Security News

Asset Visibility helps customers become more proactive within their security program, helping them uncover assets that need protection, validate that the expected endpoint security controls are in place and working, and identify areas of risk exposure due to gaps in security coverage. Dasera expands data security posture management capabilities to Microsoft 365.

23andMe users' godawful password practices were supposedly to blame for the biotech company's October data disaster, according to its legal reps. The letter, which was first reported by TechCrunch, read: "As set forth in 23andMe's October 6, 2023 blog post, 23andMe believes that unauthorized actors managed to access certain user accounts in instances where users recycled their own login credentials - that is, users used the same usernames and passwords used on 23andMe.com as on other websites that had been subject to prior security breaches, and users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe. Therefore, the incident was not a result of 23andMe's alleged failure to maintain reasonable security measures under the CPRA.".

As Cyber Solidarity Act edges closer to full adoption in Europe The US Cybersecurity and Infrastructure Security Agency (CISA) has signed a working arrangement with its EU counterparts to increase...

Aqua Trivy open-source security scanner now finds Kubernetes security risks. Lacework code security helps prevent security issues from getting into the wild by identifying them before code is deployed, and helps prioritize and fix issues faster, wherever they are found in the application lifecycle.

An Atlanta tech company's former COO has pleaded guilty to a 2018 incident in which he deliberately launched online attacks on two hospitals, later citing the incidents in sales pitches. Under a plea deal he signed last week, Vikas Singla, a former business leader at network security vendor Securolytics - a provider to healthcare institutions, among others - admitted that in September 2018 he rendered the Ascom phone system of Gwinnett Medical Center inoperable.

Infosec in brief After spending almost a year cleaning up after various security snafus, the UK's Royal Mail had an open redirect flaw on one of its sites, according to infosec types. Open redirects essentially allow attackers to use a legitimate website or a web application - in this case, a Royal Mail website - to redirect users to a malicious website by manipulating the URL. It occurs when the application doesn't validate user input, so miscreants can manipulate it as they please.

The proportion of cybersecurity professionals reporting low "Happiness ratings" has risen sharply over the last 12 months, raising concerns about increasing burnout rates in the industry. The data indicated overall workplace happiness is falling across the board, with both medium and high-satisfaction ratings dropping and "Low satisfaction" ratings the only bracket that grew, increasing by more than five percent.

Nutanix announced new features in the Nutanix Cloud Platform to strengthen organizations' cyber resilience against ransomware attacks on unstructured data. These new features, available in Nutanix Data Lens and Nutanix Unified Storage solutions, enable organizations to detect a threat, defend from further damage and begin a 1-click recovery process within 20 minutes of exposure.

Copilotization of all things continues... as helper offers incident reports to share with the boss and more Microsoft is opening up the early access program for its flagship cybersecurity AI...

The time taken by cyber attackers between gaining an initial foothold in a victim's environment and deploying ransomware has fallen to 24 hours, according to a study. In nearly two-thirds of cases analysed by Secureworks' researchers, cybercriminals were deploying ransomware within a day, and in more than 10 percent of incidents it was deployed within five hours.