Infosecurity News
IMF Investigates Serious Cybersecurity Breach
The International Monetary Fund says it is still looking into a recent compromise of multiple email accounts
NIST National Vulnerability Database Disruption Sees CVE Enrichment on Hold
Vulnerability data has stopped being added to the most widely used software vulnerability database for over a month, putting organizations at risk – and nobody knows why
HSE Misconfiguration Exposed Over a Million Irish Citizens’ Vaccine Status
An AppOmni researcher detailed a misconfiguration in the HSE COVID Vaccination Portal, exposing the health and personal data of over a million Irish citizens
TikTok Faces US Ban as House Votes to Compel ByteDance to Sell
The vote saw 352 members of Congress supporting the bill while only 65 opposed it
New Report Suggests Surge in SaaS Assets, Employee Data Sharing
DoControl said one in six employees was found to have shared company data via personal email
French Employment Agency Data Breach Could Affect 43 Million People
France’s employment agency suffered a massive breach, exposing the data of users who registered over the past 20 years
US Government to Investigate Change Healthcare Ransomware Attack
The US government will investigate whether protected healthcare information was breached in the Change Healthcare ransomware attack, and if the firm complied with HIPAA rules
Google Paid $10m in Bug Bounties to Security Researchers in 2023
Google revealed it paid $10m in bug bounty payments to more than 600 researchers in 2023, with the highest single payment being £113,337
Fortinet Patches Critical Bug in FortiClient EMS
Fortinet has released security updates to fix several critical vulnerabilities in its products
Meta Sues Former VP After Defection to AI Startup
Meta is suing one of its former executives for stealing sensitive documents before leaving the company
Investment Scams Grow, 13,000 Domains Detected in January 2024
Netcraft said the domains were found across 7000 IPs in January, a 25% increase from December 2023
Cloud Account Attacks Surged 16-Fold in 2023
Red Canary said cloud account compromise detections rose 16-fold in 2023, becoming the fourth most prevalent technique used by threat actors
New Research Exposes Security Risks in ChatGPT Plugins
Salt Security discovered GPT flaws affecting plugin installation, PluginLab and OAuth
Google to Restrict Election-Related Answers on AI Chatbot Gemini
The new restriction to Google’s AI chatbot was first implemented in India, which holds elections in April, before being rolled across other nations
Single RCE Bug Features Among 60 CVEs in March Patch Tuesday
No zero-day vulnerabilities to fix in this month’s Microsoft Patch Tuesday
Nearly 13 Million Secrets Spilled Via Public GitHub Repositories
GitGuardian claims the number of secrets exposed via GitHub has quadrupled since 2021
Study Reveals Top Vulnerabilities in Corporate Web Applications
Kaspersky said access control weaknesses and failures in data protection accounted for 70% of all flaws
US Intelligence Predicts Upcoming Cyber Threats for 2024
The Office of the Director of National Intelligence (ODNI) has unveiled an unclassified version of its Annual Threat Assessment of the US Intelligence Community
New Cloud Attack Targets Crypto CDN Meson Ahead of Launch
Sysdig said the rise of the Meson Network in blockchain signals a new frontier for attackers
Three-Quarters of Cyber Incident Victims Are Small Businesses
Three-quarters of cyber-incidents Sophos responded to involved small businesses in 2023, with attackers’ main goal being data theft
