Security - Information Management Today

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures. These penalties apply to all aspects of GDPR compliance, including inadequate data security, improper consent, and data breach failures.

GDPR

GDPR Security Compliance Data Privacy

39M secrets exposed: GitHub rolls out new security tools

Security Affairs

APRIL 3, 2025

39 Million Secrets Leaked on GitHub in 2024 GitHub found 39M secrets leaked in 2024 and launched new tools to help developers and organizations secure sensitive data in code. “Still, secret leaks remain one of the most commonand preventablecauses of security incidents. Secret Protection is free for public repositories.

Security

Security Risk Cloud Passwords

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Raising security baselines across industries is essential, with risk mitigationnot acceptancebecoming the standard. Salzman Shirley Slazman , CEO, SeeMetrics In 2025, organizations will recognize that adding more tools doesnt equate to better security. Attackers arent hacking in theyre logging in.

Security

Security Phishing IoT Risk

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Artificial intelligence (AI) as an Enabler for Enhanced Data Security

Security Affairs

FEBRUARY 11, 2025

Artificial intelligence enhances data security by identifying risks and protecting sensitive cloud data, helping organizations stay ahead of evolving threats. With over 90% of enterprises storing at least some of their data in the cloud, AIs ability to enhance security across complex, distributed environments is more vital than ever.

Artificial Intelligence

Artificial Intelligence Security Unstructured data Cloud

Assess and Advance Your Organization’s DevSecOps Practices

Advertiser: Datadog

Organizations must advance their DevSecOps practices to deliver high quality, secure digital services to market quickly and efficiently. In order to do that, leaders must ask themselves three key questions: What is our current level of DevSecOps maturity? Where is our desired level of DevSecOps maturity? How do we get there?

Security

Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools

Security Affairs

MARCH 24, 2025

Medusa ransomware uses a malicious Windows driver ABYSSWORKER to disable security tools, making detection and mitigation more difficult. Elastic Security Labs tracked a financially driven MEDUSA ransomware campaign using a HEARTCRYPT-packed loader and a revoked certificate-signed driver, ABYSSWORKER, to disable EDR tools.

Ransomware

Ransomware Security IT Access

Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites

Security Affairs

NOVEMBER 17, 2024

A Really Simple Security plugin flaw affects 4M+ sites, allowing attackers full admin access. Wordfence researchers warn of a vulnerability, tracked as CVE-2024-10924 (CVSS Score of 9.8), in the Really Simple Security plugin that affects 4M+ sites. It’s one of the most critical WordPress vulnerabilities ever.

Security

Security Authentication Access IT

Top US Election Security Watchdog Forced to Stop Election Security Work

WIRED Threat Level

FEBRUARY 14, 2025

The US Cybersecurity and Infrastructure Security Agency has frozen efforts to aid states in securing elections, according to an internal memo viewed by WIRED.

Security

Security Cybersecurity

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security. Warn “Small businesses face a unique set of cybersecurity challenges and threats and must be especially proactive with cybersecurity training,” said Dara Warn, CEO of INE Security. “At Cary, NC, Oct.

Security

Security Data breaches Passwords Cybersecurity

7 Questions Every App Team Should Ask

You’ll learn: The seven requirements to include in your analytics evaluation How enhancing your analytics can boost user satisfaction and revenue What sophisticated capabilities to consider, including predictive analytics, adaptive security and integrated workflows Download the white paper to learn about the seven questions every application team should (..)

Analytics

China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March

Security Affairs

APRIL 3, 2025

Ivanti addressed a critical remote code execution flaw in Connect Secure, which has been exploited since at least mid-March 2025. Ivanti released security updates to address a critical Connect Secure remote code execution vulnerability tracked as CVE-2025-22457. The flaw impacts Ivanti Connect Secure (version 22.7R2.5

Security

Security Cybersecurity IT Information Security

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Security Affairs

FEBRUARY 27, 2025

Belgian authorities are investigating Chinese hackers for breaching its State Security Service (VSSE), stealing 10% of emails from 2021 to May 2023. The Belgian federal prosecutor’s office is probing a possible security breach on its State Security Service (VSSE) by China-linked threat actors. ” reported Reuters.

Security

Security Access Government Cybersecurity

Why DSPM is Essential for Achieving Data Privacy in 2024

Security Affairs

OCTOBER 23, 2024

Data Security Posture Management (DSPM) helps organizations address evolving data security and privacy requirements by protecting and managing sensitive information. To add to the difficulty, the advent of Generative AI (GenAI) has brought unprecedented security and privacy risks. What is Data Security Posture Management?

Data Privacy

Data Privacy Privacy GDPR Compliance

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 30

Security Affairs

JANUARY 26, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Artificial Intelligence

Artificial Intelligence Security Ransomware Communications

Optimizing The Modern Developer Experience with Coder

Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity.

Cloud

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 33

Security Affairs

FEBRUARY 16, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Security

Security Data breaches Encryption Ransomware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 34

Security Affairs

FEBRUARY 23, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. You’ve Got Malware: FINALDRAFT Hides in Your Drafts Telegram Abused as C2 Channel for New Golang Backdoor Infostealing Malware Infections in the U.S.

Security

Security Military Ransomware Cybersecurity

Security Affairs newsletter Round 512 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 23, 2025

Every week the best security articles from Security Affairs are free in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lazarus APT stole $1.5B

Security

Security CMS Phishing Encryption

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Security Affairs

APRIL 16, 2025

” In September, security researchers from G DATA discovered more than two dozen Android mobile phones from different manufacturers already infected by pre-installed malware. ” concludes the report that includes indicators of compromise (IoCs).

Manufacturing

Manufacturing Passwords Security IT

The Essential Guide to Analytic Applications

We interviewed 16 experts across business intelligence, UI/UX, security and more to find out what it takes to build an application with analytics at its core. Embedding dashboards, reports and analytics in your application presents unique opportunities and poses unique challenges.

Analytics

The Official DOGE Website Launch Was a Security Mess

WIRED Threat Level

FEBRUARY 15, 2025

Plus: Researchers find RedNote lacks basic security measures, surveillance ramps up around the US-Mexico border, and the UK ordering Apple to create an encryption backdoor comes under fire.

Security

Security Encryption Privacy

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Security Affairs

NOVEMBER 12, 2024

Apple iOS supports a new feature that reboots locked devices after extended inactivity, aiming to enhance data security for users. Apple ‘quietly’ implemented a new security feature that automatically reboots a locked device if it has not been used for several days. at the end of October. reported 404 Media.

Encryption

Encryption Passwords Security Communications

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Security Affairs

OCTOBER 28, 2024

A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. Each company brings its own security (or lack thereof) into the game, so your overall security status is essentially the average of yours, plus anyone else’s to whom you’re connected (i.e.,

B2B

B2B Cybersecurity Risk Access

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Security Affairs

OCTOBER 31, 2024

Faced with this situation, we immediately deployed additional security measures to protect the operations and information of our clients.” We want to reassure you that Interbank guarantees the security of your deposits and all your financial products.” ” reads the statement published by the company.

Data breaches

Data breaches Financial Services Passwords Security

Zero Trust Mandate: The Realities, Requirements and Roadmap

You’ll hear where peer organizations are currently with their Zero Trust initiatives, how they are securing funding, and the realities of the timelines imposed. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc.,

Cybersecurity

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

DECEMBER 5, 2024

Security Operations Center (SOC) analyst burnout is a very real problem. The two key problems are: Alert Overload Modern security environments generate an extraordinary number of alerts. These are some of the most important cybersecurity professionals out there, and many of them are being worked to exhaustion.

Cybersecurity

Cybersecurity Artificial Intelligence Risk Data collection

South African telecom provider Cell C disclosed a data breach following a cyberattack

Security Affairs

APRIL 13, 2025

” Cell C has taken swift action to contain a recent cyberattack, secure its systems, and limit the impact. In 2023, Loretto Hospital experienced another data security incident. On January 19, 2023, a former employee misappropriated security camera footage of a limited number of patients and posted it on Facebook.

Data breaches

Data breaches Unstructured data Ransomware Cybersecurity

From Risk Assessment to Action: Improving Your DLP Response

Security Affairs

OCTOBER 25, 2024

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. They typically include an evaluation of data handling practices, security policies, and DLP solutions to identify and remediate any vulnerabilities that could result in a data breach.

Risk

Risk Cybersecurity Cloud Compliance

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

JANUARY 15, 2025

“Threat actor dubbedCodefingeruses compromised AWS keys to encrypt S3 bucket data via SSE-C, leveraging AWSs secure encryption infrastructure in a way that prevents recovery without their generated key.” We encourage all customers to follow security, identity, and compliance best practices.

Encryption

Encryption Ransomware Authentication Cloud

Embedded Analytics Insights for 2024

From data security to generative AI, read the report to learn what developers care about including: Why organizations choose to build or buy analytics How prepared organizations are in 2024 to use predictive analytics & generative AI Leading market factors driving embedded analytics decision-making

Analytics

Google fixed the first actively exploited Chrome zero-day since the start of the year

Security Affairs

MARCH 26, 2025

Google has released out-of-band fixes to address a high-severity security vulnerability, tracked as CVE-2025-2783 , in Chrome browser for Windows. Mojo is Googles IPC library for Chromium-based browsers, managing sandboxed processes for secure communication. The flaw was actively exploited in attacks targeting organizations in Russia.

Libraries

Libraries Communications Security IT

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Security Affairs

NOVEMBER 8, 2024

.” Palo Alto Networks recommends reviewing best practices for securing management access to its devices. Cybersecurity and Infrastructure Security Agency (CISA) added a Palo Alto Expedition Missing Authentication Vulnerability, tracked as CVE-2024-5910 , to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication

Authentication Cybersecurity Access Communications

Homeland Security Email Tells a US Citizen to 'Immediately' Self-Deport

WIRED Threat Level

APRIL 12, 2025

An email sent by the Department of Homeland Security instructs people in the US on a temporary legal status to leave the country. But who the email actually applies toand who actually received itis far from clear.

Security

Oracle privately notifies Cloud data breach to customers

Security Affairs

APRIL 6, 2025

Oracle confirms a cloud data breach, quietly informing customers while downplaying the impact of the security breach. The incident has raised serious concerns about the security of Oracles cloud infrastructure and the potential implications for affected customers. Oracle Classic has the security incident. ” Beaumont wrote.

Data breaches

Data breaches Cloud Encryption Communications

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

Read this whitepaper to learn: How this “no data copy” approach dramatically streamlines data workflows while reducing security and governance overhead. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

Cloud

ASUS routers with AiCloud vulnerable to auth bypass exploit

Security Affairs

APRIL 18, 2025

” reads the ASUS Product Security Advisory. ” The Taiwanese multinational company recommends users to regularly check their devices and security settings to stay protected. ” concludes the security advisory. Asus also urges users to update the routers firmware via the ASUS support page when available.

Authentication

Authentication Passwords Access Security

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 7, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog. CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. The researcher Brian Hysell reported the flaw to the security vendor.

IT

IT Authentication Cybersecurity Risk

Update your iPhone now to patch a CarPlay glitch and two serious security flaws

Collaboration 2.0

APRIL 17, 2025

update fixes a bug with wireless CarPlay and resolves two security holes already exploited in targeted attacks. Apple's iOS 18.4.1

Security

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Veeam Backup and Replication vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8)

IT

IT Ransomware Authentication Cybersecurity

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Stakeholder Engagement 👥 Learn strategies to secure buy-in from sales, marketing, and executives. Prototyping & UX 🛠 Get step-by-step guidance on building prototypes and designing user interfaces that maximize LLM usability.

Sales

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

” Immediately, the company launched an investigation, which is still ongoing, into the alleged security incident. ” reads the Reports of Security Incident published by the company. The networking giant doesn’t believe that its infrastructure was not compromised. for customers to use as needed.

Data breaches

Data breaches Access Cloud Security

Amazon discloses employee data breach after May 2023 MOVEit attacks

Security Affairs

NOVEMBER 11, 2024

Exposed data did not include Social Security numbers or financial information. Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon.

Data breaches

Data breaches Ransomware Cybersecurity Security

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

Security Affairs

NOVEMBER 16, 2024

Palo Alto Networks recommended reviewing best practices for securing management access to its devices. Restricting management interface access to specific IPs significantly reduces exploitation risk, requiring privileged access first. In this scenario, the CVSS score drops to 7.5 This week, the U.S.

Cybersecurity

Cybersecurity Access Communications Security

OnePoint Patient Care data breach impacted 795916 individuals

Security Affairs

OCTOBER 25, 2024

OPPC reported to the US Department of Health and Human Services that the security incident impacted 795916 individuals. The company started its incident response procedure to contain the incident with the help of a forensic security firm. ” reads the notice of Data Security Incident published by the company on its website.

Data breaches

Data breaches Ransomware Security IT

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Increased GDPR Enforcement Highlights the Need for Data Security

39M secrets exposed: GitHub rolls out new security tools

Webinars

Trending Sources

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Webinars

Artificial intelligence (AI) as an Enabler for Enhanced Data Security

Assess and Advance Your Organization’s DevSecOps Practices

Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools

Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites

Top US Election Security Watchdog Forced to Stop Election Security Work

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

7 Questions Every App Team Should Ask

China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Why DSPM is Essential for Achieving Data Privacy in 2024

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 30

Optimizing The Modern Developer Experience with Coder

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 33

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 34

Security Affairs newsletter Round 512 by Pierluigi Paganini – INTERNATIONAL EDITION

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

The Essential Guide to Analytic Applications

The Official DOGE Website Launch Was a Security Mess

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Zero Trust Mandate: The Realities, Requirements and Roadmap

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

South African telecom provider Cell C disclosed a data breach following a cyberattack

From Risk Assessment to Action: Improving Your DLP Response

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Embedded Analytics Insights for 2024

Google fixed the first actively exploited Chrome zero-day since the start of the year

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Homeland Security Email Tells a US Citizen to 'Immediately' Self-Deport

Oracle privately notifies Cloud data breach to customers

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

ASUS routers with AiCloud vulnerable to auth bypass exploit

U.S. CISA adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog

Update your iPhone now to patch a CarPlay glitch and two serious security flaws

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Launching LLM-Based Products: From Concept to Cash in 90 Days

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Amazon discloses employee data breach after May 2023 MOVEit attacks

Palo Alto Networks confirmed active exploitation of recently disclosed zero-day

OnePoint Patient Care data breach impacted 795916 individuals

Make Payment Optimization a Part of Your Core Payment Strategy

Stay Connected