Security News > 2024

Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberattack via data protection legislation, there is no equivalent pathway available to third-party victims who suffer harm at the hands of a cyberattacker.

Food delivery company HelloFresh is nursing a £140,000 fine by Britain's data privacy watchdog after a probe found it had dispatched upwards of a staggering 79 million spam email and one million texts in just seven months. The Information Commissioner's Office says the company claimed messages were based on an opt-in statement, yet this statement did not include any reference to the sending of marketing messages via text.

A critical vulnerability in GitLab CE/EE can be easily exploited by attackers to reset GitLab user account passwords.Users who have two-factor authentication enabled on their account are safe from account takeover.

"The engineer was very skilled at gaslighting the management regarding such things, and without me present they feared he would just flim-flam his way out of trouble - and not for the first time," Alvin told On Call. The biz countered that the engineer had done good work for years, and had built the network from scratch.

Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is...

CES Despite all the buzz around internet-connected smart cars at this year's CES in Las Vegas, most folks don't want vehicle manufacturers sharing their personal data with third parties - and even say they'd consider buying an older or dumber car to protect their privacy and security. According to a survey of 2,000 Americans conducted by Kaspersky in November and published this week, 72 percent of drivers are uncomfortable with automakers sharing their data with advertisers, insurance companies, subscription services, and other third-party outfits.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV)...

As we reflect on the cybersecurity landscape and the trajectories of threat vectors, it's evident that we're on the cusp of a paradigm shift in cloud security. It's a reminder that even with advancements in cloud security, fundamental principles like IAM can't be overlooked.

The U.S. will be in a recession by Q4 2024, and tech companies will continue reducing their workforce. Still, VCs will be able to capitalize on these economic conditions, which create an opportunity for investment as prices remain depressed despite the immense technical talent in the market looking to create the next generation of disruptive companies.

The failure of LLMs to live up to their hype will be the story of 2024, as generic models become relegated to consumer-centric applications and enterprise users turn to smaller, more targeted AI models, purpose-built to meet their business needs. Recognizing the value of the data they hold, companies will seek to secure it by taking a "Hybrid cloud by design" approach, rather than "Hybrid cloud by default." Ultimately, data protection will emerge as a key pillar in a successful AI strategy, and companies will move towards prioritizing AI solutions that are trustworthy and responsible.