Security News
The U.S. Cybersecurity and Infrastructure Security Agency is investigating the recent breach of data analytics company Sisense, an incident that also impacted critical infrastructure organizations. Today, CISA says the incident also affects critical infrastructure sector organizations in the United States, with the agency now working with partners in the private sector to assess its impact.
Business intelligence / data analytics software vendor Sisense has apparently suffered a data breach that spurred the company and the US Cybersecurity and Infrastructure Security Agency to push the company's customers to "Reset credentials and secrets potentially exposed to, or used to access, Sisense services." Details about the security incident are still being kept under wraps by Sisense.
Apple has been notifying iPhone users in 92 countries about a "Mercenary spyware attack" attempting to remotely compromise their device. "Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-," reads the notification.
Because modern employees can easily adopt new cloud and SaaS applications whenever and wherever they want, the old IT offboarding playbook of "Disable AD account, forward email, recover and wipe device, and call it a day" is no longer enough. This will make the account inaccessible to everyone, even admins, which could interfere with your ability to complete other offboarding tasks like transferring files and data.
Your organization has been hit by ransomware and a decision has to be made on whether or not to make the ransom payment to get your data decrypted, deleted from attackers' servers, and/or not leaked online. The decision will depend on a variety of factors but, according to GuidePoint Security, an important one should be the overall maturity and prominence of the ransomware operators who pulled off the attack.
DuckDuckGo has launched a new paid-for 3-in-1 subscription service called 'Privacy Pro,' which includes a virtual private network, a personal data removal service, and an identity theft restoration solution. The introduction of Privacy Pro marks the first case of a premium product from DuckDuckGo, allowing it to enter a highly competitive space with the impetus of an established entity that has won the trust of millions from its existing product portfolio.
GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub...
A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time...
GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub...
Open source password managers make their code accessible to the public, allowing users to customize the software to suit their needs. With that, I've created a list of the best open source password managers for teams and businesses.