium Rocks festival refund stoush

Webinars

Trending Sources

CISA recommends immediately patch Exchange ProxyShell flaws

Webinars

Organizations paid at least $602 million to ransomware gangs in 2021

Microsoft Issues ProxyShell Advisory After Attacks Begin

Expert discovered a Critical Remote Code Execution flaw in Apache Struts (CVE-2018-11776)

Leaky Buckets in a Multi-Cloud World

Portnox Cloud: NAC Product Review

Microsoft Fights Off Another Record DDoS Attack as Incidents Soar

Guarding Against Solorigate TTPs

The Week in Cyber Security and Data Privacy: 19 – 25 February 2024

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

Predictions 2016: How’d I Do?

Have I Been Pwned Domain Searches: The Big 5 Announcements!

SolarWinds Attackers Targeting Resellers, Service Providers: Microsoft

Stay Connected