Author: Admin

Enterprising cyber-criminals have found a way to create convincing phishing emails which abuse Google Docs and Drive functionality to bypass security filters, according to Avanan. Researchers at the email security vendor claimed this is the first time such techniques have been used to piggyback on a popular service like Google’s. The email that victims receive contains what appears to be a legitimate Google Docs link, Avanan explained in a blog post. Clicking through takes the user to…

One of the world’s largest cruise ship operators has disclosed a data breach from mid-March, impacting an unspecified number of customers, employees, and crew. Carnival Corporation runs many of the globe’s leading cruise lines, including P&O, Cunard and Carnival Cruise Line. According to a data breach notification letter sent to customers and seen by Infosecurity, the firm detected unauthorized third-party access to a “limited number” of email accounts on March 19. “The impacted information includes data routinely…

The Cloud Permissions Gap exposes organizations to highly exploitable risk combined with the inability to implement and manage Zero Trust policies. By Raj Mallempati, CloudKnox Security COO In 2020, when organizations were prioritizing digital transformation so they could pivot to remote work on an unprecedented scale, Gartner added a new category to its 2020 Hype Cycle for Identity and Access Management Technologies called Cloud Infrastructure Entitlement Management (CIEM). CIEM? Looks a lot like SIEM. CIEM…

More than a billion records were exposed after a misconfiguration error left a CVS Health cloud database without password protection. The 240GB of unsecured data was discovered by WebsitePlanet and security researcher Jeremiah Fowler in a cooperative investigation.  Because of the security oversight by CVS Health, which owns CVS Pharmacy and Aetna, a total of 1,148,327,940 records were exposed. Information that was left publicly accessible to anyone who knew how to look for it included customers’ search histories detailing their…

  To follow up on an earlier communication, PCI SSC is now targeting a Q1 2022 publication date for PCI DSS v4.0. This timeline supports the inclusion of an additional request for comments (RFC) for the community to provide feedback on the PCI DSS v4.0 draft validation documents.

Written by Sean Lyngaas Jun 17, 2021 | CYBERSCOOP Days after Israel and Gaza-based militant group Hamas agreed to a ceasefire in May, Arabic-speaking hackers resumed an effort to break into government networks in the Middle East, according to research published Thursday. The hacking group, known as MoleRATs, sent target organizations a malware-laced PDF claiming to be a report on Hamas members meeting with the Syrian government, security firm Proofpoint said. The malicious code is…

Australians’ lives were disrupted on Thursday by a widespread internet outage that impacted the country’s mail service and multiple businesses, including banks and airlines. The outage began in the early hours and was caused by a problem at Akamai Technologies, a global content delivery network (CDN) and cybersecurity and cloud service provider.  Akamai, which is based in Cambridge, Massachusetts, has acknowledged the issue, but has not yet disclosed the cause of service disruptions to its hosting platform,…