macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users https://firewall.firm.in/wp-content/uploads/2024/08/chinese-hacker.png Aug 27, 2024Ravie LakshmananCyber Espionage / Malware Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts “almost exactly replicate the functionality of the Windows version of the backdoor and differ only ...

Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot https://firewall.firm.in/wp-content/uploads/2024/08/ms.png Aug 27, 2024Ravie LakshmananAI Security / Vulnerability Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling. “ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ...

US lawsuit against TikTok to focus on childrens’ privacy – ET CISO https://etimg.etb2bimg.com/thumb/msid-111182270,imgsize-106928,width-1200,height=765,overlay-etciso/data-breaches/us-lawsuit-against-tiktok-to-focus-on-childrens-privacy.jpg The U.S. Department of Justice plans to focus an upcoming lawsuit against TikTok on allegations that the popular social media platform violated the privacy rights of children, rather than claims it misled adult users about its data privacy practices, according to a source familiar with the matter. ...

Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S. https://firewall.firm.in/wp-content/uploads/2024/08/Uber.png Aug 26, 2024Ravie LakshmananGDPR / Data Protection The Dutch Data Protection Authority (DPA) has fined Uber a record €290 million ($324 million) for allegedly failing to comply with European Union (E.U.) data protection standards when sending sensitive driver data to the U.S. “The Dutch DPA ...

Microsoft informs customers that Russian hackers spied on emails – ET CISO https://etimg.etb2bimg.com/thumb/msid-111356087,imgsize-62402,width-1200,height=765,overlay-etciso/data-breaches/microsoft-informs-customers-that-russian-hackers-spied-on-emails.jpg Russian hackers who broke into Microsoft’s systems and spied on staff inboxes earlier this year also stole emails from its customers, the tech giant said on Thursday, around six months after it first disclosed the intrusion. The disclosure underscores the breadth of the breach as Microsoft faces ...

SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access https://firewall.firm.in/wp-content/uploads/2024/08/sonic.jpg Aug 26, 2024Ravie LakshmananVulnerability / Enterprise Security SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control ...

EU vs Big Tech: the cases keep mounting – ET CISO https://etimg.etb2bimg.com/thumb/msid-111558319,imgsize-163662,width-1200,height=765,overlay-etciso/data-breaches/eu-vs-big-tech-the-cases-keep-mounting.jpg The European Union (EU) has launched multiple probes and complaints against Big Tech and their handling of user data and maintaining privacy. Let’s take a look at the latest tiffs: AmazonOn Friday, the European Commission (EC) asked Amazon to provide detailed information by July 26 on the measures ...

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September https://firewall.firm.in/wp-content/uploads/2024/08/cisa.png Aug 24, 2024Ravie LakshmananVulnerability / Government Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of ...

Data security experts urge govt to set up nodal body to confirm breaches – ET CISO https://etimg.etb2bimg.com/thumb/msid-111557082,imgsize-12516,width-1200,height=765,overlay-etciso/data-breaches/data-security-experts-urge-govt-to-set-up-nodal-body-to-confirm-breaches.jpg In light of alleged claims of hacking of Airtel data, security researchers have asked the govt to implement the data protection Act as under it the responsibility of informing/ confirming such breaches would be with the data protection authority, which, however, has not ...

The Facts About Continuous Penetration Testing and Why It’s Important https://firewall.firm.in/wp-content/uploads/2024/08/code.png What is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization’s digital assets to identify and mitigate security vulnerabilities. CASPT is designed for ...