Information Management Today

Weekly Update 87

Troy Hunt

MAY 17, 2018

The conference went fantastically well and, in all honesty, was the most enjoyable workshop I think I've done out of ~50 of them these last few years. NDC will be back on the Gold Coast next yet, plus of course it will be in Oslo in a few weeks' time then Sydney in September where we'll both do it all again. This week, we talk a lot about EV certs.

IT

IT Security

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Security Affairs

MARCH 27, 2024

Reported by wgslfuzz on 2024-03-11 “The Stable channel has been updated to 123.0.6312.86/.87 87 for Windows and Mac and 123.0.6312.86 Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024. to Linux which will roll out over the coming days/weeks.

IT

IT Information Security Security

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

The Last Watchdog

JUNE 3, 2022

Findings released this week by ReversingLabs show 87 percent of security and technology professionals view software tampering as a new breach vector of concern, yet only 37 percent say they have a way to detect it across their software supply chain. For a full drill down on our discussion please give the accompanying podcast a listen.

Systems administration

Systems administration Libraries Risk Authentication

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

Security Affairs

APRIL 25, 2021

Unfortunately, experts noticed that more than 90% of the installs are still using flawed firmware versions and have yet to install the security updates (V3.01.21) provided by the vendor. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Passwords

Passwords Authentication Access Security

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. The infamous banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot).

Government

Government Libraries Cybersecurity Phishing

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

Security Affairs

MAY 5, 2021

Users are urged to update to HPE EIM v1.22 All an attacker has to do next is login to the web application with the updated admin password “by sending a request to URL /redfish/v1/SessionService/Sessions,” Tenable explained. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Authentication

Authentication Passwords Systems administration Cloud

87% of organisations have an insufficient cyber security budget

IT Governance

APRIL 8, 2019

Although organisations are devoting more resources to cyber security in order to tackle the growing threat of data breaches, 87% say they don’t have the budget to meet their needs, a new report has found. By making a short-term investment in updating your operations, you could reap the benefits for years to come.

Security

Security Artificial Intelligence Digital transformation Data breaches

Data Breaches and Cyber Attacks in November 2023 – 519,111,354 Records Breached

IT Governance

DECEMBER 5, 2023

For instance, in November, Henry Schein, a healthcare solutions giant, reported an update on its October ransomware attack – specifically, that 35 TB of sensitive data had been stolen (which we convert to 35 million records).* This month, this increased to 87 incidents. It can also be down to the month in question.

Data breaches

Data breaches Ransomware Access Security

Spotlight: as Attacks Mount, how to secure the Industrial Internet

The Security Ledger

DECEMBER 19, 2018

You should also listen to: Podcast Episode 87: Vulnerability Reports Down the Memory Hole in China and the Groups Hacking ICS. How do industrial networks and endpoints get targeted by malicious actors and why are they so vulnerable to software based attacks? It’s going to continue to happen.

IoT

IoT Security Manufacturing Risk

UK: The rise of privacy group action risk

DLA Piper Privacy Matters

DECEMBER 7, 2017

The GDPR makes it simpler for consumers to claim compensation as part of a wider group by providing a statutory right under Article 87 to mandate any claim for damages to a not-for-profit body, organisation or association – providing a legislative basis to permit such bodies to solicit and co-ordinate group actions for damages.

Risk

Risk Privacy GDPR Data breaches

Updates from the MaaS: new threats delivered through NullMixer

Security Affairs

MARCH 27, 2023

The NullMixer operations we dissected (ATK-16) count victims in at least 87 countries. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, NullMixer malware) The post Updates from the MaaS: new threats delivered through NullMixer appeared first on Security Affairs.

Encryption

Encryption Communications IoT Marketing

ARTICLE 29 WORKING PARTY GUIDANCE – DATA BREACH NOTIFICATIONS

DLA Piper Privacy Matters

FEBRUARY 21, 2018

Last week the Article 29 Data Protection Working Party released updated guidelines in relation to personal data breach notifications and automated individual decision-making and profiling under the General Data Protection Regulation. This alert focuses on the key updates to personal data breach guidelines.

Data breaches

Data breaches Personal data GDPR Compliance

Seamless A/B Testing, Deployment Slots and DNS Rollover with Azure Functions and Cloudflare Workers

Troy Hunt

JULY 19, 2018

Admittedly, I'm taking advantage of the free grants that everyone using Functions gets each month (400,000GB/s and 1M executions) but even at 10 times those volumes, I'd still only be looking at $87 to run 40 million queries. for you guys to do 54M searches against a repository of half a billion passwords ??

Passwords

Passwords IT Mining Authentication

Information Management Today

Weekly Update 87

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Webinars

Trending Sources

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

Webinars

10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

CISA alert warns of Emotet attacks on US govt entities

Experts found critical authentication bypass flaw in HPE Edgeline Infrastructure Manager

87% of organisations have an insufficient cyber security budget

Data Breaches and Cyber Attacks in November 2023 – 519,111,354 Records Breached

Spotlight: as Attacks Mount, how to secure the Industrial Internet

UK: The rise of privacy group action risk

Updates from the MaaS: new threats delivered through NullMixer

ARTICLE 29 WORKING PARTY GUIDANCE – DATA BREACH NOTIFICATIONS

Seamless A/B Testing, Deployment Slots and DNS Rollover with Azure Functions and Cloudflare Workers

Stay Connected