Security News
Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. Apple says the only "Major" categories not covered by Advanced Data Protection are iCloud Mail, Contacts, and Calendar because "Of the need to interoperate with the global email, contacts, and calendar systems," according to its press release.
Apple is expanding end-to-end encryption options for users and finally offering E2EE for their iCloud backup. "iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos," the company said in a recent announcement.
Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, photos, notes, and more. [...]
IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager. ConnectWise's advisory notes that the flaw affects Recover v2.9.7 and earlier, as well as R1Soft SBM v6.16.3 and earlier, are impacted by the critical flaw.
ConnectWise has fixed a critical vulnerability in ConnectWise Recover and R1Soft Server Backup Manager that could allow attackers to achieve remote code exection or access confidential data. The company advises users to patch as soon as possible, as the vulnerability is "Either being targeted or have a higher risk of being targeted by exploits in the wild."
ConnectWise has released security updates to address a critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager secure backup solutions. Affected software versions include ConnectWise Recover or earlier and R1Soft SBM v6.16.3 or earlier.
Hornetsecurity has found an urgent need for greater backup for Microsoft Teams with 45% of users sending confidential and critical information frequently via the platform. Users sharing confidential and sensitive information via Teams.
An extensively updated version of the Exmatter data exfiltration tool was seen last month being used with Noberus in ransomware infections, and at least one affiliate using Noberus was detected using Eamfo, the info-stealing malware that connects to the SQL database where a victim's Veeam backup software installation stores credentials, according to researchers in Symantec's Threat Hunting Team. Coreid has continuously updated Noberus since it first emerged in November 2021, shortly after BlackMatter was retired in a suspected move by the ransomware gang to stay ahead of law enforcement.
Financial services organizations are being squeezed on all sides, as regulators are tightening legislation, from SOX to CCPA, GDPR and global data privacy laws like PIPL. In this firestorm, it's never been more important for financial services organizations to level up their data protection and risk mitigation strategies. According to the report, financial services reported the second-lowest rate of data encryption at 54%, compared to a global average of 65%. Amongst the financial services organizations that were hit, 52% paid the ransom to restore data, which is higher than the global average of 46%, and the survey found that the average remediation cost in financial services was US$1.59M, which is above the global average of US$1.4M. Response rates are too slow.
Social media company Meta said it will begin testing end-to-end encryption on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services. "If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the feature," Sara Su, product management director of Messenger Trust, said.