May 2024 Reading Roundup
VMware Changes Webinar
Looking for practical content that helps you navigate the new VMware pricing changes? Curious about options for consumption or alternatives? Join us June 4th at 11am for a technical review. We’ll raffle a few bottles of EH Taylor and a cloud workshop, as well! You can?register here.?
Palo Alto Acquires QRadar Assets
This is an exciting move for PAN as they mature across the security stack. QRadar SaaS customers can anticipate a swift migration to Cortex XSIAM (extended security intelligence and automation management). You can?read more via CRN.?
Utilities Face Attacks
The EPA is urging water works organizations to brace for cyber attacks. Practically, we’ve seen a surge in attacks related to critical utilities. These nation-state attacks are primarily attributed to Russia, China and Iran. You can?read more via Associated Press.
LogRhythm & Exabeam Merger
Consolidation in the cybersecurity space continues. This merger makes good sense. LogRhythm is a titan of the SIEM space while Exabeam can deliver on the security operations. With LogRhythms complex machine learning and Exabeam’s focus on AI-driven operations, this could be a harmonious union. You can?read more via TechCrunch.
MSFT Recall Privacy Concerns
MSFT’s new AI-driven Windows 11 Recall works by taking screenshots of active sessions periodically. Screenshots will be indexed, which allows users to browse snapshots and query. Security experts and analysts are concerned and asking for MSFT to introduce safeguards. In some cases, industry experts are labeling this tool as spyware. You can?read more via Bleeping Computer.
Cencora Breach
One of the nation’s largest pharmaceutical organizations declared a breach in February that included patient’s names, addresses, diagnosis and medications. Cencora handles approximately 20% of the nation’s pharmaceutical sales. Total volume of impacted users has yet to be disclosed. You can?learn more via NPR.
Breach Call Center Breached!?
This is a stellar headline. After suffering a breach last year, Nissan set up a call center, provided by OracleCMS, to assist victims of the breach. Nissan has confirmed that this call center has been breached. You can?read more via ITnews.
Slack Data Used to Train AI-Models
Slack’s terms, which were implemented in September 2023, give the organization the rights to train its AI model on user’s data. Slack, owned by Salesforce, opted-in all users. If you’d like to opt-out, you’ll need to email Slack directly. You can?read more via ARS Technica.
Your Service Desk is a Target
IT service desks are prime targets for bad actors. High profile examples of service desk related breaches include EA Games and MGM, which resulted in over a $100 million in lost revenue and the source code for FIFA 2021! This article highlights this risk and provides best practices. You can?read more via Bleeping Computer.
领英推荐
Dell Confirms Data Breach
Dell has confirmed a data breach that discloses end user name, address, and Dell order information, including hardware, quantities, service tags, etc… Dell did not provide greater detail at the time of notification, as they are still in the midst of the investigation. Dell officials did downplay the impact of the breach. You can?read more via TechCrunch.?
Dell Breach Includes EU
In relation to the previous headline, Ireland has disclosed a breach notification from Dell that includes users in the EU. You can?read more via Tech Crunch.?
Ascension Breach?
Ascension disclosed a ransomware attack that includes outages across its base of 140 hospitals, loss of patient data, and resulted in ambulances being redirected due to local facilities inability to take on new patients. At the time of reporting, Ascension had no timeline for recovery. You can?read more via Detroit Free Press.?
VPN Security
Researchers from Leviathan have dropped a sensational headline that VPN might not be as secure as you think. They claim it’s possible to exploit a of the DHCP standard so that other users on the local network are forced to connect to a rogue DHCP server. You can?read more via Krebs on Security.?
The Role of CISO in 2024
CISO’s face unique challenges in 2024. Many organizations are freezing or reducing cyber budgets. While budgets are flat or declining, threats continue to abound as CISO’s must wrestle with securing organizations as applications continue to sprawl and AI proposes new risks. As a result, many CISO’s feel they’re simply scapegoats who will be thrown under the bus when incidents arise. You can read more about the modern CISO via VentureBeat.?
Ticketmaster Hack
Your favorite ticket solution, known for low prices, customer service, and creating a competitive environment for ticket pricing, has disclosed a breach. The data is being actively shopped for approximately $500,000. Ticketmaster has 560 million users. You can?read more via BBC.?
Just In: AI Requires Drastic Resource Consumption!?
The “news” just found out that the AI boom will require massive resource utilization. Massive increases in AI consumption means massive increases in compute, storage, cooling and power. You can?read more regarding concerns over consumption rates and its environmental impacts via The Guardian.?
Free Piano!?
American university staff and students are the target of a mass phishing campaign that’s reached 120k + mailboxes. The phish offers a free grand piano if you agree to cover the expense of shipping. You can?read more via Bleeping Computer.
Apple Wasn’t Storing Deleted Photos
Apple came under critique after users noticed deleted photos reappeared after iOS 17.5.1 updates. Now researchers have concluded that Apple was not storing photos previously believed to have been deleted, but the photos did persist on local storage. You can?read more via Bleeping Computer.
Wiz Continues to Expand
Wiz, currently valued at $12 Billion, just closed a round of funding to fuel its acquisition strategy. If you’re familiar with cloud security, you know about Wiz. The popular vendor hopes to become the primary all-in-one cloud security vendor. You can?read more about their rise via TechCrunch.?