Windows TCO (Total Cost of Ownership)
-
PC Mag ☛ Worrying Security Vulnerabilities Found in Microsoft's AI Healthcare Bots
However, researchers found they could connect "using a malicious external host, and [set] that up to respond to any queries from the platform with 301 or 302 redirect codes indicating that the web page had been permanently moved," Dark Reading explains. "Those redirect responses were sent back to the [service's internal metadata service], which in turn responded with metadata that leaked the access tokens."
-
Security Week ☛ Azure Health Bot Service Vulnerabilities Possibly Exposed Sensitive Data
Researchers at Tenable have identified vulnerabilities in Microsoft’s Azure Health Bot Service that threat actors could have been able to exploit to gain access to sensitive data.
-
Dark Reading ☛ Microsoft Azure AI Health Bot Infected With Critical Vulnerabilities
Multiple privilege escalation issues in Microsoft Azure's cloud-based Health Bot service opened the platform to server-side request forgery (SSRF) and could have allowed access to cross-tenant resources.
-
Tenable Inc ☛ Tenable discovers Azure Health Bot critical vulnerabilities
Tenable Research discovered critical vulnerabilities that allowed access to cross-tenant resources within this service. Based on the level of access granted, it’s likely that lateral movement to other resources would have been possible.
-
Federal News Network ☛ Is EPA policing enough for cyber attacks on water systems?
More and more of the nation’s drinking water systems are becoming automated. That means software. And software means cybersecurity attacks. Cybersecurity attacks mean anything could come out of people’s faucets. The Environmental Protection Agency is the federal lead on cyber. And the Government Accountability Office recommends it do a few things. For more, the EPA’s director of information technology and cybersecurity, Dave Hinchman, joins the Federal Drive with Tom Temin.
Interview transcript: [...]
-
Tripwire ☛ Ransomware Kingpin Who Called Himself "J P Morgan" Extradited to the United States
The first notable appearance of the moniker "J P Morgan" dates back to 2011, when he and associates launched the Reveton ransomware.
-
The Register UK ☛ Six ransomware gangs behind over 50% of 2024 attacks
Despite a law enforcement takedown six months ago, LockBit 3.0 remains the most prolific encryption and extortion gang, at least so far, this year, according to Palo Alto Networks' Unit 42.
Of the 53 ransomware groups whose underworld websites, where the crooks name their victims and leak stolen data, that the incident response team monitored, just six accounted for more than half of the total infections observed.
-
Silicon Angle ☛ Services at Swiss manufacturer Schlatter disrupted in likely ransomware attack
Though it did not disclose the form of malware, the company added that “the unknown perpetrators are attempting to blackmail Schlatter.” Any attempted “blackmail” would require leverage and that could be encrypted data or stolen data.
If it sounds like ransomware, it usually is. The blackmail, in this case, is likely a demand for a ransom payment in return for encryption keys to decrypt data and a promise not to release stolen data.
-
RIPE ☛ Innovative Approaches to Combating SPAM: Lessons from IP Leasing
SPAM and abuse remain persistent challenges across various digital platforms, threatening user trust and operational integrity. Jolita Puzakova and colleagues explore how they tackle this persistent threat with a three-fold approach.
-
Marcy Wheeler ☛ After Serving as a Pawn for Russia, Roger Stone Became a Pwn of Iran
Maybe we’ll get around to uncertainty over whether Stone was the account whence, Microsoft describes, someone on the Trump team was targeted or the more interesting question of whether Iran, or someone else, is the source of the files shared with Politico, WaPo, and NYT. Thus far, it seems clear that three Biden-Harris people avoided being [breached] and the Trump advisor may have avoided being [breached] too.
It’s just Roger, so far.
-
Los Angeles Times ☛ 2.9 billion records possibly leaked in data breach: Protect yourself
According to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Fla., the hacking group USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data, which offers personal information to employers, private investigators, staffing agencies and others doing background checks. The group offered in a forum for hackers to sell the data, which included records from the United States, Canada and the United Kingdom, for $3.5 million, a cybersecurity expert said in a post on X.
-
IT Pro ☛ National Public Data breach: Lawsuit claims nearly three billion people had personal data exposed
A proposed class action lawsuit has alleged that nearly three billion individuals had their personal data leaked during a cyber attack targeting background checking service, National Public Data, in April.
Jerico Pictures, which operates National Public Data (NPD), is a background-checking service which scrapes personally identifiable information (PII) of individuals from non-public sources.
-
Federal News Network ☛ The time is now to up the federal OT security game
Threats exploiting operational technology (OT) vulnerabilities are on the rise and the latest language from across the federal government should grab the attention of every federal technology leader. From explicit National Security Agency warnings regarding Chinese nation-state targeting, to the ever-growing list of OT vulnerabilities reported by the Cybersecurity and Infrastructure Security Agency (CISA), the concerns are real. With the federal government’s OT and Internet of Things assets across every function from weapons to navigation to patient healthcare to other critical services, the sense of urgency is justified.
-
SANS ☛ Multiple Malware Dropped Through MSI Package
One of my hunting rules hit on potentially malicious PowerShell code. The file was an MSI package (not an MSIX, these are well-known to execute malicious scripts[1]). This file was a good old OLE package:
-
Cyble Inc ☛ GitHub Actions Artifacts Expose Sensitive Tokens In Major Repos
GitHub repositories have become a crucial part of modern software development, allowing teams to collaborate, build, and deploy code. However, a critical vulnerability has been discovered in the way GitHub Actions artifacts are handled that poses a significant threat to the security of these repositories.
This attack vector can lead to high-level access to cloud environments, compromising sensitive data and potentially affecting millions of consumers. Many organizations, including some of the biggest in the world such as Red Hat, Google, AWS, Canonical (Ubuntu), Microsoft, OWASP and others, were discovered to be vulnerable to this attack.