Security News > 2024 > April > Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise
How Google plans to make stolen session cookies worthless for attackersGoogle is working on a new security feature for Chrome called Device Bound Session Credentials, meant to prevent attackers from using stolen session cookies to gain access user accounts.
A "Cascade" of errors let Chinese hackers into US government inboxesMicrosoft still doesn't known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials.
Ivanti vows to transform its security operating model, reveals new vulnerabilitiesIvanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure, some of which could also lead to execution of arbitrary code or information disclosure.
Human risk is the top cyber threat for IT teamsIn this Help Net Security video, Julian Martin, VP of Technology Alliances at Mimecast, discusses the Mimecast 2024 State of Email and Collaboration Security report.
Six steps for security and compliance in AI-enabled low-code/no-code developmentAI is quickly transforming how individuals create their own apps, copilots, and automations.
Strengthening defenses against nation-state and for-profit cyber attacksIn this Help Net Security video, Geoffrey Mattson, CEO of Xage Security, discusses the steps enterprises and critical infrastructure must take to improve their environments from for-profit and nation-state attacks.
News URL
Related news
- Troubled US insurance giant hit by extortion after data leak (source)
- Thousands of orgs at risk of knowledge base data leaks via ServiceNow misconfigurations (source)
- A data leak and a data breach (source)
- 5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage (source)
- AT&T, Verizon reportedly hacked to target US govt wiretapping platform (source)
- Pokemon dev Game Freak confirms breach after stolen data leaks online (source)
- Interbank confirms data breach following failed extortion, data leak (source)