Microsoft leaks 38TB of private data via unsecured Azure storage
The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository. Almost three years later, this was discovered by cloud security firm Wiz whose security researchers found that a Microsoft employee inadvertently shared the URL for a misconfigured Azure Blob storage bucket containing the leaked information. READ MORE...
MGM, Caesars attacks raise new concerns about social engineering tactics
Multiple threat groups have employed the same criminal tool kit to target vulnerable systems. The social engineering attacks against MGM Resorts and Caesars Entertainment are raising questions about previous activity linked to threat actors and the vulnerabilities they leverage. There is a growing consensus among security researchers that the threat group AlphV, also known as BlackCat, which is taking credit for the attack on MGM, has been working with Muddled Libra. READ MORE...
The Clorox Company admits cyberattack causing 'widescale disruption'
The Clorox Company, makers of bleach and other household cleaning products, doesn't expect operations to return to normal until near month end as it combs over "widescale disruption to operations" caused by cyber baddies. The $2 billion turnover biz, whose sub-brands include Burt's Bees, Formula 409 and Kitchen Bouquet, confirmed a week ago that it had identified unauthorized activity in its network but didn't reveal whether the crooks had exfiltrated data, when it happened, or how long it took to spot them. READ MORE...
Chinese hackers have unleashed a never-before-seen Linux backdoor
Researchers have discovered a never-before-seen backdoor for Linux that's being used by a threat actor linked to the Chinese government. The new backdoor originates from a Windows backdoor named Trochilus, which was first seen in 2015 by researchers from Arbor Networks, now known as Netscout. They said that Trochilus executed and ran only in memory, and the final payload never appeared on disks in most cases. That made the malware difficult to detect. READ MORE...
Former CIO accuses Penn State of faking cybersecurity compliance
Last October, Pennsylvania State University (Penn State) was sued by a former chief information officer for allegedly falsifying government security compliance reports. The lawsuit [PDF], recently unsealed, is a qui tam complaint (in Latin "who as well,") meaning it was filed on behalf of the US government by former CIO Matthew Decker, who claims his former employer defrauded the government under the False Claims Act. READ MORE...
Security has an underlying defect: passwords and authentication
here is something fundamentally wrong with cybersecurity. Passwords and credentials remain the most common method used to control access today, as they have for the last six decades, but they are untrustworthy for defense and hatred runs deep. Access control has always been a derivative of some weird, old model, Netenrich CISO Chris Morales says, and he hates passwords - big time. "For all the money and things we do that are cool, our entire security collapses on a sh--ty password," he said. READ MORE...
- ...in 1928, actor Adam West, TV's original Batman, is born in Walla Walla, WA.
- ...in 1970, The Mary Tyler Moore Show premieres on CBS. It is one of the first TV programs to focus on an independent career woman as a main character.
- ...in 1985, musician Frank Zappa testifies before the U.S. Senate in protest of the PMRC's call for the labeling of explicit content on album covers.
- ...in 1995, the first International Talk Like a Pirate Day is celebrated by the holiday's founders, John Baur and Mark Summers.
