Uncategorized

Proposed new cybersecurity rules for healthcare institutions will focus on how they protect user data under HIPAA, as stated by a White House official. Anne Neuberger, deputy national security adviser for cyber and emerging technology, told “The security rule [under HIPAA] was first published in 2003 and it was last …

Palo Alto Networks has revealed a high severity vulnerability in PAN-OS software that may lead to a denial-of-service (DoS) issue on affected devices. The vulnerability CVE-2024-3393 (CVSS score: 8.7) affects PAN-OS versions 10.X and 11.X, and Prisma Access with PAN-OS versions 10.2.8 or later and before 11.2.3. It has been …

A newly discovered vulnerability called “G-Door” enables malicious actors to bypass Microsoft 365 security by exploiting unmanaged Google Docs accounts. This flaw poses a serious threat to organizations using Microsoft 365’s Conditional Access policies. The G-Door vulnerability stems from the ability to create personal or workspace Google accounts using a …

CISA has issued Binding Operational Directive (BOD) 25-01, requiring federal civilian agencies to improve the security of their Microsoft 365 cloud environments. This directive is part of CISA’s effort to reduce risks from cloud misconfigurations and weak security controls that have been targeted in recent cyberattacks. BOD 25-01 introduces Secure …

The Irish Data Protection Commission fined Meta €251 million ($263.6 million) for GDPR violations related to a 2018 data breach that affected 29 million Facebook accounts. The breach occurred when unauthorized parties exploited user access tokens, exposing sensitive information like names, email addresses, phone numbers, and physical locations, including data …

TechCrunch reports that Byte Federal, a major Bitcoin ATM operator in the U.S., has experienced a data breach affecting the personal information of thousands of customers. A Florida-based company recently reported to the Maine attorney general that hackers tried to access data from about 58,000 customers. The breached information includes …

Google has announced Vanir, an open-source tool for detecting and fixing security vulnerabilities, publicly available for developers. Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system. By default, Vanir pulls up-to-date CVEs from Open Source Vulnerabilities (OSV) together …

A bootloader vulnerability in Cisco NX-OS affects over 100 switches, enabling attackers to bypass image signature checks. Cisco issued security patches for the vulnerability CVE-2024-20397 (CVSS score of 5.2) in NX-OS software’s bootloader, which could allow attackers to bypass image signature verification. “A vulnerability in the bootloader of Cisco NX-OS …

AI and GPU operations are crucial for modern data centers, but they generate significant energy consumption and heat. A new SG$ 8 million project in Singapore aims to transform cooling solutions for these facilities to meet performance demands and global sustainability goals. Data centres are crucial for the digital age …

A serious zero-day vulnerability has been found in TP-Link Archer, Deco, and Tapo routers, which could let attackers inject harmful commands and take full control of the devices. This vulnerability affects both old and recent firmware versions of popular router models, raising serious security concerns for users until November 4, …