Information Management Today

Weekly Update 88

Troy Hunt

MAY 25, 2018

I've been in Sydney this week talking at one of our big banks and as I say in this week's update, getting out there amongst companies dealing with their unique cyber challenges is always interesting: #cyber pic.twitter.com/CIMDhPfKIP — Troy Hunt (@troyhunt) May 23, 2018. References.

Data breaches

Data breaches Passwords Cloud IT

TheMoon bot infected 40,000 devices in January and February

Security Affairs

MARCH 26, 2024

The Black Lotus Labs team at Lumen Technologies uncovered an updated version of “ TheMoon ” bot targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices. The new version of the bot has been spotted infecting thousands of outdated devices in 88 countries. ” reads the report published by Black Lotus Labs.

IoT

IoT Authentication IT Security

CVE-2022-40684 flaw in Fortinet products is being exploited in the wild

Security Affairs

OCTOBER 10, 2022

An authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests,” reads the advisory issued by the company PSIRT. Blog post and POC coming later this week.

Authentication

Authentication Cybersecurity Risk Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Experts released PoC exploit code for critical bug CVE-2022-40684 in Fortinet products

Security Affairs

OCTOBER 14, 2022

The company also provided a workaround for those who can’t immediately deploy security updates. The cybersecurity firm addressed the flaw with the release of FortiOS/FortiProxy versions 7.0.7 An attacker can exploit the vulnerability to log into vulnerable devices. “An

Authentication

Authentication Cybersecurity Risk Security

New Study: 2018 State of Embedded Analytics Report

Why do some embedded analytics projects succeed while others fail? We surveyed 500+ application teams embedding analytics to find out which analytics features actually move the needle. Read the 6th annual State of Embedded Analytics Report to discover new best practices. Brought to you by Logi Analytics.

Analytics

Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684

Security Affairs

OCTOBER 18, 2022

An authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests,” reads the advisory issued by the company PSIRT. ” reads the advisory published by the company.

Authentication

Authentication Cybersecurity Security Risk

Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws

Security Affairs

JUNE 12, 2019

Microsoft releases Patch Tuesday security updates for June 2019 that address 88 vulnerabilities in Windows OS and other products. 21 out of 88 flaws are rated as Critical in severity, 66 as Important, and only one of them rated as Moderate in severity. None of these vulnerabilities was exploited in attacks in the wild.

Security

Security Authentication Libraries Encryption

Security Affairs newsletter Round 284

Security Affairs

OCTOBER 4, 2020

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

Security

Security Ransomware Insurance Information Security

Security Affairs newsletter Round 218 – News of the week

Security Affairs

JUNE 15, 2019

A new round of the weekly SecurityAffairs newsletter arrived! Adobe Patch Tuesday updates fix code execution issues in Campaign, ColdFusion, and Flash. MuddyWater APT group updated its multi-stage PowerShell backdoor Powerstats. Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws. Kindle Edition.

Security

Security Metadata Libraries Data breaches

Microsoft fixes 2 critical Exchange Server flaws reported by the NSA

Security Affairs

APRIL 13, 2021

Microsoft patch Tuesday security updates address four high and critical vulnerabilities in Microsoft Exchange Server that were reported by the NSA. All the vulnerabilities are remote code execution that could allow attacks to compromise vulnerable installs, for this reason, the IT giant urges its customers to install the latest updates.

Cybersecurity

Cybersecurity Security Access IT

New Research Shows Why and How Zoom Could Become an Advertising Driven Business

John Battelle's Searchblog

APRIL 19, 2020

million in revenue, up 88% from the year before. The company then updated its privacy policies , bowing to criticism that it might leverage user data in a manner similar to Google and Facebook (more on that below). We are updating our privacy policy to be more clear, explicit, and transparent.” The company logged $622.7

Privacy

Privacy Data collection Marketing Communications

Microsoft Patch Tuesday, June 2019 Edition

Krebs on Security

JUNE 12, 2019

Microsoft on Tuesday released updates to fix 88 security vulnerabilities in its Windows operating systems and related software. And of course Adobe has its customary monthly security update for Flash Player. Google Chrome auto-updates Flash but also is now making users explicitly enable Flash every time they want to use it.

IT

IT Security

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

We also found 14 organisations providing a significant update on a previously disclosed incident. Source 1 ; source 2 (Update) IT services Taiwan Yes 2,451,197 RMH Franchise Corporation Source (New) Hospitality USA Yes 1.5 92 of them are known to have had data exfiltrated, exposed or otherwise breached. TB Paysign, Inc.

Data Privacy

Data Privacy Privacy Security Data breaches

IoT Devices a Huge Risk to Enterprises

eSecurity Planet

JULY 22, 2021

More than 88 percent of compromised IoT devices were routing data back to servers in China, the United States or India – considered “malware destination” countries where the attacks originated. In addition, they need to update and patch the software to all IoT-related devices. The attacks also were global in nature.

IoT

IoT Risk Manufacturing Authentication

Understanding Changing Software Delivery Trends and Key Strategies for Growth

Thales Cloud Protection & Licensing

JANUARY 18, 2022

Automated software updates. Usage data records can be collected daily and then used to generate weekly or monthly reports. 88% say their organization lacks clarity on how usage data improve business intelligence. Create SaaS-like customer experience from on-premises software. Key hybrid licensing benefits. Subscription pricing.

Customer Experience

Customer Experience Cloud Access Compliance

Understanding Changing Software Delivery Trends and Key Strategies for Growth

Thales Cloud Protection & Licensing

JANUARY 18, 2022

Automated software updates. Usage data records can be collected daily and then used to generate weekly or monthly reports. 88% say their organization lacks clarity on how usage data improve business intelligence. Create SaaS-like customer experience from on-premises software. Key hybrid licensing benefits. Subscription pricing.

Customer Experience

Customer Experience Cloud Access Compliance

ARTICLE 29 WORKING PARTY GUIDANCE – DATA BREACH NOTIFICATIONS

DLA Piper Privacy Matters

FEBRUARY 21, 2018

Last week the Article 29 Data Protection Working Party released updated guidelines in relation to personal data breach notifications and automated individual decision-making and profiling under the General Data Protection Regulation. This alert focuses on the key updates to personal data breach guidelines.

Data breaches

Data breaches Personal data GDPR Compliance

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

We also found 5 organisations providing a significant update on a previously disclosed incident. Source 1 ; source 2 (Update) Finance USA Yes 498,686 J.P. The updated data point is italicised in the table. 117 of them are known to have had data exfiltrated, exposed or otherwise breached.

Data Privacy

Data Privacy Privacy Manufacturing Security

Information Management Today

Weekly Update 88

TheMoon bot infected 40,000 devices in January and February

Webinars

Trending Sources

CVE-2022-40684 flaw in Fortinet products is being exploited in the wild

Webinars

Experts released PoC exploit code for critical bug CVE-2022-40684 in Fortinet products

New Study: 2018 State of Embedded Analytics Report

Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684

Microsoft Patch Tuesday security updates for June 2019 fix 88 flaws

Security Affairs newsletter Round 284

Security Affairs newsletter Round 218 – News of the week

Microsoft fixes 2 critical Exchange Server flaws reported by the NSA

New Research Shows Why and How Zoom Could Become an Advertising Driven Business

Microsoft Patch Tuesday, June 2019 Edition

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IoT Devices a Huge Risk to Enterprises

Understanding Changing Software Delivery Trends and Key Strategies for Growth

Understanding Changing Software Delivery Trends and Key Strategies for Growth

ARTICLE 29 WORKING PARTY GUIDANCE – DATA BREACH NOTIFICATIONS

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

Stay Connected