Veeam unveils backup service on Salesforce AppExchange
Veeam has announced the new Veeam Backup for Salesforce on Salesforce AppExchange, designed to eliminate the risk of losing data.Read more
November 30, 2022
Varonis and HackerOne launch vulnerability disclosure program
Varonis has launched its public vulnerability disclosure program via HackerOne. The VDP enables the entire HackerOne community to report potential security issues related to Varonis’ corporate and cloud environments, including Varonis SaaS products. Varonis CISO Guy Shamilov said, “Varonis has had tremendous success with our private bug disclosure program, and the logical next step for …
Varonis and HackerOne launch vulnerability disclosure program Read More »
Wiz and BigID expand collaboration to boost cloud security strategies
BigID has expanded partnership with Wiz to bring together Cloud-Native Application Protection (CNAPP) and Data Security Posture Management (DSPM) to reduce cloud risk and accelerate cloud security strategies. The partnership enables customers to continuously monitor for critical data exposure to help prevent breaches. Customers can take a data-driven approach when automating security controls in the …
Wiz and BigID expand collaboration to boost cloud security strategies Read More »
Verizon and Wipro form global NaaS partnership
Verizon has formed a global Network-as-a-Service (NaaS) partnership with Wipro that will accelerate the network modernization and cloud transformation journey for businesses. Wipro’s Network-as-a-Service (NaaS) solution, powered by Verizon Business will include a range of pre-configured and tested service chains on a subscription-based consumption model, designed to drive network consumption infrastructure on demand. The multi-year …
What’s the deal with these router vulnerabilities?, (Thu, Dec 1st)
Earlier today, I was browser recently made public vulnerabilities for tomorrow’s version of our @Risk newsletter. What stuck out was a set of about twenty vulnerabilities in Netgear and DLink routers: CVE-2022-44186 – Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri.CVE-2022-44187 – Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow …
What’s the deal with these router vulnerabilities?, (Thu, Dec 1st) Read More »
Vandis and Alkira help clients build their hybrid and multi-cloud environment
Vandis announced that it has agreed to be a partner of Alkira, a provider of Cloud Networking as-a-Service. Alkira’s Cloud Networking solution offers customers the ability to build their enterprise network entirely in the cloud unifying multiple clouds, sites, and users. With an agentless draw-and-click GUI, Alkira cuts the time it takes to provision secure, …
Vandis and Alkira help clients build their hybrid and multi-cloud environment Read More »
Meta Fined €265M for Data Leak Involving 530M Users
Ireland’s Data Protection Commission (DPC) has announced that Facebook’s parent company, Meta, will be fined €265 million ($273 million USD) for a 2021 data leak involving approximately 533 million users’ information. Meta will also have to implement a “range of corrective measures” following the DPC’s decision. This announcement marks the conclusion of an inquiry that …
Meta Fined €265M for Data Leak Involving 530M Users Read More »
Cognizant acquires AustinCSI
Cognizant has entered into an agreement to acquire AustinCSI. This acquisition complements Cognizant’s technology prowess and vertical industry expertise, enriching its advisory capabilities for delivering comprehensive digital strategy as well as innovative solutions to clients. “Client demand for end-to-end digital strategy and industry-specific solutions continues to accelerate,” said Michael Valocchi, Senior Vice President, Head of …
Sign in with Google, Apple, and other providers… and save it in 1Password
We have more sign-in options than ever, but keeping track of them all is becoming increasingly difficult. So we’re making it easier. Every morning, I sit down with a mug of iced coffee – shoutout to Pilot Coffee Roasters 😉 – and open my laptop. I like to throw on a Spotify playlist before I get started, …
Sign in with Google, Apple, and other providers… and save it in 1Password Read More »
Top 10 SANS Summits Talks of 2022
In 2022 SANS Summits hosted 13 events, featuring 246 talks from top cybersecurity practitioners all over the world. And as many of you know, SANS is ALL about capturing feedback. Evals! Evals! Evals! At each Summit, attendees rate the quality of the speakers’ content and presentation skills. Here were the top 10 rated Summit talks …
Good Information Protection Programs Coming into Focus
Corporate compliance officers grapple all the time with what their companies should do to develop effective information protection programs. This blog discusses two recent examples of Federal Trade Commission enforcement actions that outline what that looks like.Read more
Elastic named a Major Player in the IDC MarketScape: Worldwide SIEM 2022 Vendor Assessment
Consolidating cloud, endpoint, automation, and SIEM tools all in one unified platform Elastic Security’s foundational strength is in supporting fast search across any data source for any environment. In fact, the IDC MarketScape report notes “Unlike others with separate products, Elastic includes its EDR and cloud workload protection products in its security offering.” The report …
How to Carry Out a Crypto Heist – Part 1
Cryptocurrency Fraud , Fraud Management & Cybercrime , Video Web3 Expert Delves Into the Mind of a Hacker and Tells How to Be One Step Ahead Rashmi Ramesh (rashmiramesh_) • November 30, 2022 Martin Derka, head of new initiatives, Quantstamp Threat actors are targeting Web3 and making off with billions in stolen cryptocurrency, …
Brooklyn Hospitals Decried for Silence on Cyber Incident
Fraud Management & Cybercrime , Incident & Breach Response , Ransomware One Brooklyn Health Systems Three Hospitals Systems Affected by Nov. 19 Hack Marianne Kolbasuk McGee (HealthInfoSec) • November 30, 2022 Interfaith Medical Center is one of three One Brooklyn Health System hospitals affected by a recent cyber incident. (Image: One Brooklyn Health …
Brooklyn Hospitals Decried for Silence on Cyber Incident Read More »
Sirius XM flaw unlocks so-called smart cars thanks to code flaw
Sirius XM’s Connected Vehicle Services has fixed an authorization flaw that would have allowed an attacker to remotely unlock doors and start engines on connected cars knowing only the vehicle identification number (VIN). Yuga Labs’ Sam Curry detailed the exploit in a series of tweets, and confirmed that the patch issued by SiriusXM fixed the …
Sirius XM flaw unlocks so-called smart cars thanks to code flaw Read More »
Let Them Know: San Francisco Shouldn’t Arm Robots
The San Francisco Board of Supervisors on Nov. 29 voted 8 to 3 to approve on first reading a policy that would formally authorize the San Francisco Police Department to deploy deadly force via remote-controlled robots. The majority fell down the rabbit hole of security theater: doing anything to appear to be fighting crime, regardless …
Let Them Know: San Francisco Shouldn’t Arm Robots Read More »
Rapid7 unveils new capabilities to simplify CDR at AWS event
Rapid7 is showcasing a range of new capabilities at Amazon Web Services (AWS) re:Invent 2022, designed to make cloud detection and response (CDR) and vulnerability assessments easier.Read more
ICE Says It Mistakenly Publicly ID’d 6,000 Asylum Seekers
By Hailey Konnath (November 30, 2022, 11:13 PM EST) — U.S. Immigration and Customs Enforcement erroneously publicly posted identifying information, including names and locations, of more than 6,000 individuals seeking asylum on its website earlier this week, the agency confirmed on Wednesday…. Read more
Talkin’ About Infosec News – 11/30/2022
[embedded content] 00:00 – PreShow Banter™ — Inflatable Turkey00:15 – BHIS – Talkin’ Bout [infosec] News 2022-11-2802:34 – Story # 1: Musk recruits engineers for “Twitter 2.0”https://arstechnica.com/tech-policy/2022/11/musk-recruits-engineers-for-twitter-2-0-after-mass-layoffs-and-resignations/06:28 – Story # 2: Security experts are laying Mastodon’s flaws barehttps://www.techradar.com/news/security-experts-are-laying-mastodons-flaws-bare15:01 – Story # 3: 5.4 million Twitter users’ stolen data leaked online — more shared privatelyhttps://www.bleepingcomputer.com/news/security/54-million-twitter-users-stolen-data-leaked-online-more-shared-privately/18:23 – …
RTX 4070 Ti emerges through Gigabyte listings and GPU die shot
Reliable leaker MEGAsizeGPU posted a picture of Nvidia’s full AD104 GPU on Twitter. The chip will go into the GeForce RTX 4070 Ti, expected to launch in early January.Read more
AWS re:Invent 2022: First impressions from Dr. Swami Sivasubramanian’s keynote
We kicked off day three of re:Invent with a bang as AWS VP of Database, Analytics, and Machine Learning Dr. Swami Sivasubramanian took the stage to drop a few announcements of his own. The post AWS re:Invent 2022: First impressions from Dr. Swami Sivasubramanian’s keynote appeared first on A Cloud Guru.Read more
Threat Hunting the Easy Way
In this article, I am going to give you a simple strategy anyone can use to start threat hunting today. Linux, Windows, Mac, desktop, server….I don’t care it works on all of them! When people think of threat hunting, there are a few hurdles to overcome: It’s a profoundly technical space, wrapped up inside another …
Riding Circuit: December’s Notable Appellate Arguments
By Jess Krochtengel (November 30, 2022, 10:17 PM EST) — As the year winds down, circuit courts will hear argument on the kinds of crimes Jan. 6 rioters can be charged with, whether federal law unconstitutionally delegates power to a private entity, and whether a class can be certified even if some class members weren’t …
Riding Circuit: December’s Notable Appellate Arguments Read More »
GE, Canon Slam ‘Excessive’ Atty Fee Bid In $350K Breach Deal
By Allison Grande (November 30, 2022, 10:14 PM EST) — General Electric Co. and a Canon Inc. subsidiary are urging a New York federal judge to reject class counsel’s request for more than $466,000 in fees for securing a $350,000 data breach deal, arguing that the sum is “grossly disproportionate” to the amount that class …
GE, Canon Slam ‘Excessive’ Atty Fee Bid In $350K Breach Deal Read More »
Nvidia GPU Driver Bugs Threaten Device Takeover & More
A new update from Nvidia for its GPU Display Driver includes fixes for a full 29 security vulnerabilities, seven with a base score of more than 7. The company’s graphics cards are built to accelerate computing processing to support real-time or data-intensive applications. As such, they’re known for their use by gamers, graphic designers, and …
Nvidia GPU Driver Bugs Threaten Device Takeover & More Read More »
Italian Supreme Court Grants Global Delisting Order Under National Law
On November 15, 2022, the Italian Supreme Court held that an Italian court or competent data protection authority has jurisdiction to issue a global delisting order. A delisting order requires a search engine to remove certain search results about individuals if the data subject’s privacy interests prevail over the general right to expression and information, …
Italian Supreme Court Grants Global Delisting Order Under National Law Read More »
Hackers using USB drives to spread malware in ongoing attack
According to a recent post by the cybersecurity firm Mandiant, USB drives are being used to hack targets in Southeast Asia. The threat actor behind this activity, referred to as UNC4191 is targeting public and private entities in Southeast Asia, Asia-Pacific, Europe, and the US, with a focus on the Philippines. This new campaign began …
Hackers using USB drives to spread malware in ongoing attack Read More »
SWN #258 – Nudity, Tik Tok, Twitter, Festo, Iab’s, Meta, Acer, & Jason Wood
Paul’s Security Weekly Wed, 30 Nov 2022 22:05:37 +0000 Wed, 30 Nov 2022 22:15:38 +0000 Libsyn WebEngine 2.0 http://securityweekly.com/ en http://securityweekly.com/ production@securityweekly.net (production@securityweekly.net) https://ssl-static.libsyn.com/p/assets/2/3/1/7/231716b9da792464/PSW_1400x1400.png Paul’s Security Weekly paul@securityweekly.com hacking,security false production@securityweekly.net episodic no SWN #258 – Nudity, Tik Tok, Twitter, Festo, Iab’s, Meta, Acer, & Jason Wood Wed, 30 Nov 2022 22:05:37 +0000 25:47 false …
SWN #258 – Nudity, Tik Tok, Twitter, Festo, Iab’s, Meta, Acer, & Jason Wood Read More »
Samsung announces new GDDR6W memory, rivals HBM2
In 2016, Samsung and other producers began manufacturing the successor to the fast (but flawed) high-bandwidth memory (HBM) modules. High-bandwidth memory 2 (HBM2) seemingly fixed all the issues with the previous generation, increasing capacity, speeds, and bandwidth. Unfortunately, HBM2 was never significantly successful in the desktop graphics card market.Read more
UK Court Orders Crypto Firms to Share Data to Track Thieves
Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime Alleged Hacker Moved Funds Via Binance, Coinbase and 4 Other Exchanges Rashmi Ramesh (rashmiramesh_) • November 30, 2022 Image: Shutterstock A British court ordered six cryptocurrency exchanges to reveal the identities of account holders allegedly tied to a 2020 hack of an …
UK Court Orders Crypto Firms to Share Data to Track Thieves Read More »