News – Page 14

Why Every Multi-Cloud Environment Needs an Application Owner Dashboard

Posted on 31 May 2024

From netography.com

Why Every Multi-Cloud Environment Needs an Application Owner Dashboard

By James Pittman

Organizations have moved to multi-cloud environments to achieve the benefits of business resilience, agility, best-of-breed capabilities, compliance, and cost containment, or due to the result of a merger or acquisition. But distributed environments also introduce a lot of complexity that can make it hard to realize these benefits.

Customers tell us they are feeling the pain of having SaaS applications distributed across different clouds with multiple application owners responsible for different parts of the application and limited ability to monitor the services they manage. The network monitoring tools in their stacks tend to be built for security engineers or the compliance team with an audit focus, and not application owners. The application owners have insufficient visibility to perform the role they were given which puts their ability to contribute to the risk management of the environment in jeopardy.

Mystery miscreant remotely bricked 600,000 SOHO routers with malicious firmware update

Posted on 31 May 2024

From theregister.com

Unknown miscreants broke into more than 600,000 routers belonging to a single ISP late last year and deployed malware on the devices before totally disabling them, according to security researchers.

The cyber attack, which wasn’t reported at the time, took place over a 72-hour period between October 25 and 27, 2023. It “rendered the infected devices permanently inoperable, and required a hardware-based replacement,” according to US telco Lumen Technologies’ Black Lotus Labs, which published details about the destructive event on Thursday and named it “Pumpkin Eclipse.”

What is ISO 27701 PIMS?

Posted on 31 May 2024

From securityboulevard.com

In today’s data-driven world, protecting personal information is of greater significance. The International Organisation for Standardisation (ISO) has developed ISO 27701, a comprehensive Privacy Information Management System (PIMS) standard aimed at improving privacy management within organizations. This blog will look at the specifics of ISO 27701 PIMS, its significance, and how it may help organizations strive for improved privacy policies.

Understanding ISO 27701 PIMS Compliance

ISO 27701 PIMS stands for ISO 27701 Privacy Information Management System. It is an extension of the ISO/IEC 27001 and ISO/IEC 27002 standards, which focus on information security management systems (ISMS). The ISO 27701 standard specifically addresses the management of personal data (personally identifiable information or PII) by providing a framework for organizations to enhance their data privacy controls.

Encrypted Notepad: Open-source text editor

Posted on 31 May 2024

From helpnetsecurity.com

Encrypted Notepad, an open-source text editor, ensures your files are saved and loaded encrypted with AES-256. With no ads, no network connection required, and no unnecessary features, it’s a tool that simply works.

OpenAI is very smug after thwarting five ineffective AI covert influence ops

Posted on 31 May 2024

From theregister.com

OpenAI on Thursday said it has disrupted five covert influence operations that were attempting to use its AI services to manipulate public opinion and elections.

These influence operations (IOs), the super lab said, did not have a significant effect on audience engagement or in amplifying the reach of the manipulative messages.

“Over the last three months, our work against IO actors has disrupted covert influence operations that sought to use AI models for a range of tasks, such as generating short comments and longer articles in a range of languages, making up names and bios for social media accounts, conducting open-source research, debugging simple code, and translating and proofreading texts,” the biz said.

Critical Memory Corruption In Cloud Logging Infrastructure Enables Code Execution Attack

Posted on 21 May 2024

From gbhackers.com

Fluent Bit, a widely used open-source data collector and processor, has been found to have a major memory loss flaw.

Many big cloud providers use Fluent Bit for their logging because it is easy to use and can be scaled up or down as needed.

Tenable Research found the flaw, which affects Fluent Bit’s built-in HTTP server and has been designated CVE-2024-4323.

This bug could cause a denial of service (DoS), the loss of information, or the execution of code from afar (RCE).

Cybercriminals shift tactics to pressure more victims into paying ransoms

Posted on 21 May 2024

From helpnetsecurity.com

This was primarily driven by an explosion in “indirect” ransomware incidents which increased by more than 415% in 2023 than in 2022. Standing out among the biggest loss drivers were remote access tools, which accounted for 58% of ransomware attacks. Double leverage attacks – those using both data encryption and exfiltration – also grew by 51% in 2023, demonstrating that threat actors shifted their tactics to pressure more victims into paying ransoms.

“Vulnerabilities in remote access products continue to drive too many successful ransomware attacks,” said Rotem Iram, CEO of At-Bay. “Technology providers and cybersecurity professionals must prioritize securing the perimeter by default and improving response to emerging threats, understanding that small businesses are unlikely to be able to solve those on their own.”