Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If you were one of the 70+ million people affected by the 2024 AT&T data breach, you are likely concerned about the safety of your accounts and the risk of your identity being stolen. Although some of the data is from 2019 or earlier, according to AT&T, the 2024 data breach occurred this past March when stolen customer data was found on the dark web. If you were part of this data breach, your identity could be at risk of being stolen because customers’ Social Security numbers were exposed.

Welcome to this week’s Cyber Threat Intelligence Summary, where we bring you the latest updates and insights on significant cyber threats. This edition covers alleged access to high-revenue organisations advertised by IntelBroker, TransparentTribe targeting the gaming industry with spyware, and an analysis of the FakeBat loader.

In the era of IoT, secure data transmission is crucial to protect your information. Ensuring your data is secure helps prevent unauthorised access to sensitive data and maintains the integrity of your communications. Various secure data transmission methods are essential to protect your information from unauthorized access and ensure the integrity of your communications. Here are key reasons why secure data transmission in the IoT era is important.

The two policy settings in the CIS Benchmarks control the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM). By enabling the policy settings, users with anonymous connections will not be able to enumerate domain account user names on the systems in your environment.

Read also: “Evil Twin” hacker arrested for stealing the personal data, a former IT-employee indicted for a breach affecting 1M patients, and more.

Data breaches, leaks, hacks, and compromised passwords pose a real threat to our data. If you don’t take action to protect your sensitive data, you are leaving your information exposed to hackers who could: Although many data breaches occur due to factors outside your control, it’s still important to protect your data to avoid it falling into the wrong hands. The best way to do this is by choosing from the numerous secure cloud storage services in 2024.

Security researchers have warned that a new ransomware group has taken an unusual twist on the traditional method of extorting money from its corporate victims.

On July 1st, the Qualys’s security team announced CVE-2024-6387, a remotely exploitable vulnerability in the OpenSSH server. This critical vulnerability is nicknamed “regreSSHion” because the root cause is an accidental removal of code that fixed a much earlier vulnerability CVE-2006-5051 back in 2006. The race condition affects the default configuration of sshd (the daemon program for SSH).

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Ouch! Might want to check those appliances that could well have issues with patching…

An application layer DDoS attack, also known as a Layer 7 (L7) DDoS attack, targets the application layer of the OSI model. This type of DDoS attack focuses on disrupting specific functions or features of a website or online service. Layer 7 attacks leverage loopholes, vulnerabilities, or business logic flaws in the application layer to orchestrate the attacks. Here are the key characteristics and methods: Examples of L7 attacks are Slowloris, GET/POST Floods, etc.