UK’s new laws, Cisco buys Splunk, Transunion denies breach
UK launches comprehensive new online safety laws
Further to a story we brought you on Wednesday, the internet plans approved by lawmakers in the UK will substantially impact large players like Meta, Google and TikTok. It is being hailed as making Britain “the safest place in the world to be online.” In the works since 2021, the new law requires platforms to not only take down illegal content, but to prevent it from being posted in the first place, legally requiring them to verify that users are of age. According to SecurityWeek, “The law applies to any internet company, no matter where it’s based as long as a U.K. user can access its services. Companies that don’t fall in line face fines of up to 18 million pounds ($22 million) or 10% of annual global sales, whichever is greater.”
Cisco buys Splunk
The $28 billion purchase is intended to boost its software business and reduce its reliance on its networking hardware business while taking on new security issues presented by AI technology. Cisco already had a partnership with Splunk and actually sought to purchase it last year in a deal that at that time fell through. The deal is scheduled to be completed at the end of third quarter 2024, however, according to Reuters, rumblings of antitrust scrutiny have already started.
(Reuters)
TransUnion denies breach, suggests data belongs to a third party
A threat actor named USDoD claimed to have stolen sensitive data from 59,000 TransUnion customers worldwide, but the credit reporting company states that they found “no indication that TransUnion systems have been breached or that data has been exfiltrated from our environment.” They add that the information that USDoD posted to a hacking forum on the weekend likely came from a third party of some sort, given that “the data, formatting, and fields do not match the data content or formats at TransUnion.”
Harness launches Gitness to compete with GitLab
The software platform known for code deployment, cloud cost management, security testing, among other things, is now launching a new Git repo to take on GitLab, GitHub and Bitbucket. The Gitness open-source Git repository and the Harness Code Repository are intended to simply the process and to run on a small virtual machine or laptop and uses AI tools “for code reviews and other features.”
领英推荐
Thanks to this week’s episode sponsor, Hyperproof
ShroudedSnooper targets Middle East telecoms
HTTPSnoop is the name of a backdoor implant that has been used to attack telecom providers, using “novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming requests for specific HTTP(S) URLs. A secondary implant called PipeSnoop “accepts arbitrary shellcode from a named pipe and executes it on the infected endpoint.” Experts at Cisco Talos have named the threat actors as ShroudedSnooper suggesting that the practices employed do not match any other known group. They also noted that the two snoop implants were seen “masquerading as components of Palo Alto Networks’ Cortex XDR security products.”
Google’s Bard chatbot can now find answers in your mail or on your drive
A new development in the fast-changing world of AI search is Google’s Bard AI chatbot, which can “find and summarize the contents of an email or even highlight the most important points of a document you have stored in Drive.” As an opt-in feature, Google emphasizes that it will not use the data it finds to train Bard. Users can initiate a search within Gmail by using @mail or “Check my email.” It will also connect with Maps, YouTube, and Google Flights by default.
Gold Melody sells compromised access to ransomware groups
SecureWorks Counter Threat Unit has identified the group as Gold Melody, while CrowdStrike calls it Prophet Spider and Mandiant calls it UNC961. The group is identified as financially motivated and has been active since 2017. SecureWorks says the group, which has an extensive rap sheet, “conducts a considerable amount of scanning to understand a victim’s environment, scanning begins shortly after gaining access but is repeated and continued throughout the intrusion.”
Australian Pizza Hut suffers data breach
The Australian arm of Pizza Hut confirms it was hit with a cyberattack that resulted in the theft of physical addresses and order preferences of 193,000 customers. The CEO of Pizza Hut Australia said, in an email to customers sent Wednesday, the attack that happened in early September was a result of “unauthorized third party” access to some of the company’s data.” Also taken were email addresses, contact numbers and for registered accounts, encrypted credit card numbers and encrypted passwords.