Information Management Today

Weekly Update 73

Troy Hunt

FEBRUARY 9, 2018

All that and more in this week's update. I'm not entirely sure how I've gotten to the end of the week feeling completely wrung out whilst having only written the one thing, but here we are. In fairness though, I've put a heap of work into Pwned Passwords version 2 and finally completed the data set. References.

Passwords

Passwords Authentication Access IT

VulnRecap 2/19/2024: News from Microsoft, Zoom, SolarWinds

eSecurity Planet

FEBRUARY 19, 2024

While this week was a little light on vulnerability news, it’s still been significant, with Microsoft’s Patch Tuesday happening as well as updates for major products, like Zoom. Your IT teams should regularly check your vendors’ security bulletins for any vulnerability news or updates.

Ransomware

Ransomware Cybersecurity Access Passwords

Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after the release of PoC exploit

Security Affairs

FEBRUARY 23, 2023

Last week, Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. An external control of file name or path vulnerability [CWE-73]in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.” The CVE-2022-39952 flaw (CVSS score of 9.8)

Honeypots

Honeypots File names Cybersecurity Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Thinking of a Cybersecurity Career? Read This

Krebs on Security

JULY 24, 2020

” Fully 85 percent ranked networking as a critical or “very important” skill, followed by a mastery of the Linux operating system (77 percent), Windows (73 percent), common exploitation techniques (73 percent), computer architectures and virtualization (67 percent) and data and cryptography (58 percent).

Cybersecurity

Cybersecurity Security IT Communications

New Study: 2018 State of Embedded Analytics Report

Why do some embedded analytics projects succeed while others fail? We surveyed 500+ application teams embedding analytics to find out which analytics features actually move the needle. Read the 6th annual State of Embedded Analytics Report to discover new best practices. Brought to you by Logi Analytics.

Analytics

PoC exploit code for critical Fortinet FortiNAC bug released online

Security Affairs

FEBRUARY 21, 2023

Last week, Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. An external control of file name or path vulnerability [CWE-73]in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.” The CVE-2022-39952 flaw (CVSS score of 9.8)

File names

File names Archiving Access Cybersecurity

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

We also found 6 organisations providing a significant update on a previously disclosed incident. Source Update Finance USA Yes 4,673 North Hill (North Hill Communities, Inc., ALPHV/BlackCat ransomware gang adds 2.7 Data breached: 2.7 204 of them are known to have had data exfiltrated, exposed or otherwise breached.

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

Microsoft Patch Tuesday for January 2021 fixes 83 flaws, including an actively exploited issue

Security Affairs

JANUARY 13, 2021

Microsoft Patch Tuesday security updates for January 2021 address 83 vulnerabilities, including a critical flaw actively exploited in the wild. 10 of these flaws are rated as Critical and 73 are rated as Important in severity. 10 of these flaws are rated as Critical and 73 are rated as Important in severity. ” states ZDI.

Authentication

Authentication Security IT Information Security

Data Breaches and Cyber Attacks in November 2023 – 519,111,354 Records Breached

IT Governance

DECEMBER 5, 2023

For instance, in November, Henry Schein, a healthcare solutions giant, reported an update on its October ransomware attack – specifically, that 35 TB of sensitive data had been stolen (which we convert to 35 million records).* However, that accounted for 376,812,001 records known to be breached, or 73% of the total.

Data breaches

Data breaches Ransomware Access Security

Weekly podcast: ICO GDPR campaign, Gwent Police, Binance and MediaGet

IT Governance

MARCH 16, 2018

Nearly 500,000 instances were recorded, the majority of which (73%) were in Russia. According to Microsoft , the outbreak was caused by what it calls an “update poisoning campaign” affecting the BitTorrent client MediaGet, which is “often used by people looking to download programs or media from websites with dubious reputation”.

GDPR

GDPR Compliance Data breaches Phishing

Global Data Breaches and Cyber Attacks in December 2023 – 2,241,916,765 Records Breached

IT Governance

JANUARY 5, 2024

Data exfiltration In 73% of incidents this month, we know that data has also been exfiltrated – another increase on last month’s 54%. We will update this if more information on the Europol action is released. An additional 25% may have had data breached – not too different from last month’s 24%.

Data breaches

Data breaches Insurance Manufacturing Ransomware

Weekly podcast: Dixons Carphone, Fashion Nexus, Yale and Alaska

IT Governance

AUGUST 3, 2018

We are continuing to keep the relevant authorities updated.”. They re-enlisted typewriters from closets, and wrote by hand receipts and lists of library book patrons and landfill fees at some of the 73 different buildings.”. Hello and welcome to the IT Governance podcast for Friday, 3 August. Well, that’ll do for this week.

Data breaches

Data breaches GDPR Passwords Government

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Elie

DECEMBER 2, 2017

We hope the Deutsche Telekom event acts as a wake-up call and push toward making IoT auto-update mandatory. IoT device auto-updates should be mandatory to curb bad actors’ ability to create massive IoT botnets on the back of unpatched IoT devices. We know little about that attack as OVH did not participate in our joint study.

IoT

IoT Passwords e-Discovery IT

Information Management Today

Weekly Update 73

VulnRecap 2/19/2024: News from Microsoft, Zoom, SolarWinds

Webinars

Trending Sources

Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after the release of PoC exploit

Webinars

Thinking of a Cybersecurity Career? Read This

New Study: 2018 State of Embedded Analytics Report

PoC exploit code for critical Fortinet FortiNAC bug released online

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

Microsoft Patch Tuesday for January 2021 fixes 83 flaws, including an actively exploited issue

Data Breaches and Cyber Attacks in November 2023 – 519,111,354 Records Breached

Weekly podcast: ICO GDPR campaign, Gwent Police, Binance and MediaGet

Global Data Breaches and Cyber Attacks in December 2023 – 2,241,916,765 Records Breached

Weekly podcast: Dixons Carphone, Fashion Nexus, Yale and Alaska

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Stay Connected