In California, legislation mandates that data brokers must provide clear avenues for consumers to request the deletion of their personal data. However, locating these options poses significant challenges for users. According to an investigation by The Markup and CalMatters, over 30 data brokers, which are companies that aggregate and sell…
Cybercrime, Data Breach Notification, Data Security Hacking Incident at Clinical Diagnostics Lab Represents Shifting Landscape of Cyber Threats in the Netherlands Marianne Kolbasuk McGee (HealthInfoSec) • August 12, 2025 Image: Getty Images A significant data breach has occurred at a Dutch clinical diagnostics laboratory, impacting 485,000 participants in a cervical…
In recent years, identity-based attacks have surged, with malicious actors increasingly masquerading as legitimate entities to access sensitive resources and data. Recent studies indicate that approximately 83% of these attacks involve compromised credentials. According to the Verizon DBIR, attackers are now more likely to leverage stolen credentials as their entry point, rather than exploiting vulnerabilities or misconfigurations. Moreover, the focus isn’t just on human identities; Non-Human Identities (NHIs) vastly outnumber their human counterparts in enterprises—by at least a factor of 50. Unlike humans, machines lack reliable multi-factor authentication methods, leading us to depend predominantly on credentials like API keys, bearer tokens, and JWTs. Traditionally, identity and access management (IAM) has been founded on…
Utilizing Credentials as Distinct Identifiers: A Practical Strategy for NHI Management In recent years, the prevalence of identity-based attacks has surged, marking a notable concern for cybersecurity professionals. Malicious actors increasingly exploit the identities of individuals or entities to facilitate access to resources and sensitive data. Recent reports indicate that…
In recent years, identity-based attacks have surged, with malicious actors increasingly masquerading as legitimate entities to access sensitive resources and data. Recent studies indicate that approximately 83% of these attacks involve compromised credentials. According to the Verizon DBIR, attackers are now more likely to leverage stolen credentials as their entry point, rather than exploiting vulnerabilities or misconfigurations. Moreover, the focus isn’t just on human identities; Non-Human Identities (NHIs) vastly outnumber their human counterparts in enterprises—by at least a factor of 50. Unlike humans, machines lack reliable multi-factor authentication methods, leading us to depend predominantly on credentials like API keys, bearer tokens, and JWTs. Traditionally, identity and access management (IAM) has been founded on…
Theft of paper checks and their use in identity theft constitute a major blind spot in the private sector’s fraud detection networks. Banks and regulators need to come together to find solutions, writes David Maimon, of SentiLink.Douglas Sacha/Adobe Stock In early 2023, a significant discovery in the United States highlighted…
Severe Sudo Vulnerabilities Allow Local Users to Escalate to Root Access on Major Linux Distributions
July 4, 2025
By Cybersecurity Insights
Cybersecurity researchers have identified two critical vulnerabilities in the Sudo command-line utility for Linux and Unix-like systems, enabling local attackers to elevate their privileges to root on affected machines. Here’s a summary of the vulnerabilities:
CVE-2025-32462 (CVSS Score: 2.8): In versions prior to 1.9.17p1, Sudo, when configured with a sudoers file specifying a host that is neither the current host nor ALL, permits listed users to execute commands on unintended machines.
CVE-2025-32463 (CVSS Score: 9.3): In Sudo versions before 1.9.17p1, local users can gain root access as a result of the /etc/nsswitch.conf file being utilized from a user-controlled directory in conjunction with the –chroot option.
Sudo is a command-line tool designed to allow low-privileged users to execute commands as another user, typically the superuser, thereby implementing the principle of least privilege for administrative tasks.
Critical Sudo Vulnerabilities Expose Linux Systems to Root Access Risks On July 4, 2025, cybersecurity experts identified two significant vulnerabilities in the Sudo command-line utility widely used across Linux and Unix-like operating systems. These issues pose a serious threat, allowing local attackers to gain root access on affected systems, heightening…
Severe Sudo Vulnerabilities Allow Local Users to Escalate to Root Access on Major Linux Distributions
July 4, 2025
By Cybersecurity Insights
Cybersecurity researchers have identified two critical vulnerabilities in the Sudo command-line utility for Linux and Unix-like systems, enabling local attackers to elevate their privileges to root on affected machines. Here’s a summary of the vulnerabilities:
CVE-2025-32462 (CVSS Score: 2.8): In versions prior to 1.9.17p1, Sudo, when configured with a sudoers file specifying a host that is neither the current host nor ALL, permits listed users to execute commands on unintended machines.
CVE-2025-32463 (CVSS Score: 9.3): In Sudo versions before 1.9.17p1, local users can gain root access as a result of the /etc/nsswitch.conf file being utilized from a user-controlled directory in conjunction with the –chroot option.
Sudo is a command-line tool designed to allow low-privileged users to execute commands as another user, typically the superuser, thereby implementing the principle of least privilege for administrative tasks.
Oct 26, 2024
Cyber Attack / Threat Intelligence
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new malicious email campaign targeting government agencies, businesses, and military organizations. CERT-UA noted, “The emails leverage the allure of integrating popular services like Amazon or Microsoft while promoting a zero-trust architecture.” These messages include attachments that are Remote Desktop Protocol (‘.rdp’) configuration files. When executed, these RDP files connect to a remote server, allowing threat actors to access compromised systems, steal data, and deploy additional malware for subsequent attacks. The preparation for this infrastructure is believed to have started as early as August 2024, and the agency warns that the campaign may extend beyond Ukraine to other countries. CERT-UA has linked the campaign to a threat actor identified as UAC-0215. Amazon Web Services (AWS) also issued a related advisory…
CERT-UA Uncovers Malicious RDP Files Targeting Ukrainian Entities October 26, 2024 Cyber Attack / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has reported a newly identified malicious email campaign directed at various governmental agencies, private enterprises, and military organizations within the country. This campaign seeks to exploit…
Oct 26, 2024
Cyber Attack / Threat Intelligence
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new malicious email campaign targeting government agencies, businesses, and military organizations. CERT-UA noted, “The emails leverage the allure of integrating popular services like Amazon or Microsoft while promoting a zero-trust architecture.” These messages include attachments that are Remote Desktop Protocol (‘.rdp’) configuration files. When executed, these RDP files connect to a remote server, allowing threat actors to access compromised systems, steal data, and deploy additional malware for subsequent attacks. The preparation for this infrastructure is believed to have started as early as August 2024, and the agency warns that the campaign may extend beyond Ukraine to other countries. CERT-UA has linked the campaign to a threat actor identified as UAC-0215. Amazon Web Services (AWS) also issued a related advisory…
The city of St. Paul, Minnesota, has fallen victim to a ransomware attack attributed to the Interlock group, resulting in the exposure of 43GB of sensitive data. In response, city officials have opted to refuse the ransom and launched Operation Secure St. Paul, collaborating with the FBI and the National…
Artificial Intelligence & Machine Learning, Black Hat, Events An Interview with Taylor Margot of Lytical Ventures on Autonomous Agents and AI Security Challenges Michael Novinson (MichaelNovinson) • August 12, 2025 Taylor Margot, partner, Lytical Ventures The emergence of third-party risk in the realm of artificial intelligence is set to grow…
“Deceptively Normal Network Traffic: Unmasking Hidden Threats”
Jul 02, 2025
Network Security / Threat Detection
With nearly 80% of cyber threats now imitating legitimate user actions, how can leading Security Operations Centers (SOCs) distinguish between authentic traffic and potential hazards? What options remain when traditional firewalls and endpoint detection and response (EDR) systems fail to identify critical threats facing your organization? Verizon’s latest Data Breach Investigations report reveals a troubling increase in breaches at edge devices and VPN gateways, rising from 3% to 22%. EDR tools are increasingly challenged by zero-day exploits, living-off-the-land tactics, and malware-free attacks. According to CrowdStrike’s 2025 Global Threat Report, almost 80% of identified threats employ malware-free techniques that closely resemble typical user behavior. Conventional detection methods are no longer adequate as threat actors evolve, frequently utilizing sophisticated methods like credential theft or DLL hijacking to evade detection. In light of this, security operations centers (SOCs) are adopting a multi-layered…
Network Traffic May Seem Innocuous, Yet It Could Conceal Significant Threats July 02, 2025 Network Security / Threat Detection As cyber threats increasingly adopt tactics that mimic legitimate user behavior, discerning between legitimate traffic and potentially harmful activity poses a substantial challenge for Security Operations Centers (SOCs). With the rise…
“Deceptively Normal Network Traffic: Unmasking Hidden Threats”
Jul 02, 2025
Network Security / Threat Detection
With nearly 80% of cyber threats now imitating legitimate user actions, how can leading Security Operations Centers (SOCs) distinguish between authentic traffic and potential hazards? What options remain when traditional firewalls and endpoint detection and response (EDR) systems fail to identify critical threats facing your organization? Verizon’s latest Data Breach Investigations report reveals a troubling increase in breaches at edge devices and VPN gateways, rising from 3% to 22%. EDR tools are increasingly challenged by zero-day exploits, living-off-the-land tactics, and malware-free attacks. According to CrowdStrike’s 2025 Global Threat Report, almost 80% of identified threats employ malware-free techniques that closely resemble typical user behavior. Conventional detection methods are no longer adequate as threat actors evolve, frequently utilizing sophisticated methods like credential theft or DLL hijacking to evade detection. In light of this, security operations centers (SOCs) are adopting a multi-layered…