Security News

IBM recently released its annual Cost of a Data Breach report, revealing that the average cost of a data breach in Australia reached a record-high of AUD $4.26 million in 2024. Initial attack vectors: Phishing was the most common initial attack vector, accounting for 22% of breaches and costing businesses AUD $4.35 million per breach on average.

Electronic manufacturing services provider Keytronic has revealed that it suffered losses of over $17 million due to a May ransomware attack. [...]

Australian organisations have reported the highest rate of data breaches compared with global markets in 2023, according to a new survey. The State of Data Security: Measuring Your Data's Risk report, based on a survey of 1,600 global IT and security leaders as well as telemetry data from 6,100 Rubrik customers, gauged the frequency of cyber incidents related to business email compromises, data breaches, ransomware attacks, insider incidents and inadvertent data exposure.

Progress Software's latest security advisory warns customers about the second critical vulnerability targeting its Telerik Report Server in as many months. Some of you may remember CVE-2019-18935, another deserialization of untrusted data vulnerability affecting Telerik UI for ASP.NET AJAX. It was used by multiple attackers including an unspecified Advanced Persistent Threat group to successfully target US federal agencies in 2023, despite being added to CISA's Known Exploited Vulnerability catalog in 2021.

Progress Software has fixed a critical vulnerability in its Telerik Report Server solution and is urging users to upgrade as soon as possible. Telerik Report Server is an enterprise solution for storing, creating, managing and viewing reports in web and desktop applications.

Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327, impacts Report Server version 2024 Q2 and earlier.

Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. As a server-based reporting platform, Telerik Report Server provides centralized storage for reports and the tools needed to create, deploy, deliver, and manage them across an organization.

Distributed Denial of Service attacks continue to be cybercriminals' weapon of choice, making up over 37% of all mitigated traffic. In the first quarter of 2024 alone, Cloudflare blocked 4.5 million unique DDoS attacks.

After publication of my "Kryptonite" article about a prompt that crashes many AI chatbots, I began to get a steady stream of emails from readers - many times the total of all reader emails I'd received in the previous decade. Disappointingly, too many of them consisted of little more than a request to reveal the prompt so that they could lay waste to large language models.

Security in brief It's been a week of bad cyber security revelations for OpenAI, after news emerged that the startup failed to report a 2023 breach of its systems to anybody outside the organization, and that its ChatGPT app for macOS was coded without any regard for user privacy. According to an exclusive report from the New York Times, citing a pair of anonymous OpenAI insiders, someone managed to breach a private forum used by OpenAI employees to discuss projects early last year.