#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

data protection | Breaking Cybersecurity News | The Hacker News

Category — data protection
Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector

Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector

Sep 19, 2024 Healthcare / Malware
Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S. The tech giant's threat intelligence team is tracking the activity under the name Vanilla Tempest (formerly DEV-0832). "Vanilla Tempest receives hand-offs from GootLoader infections by the threat actor Storm-0494, before deploying tools like the Supper backdoor, the legitimate AnyDesk remote monitoring and management (RMM) tool, and the MEGA data synchronization tool," it said in a series of posts shared on X. In the next step, the attackers proceed to carry out lateral movement through Remote Desktop Protocol (RDP) and then use the Windows Management Instrumentation (WMI) Provider Host to deploy the INC ransomware payload. The Windows maker said Vanilla Tempest has been active since at least July 2022, with previous attacks targeting education, healthcare, IT, and manufacturing secto
Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing

Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing

Sep 18, 2024 Browser Security / Privacy
Google has announced that it's rolling out a new set of features to its Chrome browser that gives users more control over their data when surfing the internet and protects them against online threats. "With the newest version of Chrome, you can take advantage of our upgraded Safety Check, opt out of unwanted website notifications more easily and grant select permissions to a site for one time only," the tech giant said . The improvements to Safety Check allow it to run automatically in the background, notifying users of the actions it has taken, such as revoking permissions for websites they no longer visit, and flagging potentially unwanted notifications. It's also designed to notify users of security issues that need to be addressed, while automatically revoking notification permissions from suspicious sites identified by Google Safe Browsing . "On Desktop, Safety Check will continue to notify you if you have any Chrome extensions installed that may pose
How to Investigate ChatGPT activity in Google Workspace

How to Investigate ChatGPT activity in Google Workspace

Sep 17, 2024GenAI Security / SaaS Security
When you connect your organization's Google Drive account to ChatGPT, you grant ChatGPT extensive permissions for not only your personal files, but resources across your entire shared drive. As you might imagine, this introduces an array of cybersecurity challenges. This post outlines how to see ChatGPT activity natively in the Google Workspace admin console, and how Nudge Security can provide full visibility into all genAI integrations. Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled  "Improvements to data analysis in ChatGPT," the post outlines how users can add files directly from Google Drive and Microsoft OneDrive. It's worth mentioning that other genAI tools like Google AI Studio and Claude Enterprise have also added similar capabilities recently. Pretty great, right? Maybe.‍ When you connec
GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging

GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging

Sep 18, 2024 Mobile Security / Encryption
The GSM Association (GSMA), the governing body that oversees the development of the Rich Communications Services (RCS) protocol, on Tuesday, said it's working towards implementing end-to-end encryption (E2EE) to secure messages sent between the Android and iOS ecosystems. "The next major milestone is for the RCS Universal Profile to add important user protections such as interoperable end-to-end encryption," Tom Van Pelt, technical director of GSMA, said . "This will be the first deployment of standardized, interoperable messaging encryption between different computing platforms, addressing significant technical challenges such as key federation and cryptographically-enforced group membership." The development comes a day after Apple officially rolled out iOS 18 with support for RCS in its Messages app, which comes with advanced features like message reactions, typing indications, read receipts, and high-quality media sharing, among others. RCS, an impro
cyber security

DevOps Security Best Practices

websiteWizDevOps / Secure Coding
Develop securely from code to cloud with this DevOps Security Cheat Sheet from Wiz. Take a deep dive into secure coding, infrastructure security, and vigilant monitoring and response.
How to Investigate ChatGPT activity in Google Workspace

How to Investigate ChatGPT activity in Google Workspace

Sep 17, 2024 GenAI Security / SaaS Security
When you connect your organization's Google Drive account to ChatGPT, you grant ChatGPT extensive permissions for not only your personal files, but resources across your entire shared drive. As you might imagine, this introduces an array of cybersecurity challenges. This post outlines how to see ChatGPT activity natively in the Google Workspace admin console, and how Nudge Security can provide full visibility into all genAI integrations. Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled  "Improvements to data analysis in ChatGPT," the post outlines how users can add files directly from Google Drive and Microsoft OneDrive. It's worth mentioning that other genAI tools like Google AI Studio and Claude Enterprise have also added similar capabilities recently. Pretty great, right? Maybe.‍ When you connec
Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts

Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts

Sep 17, 2024 Artificial Intelligence / Regulatory Compliance
Meta has announced that it will begin training its artificial intelligence (AI) systems using public content shared by adult users across Facebook and Instagram in the U.K. in the coming months. "This means that our generative AI models will reflect British culture, history, and idiom, and that U.K. companies and institutions will be able to utilize the latest technology," the social media behemoth said . As part of the process, users aged 18 and above are expected to receive in-app notifications starting this week on both Facebook and Instagram, explaining its modus operandi and how they can readily access an objection form to deny their data being used to train the company's generative AI models. The company said it will honor users' choices and that it won't contact users who have already objected to their data being used for their purpose. It also noted that it will not include private messages with friends and family, as well as information from accounts
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

Sep 17, 2024 Software Security / Data Protection
SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution. The vulnerability, tracked as CVE-2024-28991 , is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data. "SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability," the company said in an advisory. "If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution." Security researcher Piotr Bazydlo of the Trend Micro Zero Day Initiative (ZDI) has been credited with discovering and reporting the flaw on May 24, 2024. The ZDI, which has assigned the shortcoming a CVSS score of 9.9, said it exists within a class called JsonSerializationBinder and stems from a lack of proper validation of user
Master Your PCI DSS v4 Compliance with Innovative Smart Approvals

Master Your PCI DSS v4 Compliance with Innovative Smart Approvals

Sep 16, 2024 Payment Security / Data Protection
The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage payment page scripts and use a robust change detection mechanism. With the deadline fast approaching and the consequences of non-compliance so severe, there is no room for complacency, so, in this article, we look at the best way to meet these complex coding requirements. PCI DSS v4: Understanding Requirements 6.4.3 and 11.6.1 These changes to PCI DSS in v4.0 acknowledge the urgent need to tighten client-side security in the face of pervasive supply-chain threats. They call for beefed-up payment page security to keep customers' sensitive payment details safe from malicious script injection attacks: 6.4.3: To meet this requirement your organization needs to monitor and manage all payment
Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe

Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe

Sep 12, 2024 Regulatory Compliance / Data Protection
The Irish Data Protection Commission (DPC) has announced that it has commenced a "Cross-Border statutory inquiry" into Google's foundational artificial intelligence (AI) model to determine whether the tech giant has adhered to data protection regulations in the region when processing the personal data of European users. "The statutory inquiry concerns the question of whether Google has complied with any obligations that it may have had to undertake an assessment, pursuant to Article 35[2] of the General Data Protection Regulation (Data Protection Impact Assessment), prior to engaging in the processing of the personal data of E.U./E.E.A. data subjects associated with the development of its foundational AI model, Pathways Language Model 2 (PaLM 2)," the DPC said . PaLM 2 is Google's state-of-the-art language model with improved multilingual, reasoning, and coding capabilities. It was unveiled by the company in May 2023. With Google's European headqu
CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub

CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub

Sep 10, 2024 Malware / Threat Intelligence
The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub . "CosmicBeetle replaced its previously deployed ransomware, Scarab, with ScRansom, which is continually improved," ESET researcher Jakub Souček said in a new analysis published today. "While not being top notch, the threat actor is able to compromise interesting targets." Targets of ScRansom attacks span manufacturing, pharmaceuticals, legal, education, healthcare, technology, hospitality, leisure, financial services, and regional government sectors. CosmicBeetle is best known for a malicious toolset called Spacecolon that was previously identified as used for delivering the Scarab ransomware across victim organizations globally. Also known as NONAME, the adversary has a track record of experimenting w
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Sep 10, 2024 SaaS Security / Risk Management
Shadow apps, a segment of Shadow IT, are SaaS applications purchased without the knowledge of the security team. While these applications may be legitimate, they operate within the blind spots of the corporate security team and expose the company to attackers.  Shadow apps may include instances of software that the company is already using. For example, a dev team may onboard their own instance of GitHub to keep their work separate from other developers. They might justify the purchase by noting that GitHub is an approved application, as it is already in use by other teams. However, since the new instance is used outside of the security team's view, it lacks governance. It may store sensitive corporate data and not have essential protections like MFA enabled, SSO enforced, or it could suffer from weak access controls. These misconfigurations can easily lead to risks like stolen source code and other issues. Types of Shadow Apps  Shadow apps can be categorized based on their interac
One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

Sep 09, 2024 Data Protection / Threat Detection
The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response , and other tools, they are adequately protected. However, this approach not only fails to address the fundamental issue of the attack surface but also introduces dangerous third-party risk to the mix. The world of cybersecurity is in a constant state of flux, with cybercriminals becoming increasingly sophisticated in their tactics. In response, organizations are investing heavily in cybersecurity tools, hoping to build an impenetrable fortress around their digital assets. However, the belief that adding "just one more cybersecurity tool" will magically fix your attack surface and enhance your protection is a dangerous misconception. The limitations of cybersecurity tools Cybersecurity tools, while essential, have inherent limitations. They are designe
Webinar: How to Protect Your Company from GenAI Data Leakage Without Losing It’s Productivity Benefits

Webinar: How to Protect Your Company from GenAI Data Leakage Without Losing It's Productivity Benefits

Sep 09, 2024 Data Security / GenAI Security
GenAI has become a table stakes tool for employees, due to the productivity gains and innovative capabilities it offers. Developers use it to write code, finance teams use it to analyze reports, and sales teams create customer emails and assets. Yet, these capabilities are exactly the ones that introduce serious security risks. Register to our upcoming webinar to learn how to prevent GenAI data leakage When employees input data into GenAI tools like ChatGPT, they often do not differentiate between sensitive and non-sensitive data. Research by LayerX indicates that one in three employees who use GenAI tools, also share sensitive information. This could include source code, internal financial numbers, business plans, IP, PII, customer data, and more. Security teams have been trying to address this data exfiltration risk ever since ChatGPT tumultuously entered our lives in November 2022. Yet, so far the common approach has been to either "allow all" or "block all", i.e allow the use
Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor

Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor

Sep 09, 2024 Vulnerability / Enterprise Security
Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that could result in the execution of arbitrary operating system commands. Tracked as CVE-2024-7591 (CVSS score: 10.0), the vulnerability has been described as an improper input validation bug that results in OS command injection. "It is possible for unauthenticated, remote attackers who have access to the management interface of LoadMaster to issue a carefully crafted http request that will allow arbitrary system commands to be executed," the company said in an advisory last week. "This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands execution." The flaw affects the following versions - LoadMaster (7.2.60.0 and all prior versions) Multi-Tenant Hypervisor (7.1.35.11 and all prior versions) Security researcher Florian Grunow has been credited with discovering and reporting the flaw
Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress

Sep 06, 2024 WordPress / Webinar Security
Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.  "The plugin suffers from an unauthenticated account takeover vulnerability which allows any unauthenticated visitor to gain authentication access to any logged-in users and at worst can gain access to an Administrator level role after which malicious plugins could be uploaded and installed," Patchstack researcher Rafie Muhammad said . The discovery follows an extensive security analysis of the plugin, which previously led to the identification of a critical privilege escalation flaw ( CVE-2024-28000 , CVSS score: 9.8). LiteSpeed Cache is a popular caching plugin for the WordPress ecosystem with over 5 million active installat
Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues

Sep 05, 2024 Threat Prevention / Software Security
Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. CVE-2024-42024 (CVSS score: 9.1) - A vulnerability in Veeam ONE that enables an attacker in possession of the Agent service account credentials to perform remote code execution on the underlying machine CVE-2024-42019 (CVSS score: 9.0) - A vulnerability in Veeam ONE that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account CVE-2024-38650 (CVSS score: 9.9) - A vulnerability in Veeam Service Provider Console (VPSC) that allows a low privileged attacker to access the NTLM hash of the service account on the server CVE-2024-39714 (CVSS score: 9.9) - A vulnerability in VPSC tha
Secrets Exposed: Why Your CISO Should Worry About Slack

Secrets Exposed: Why Your CISO Should Worry About Slack

Sep 03, 2024 Data Protection / Cybersecurity
In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It's a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is buzzing with the usual mix of cat memes and code snippets. Little do you know, buried in this digital chatter is a ticking time bomb – a plaintext credential that gives unfettered access to your company's crown jewels. Fast forward a few weeks, and you're in the middle of a CISO's worst nightmare. Terabytes of customer data, including millions of bank account details, have been exfiltrated. Your company is splashed across headlines, and new incidents are surfacing daily. The culprit? A secret inadvertently shared in a Jira comment. This isn't a far-fetched scenario. It happen
Expert Insights / Articles Videos
Cybersecurity Resources