Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google-owned Mandiant, Read more…
Google Maps Timeline Data to be Stored Locally on Your Device for Privacy Google has announced plans to store Maps Timeline data locally on users’ devices instead of their Google account effective December 1, 2024. The changes were originally announced by the tech giant in December 2023, alongside updates to Read more…
WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed by Sucuri on May 11, 2024, entails the abuse of a WordPress plugin Read more…
Experts Find Flaw in Replicate AI Service Exposing Customers' Models and Data Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. “Exploitation of this vulnerability would have allowed unauthorized access Read more…
Are Your SaaS Backups as Secure as Your Production Data? Conversations about data security tend to diverge into three main threads: How can we protect the data we store on our on-premises or cloud infrastructure? What strategies and tools or platforms can reliably backup and restore data? What would losing Read more…
Google Launches AI-Powered Theft and Data Protection Features for Android Devices Google has announced a slew of privacy and security features in Android, including a suite of advanced protection features to help secure users’ devices and data in the event of a theft. These features aim to help protect data Read more…
New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm. The techniques have been collectively dubbed Pathfinder by a group of academics from the University of California San Read more…
APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud subsidiary Mandiant said Read more…
New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need Read more…
Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption (E2EE). They called on the industry and governments to take urgent action to ensure Read more…