Continuity Management and Technology Services – News Reblog

Technology Management

Mac and Windows users infected by software updates delivered over hacked ISP | Ars Technica

August 11, 2024

Because the update mechanisms didn’t use TLS or cryptographic signatures to authenticate the connections or downloaded software, the threat actors were able to use their control of the ISP infrastructure to successfully perform machine-in-the-middle (MitM) attacks that directed targeted users to hostile servers rather than the ones operated by the affected software makers. These redirections worked even when users employed non-encrypted public DNS services such as Google’s 8.8.8.8 or Cloudflare’s 1.1.1.1 rather than the authoritative DNS server provided by the ISP

Article Link

Technology Management

AMD won’t patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for ‘Sinkclose’ | Tom’s Hardware

August 11, 2024

Technology Management

Microsoft says massive Azure outage was caused by DDoS attack

July 31, 2024

Technology Management

Mass layoffs and data breaches could be connected, according to researchers

July 30, 2024

Mac and Windows users infected by software updates delivered over hacked ISP | Ars Technica

More Stories

AMD won’t patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for ‘Sinkclose’ | Tom’s Hardware

Microsoft says massive Azure outage was caused by DDoS attack

Mass layoffs and data breaches could be connected, according to researchers

Continuity Management

What lies beneath: the growing threat to the hidden network of cables that power the internet | Internet | The Guardian

“Unprecedented” Google Cloud event wipes out customer account and its backups | Ars Technica

It’s been a bad week for public cybersecurity | TechRadar

Cellphone outage hits AT&T customers nationwide; Verizon and T-Mobile users also affected | Fox Business

Technology Management

Is Your SSN in the National Public Data Breach? Here’s How to Find Out | PCMag

AMD won’t patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for ‘Sinkclose’ | Tom’s Hardware

Mac and Windows users infected by software updates delivered over hacked ISP | Ars Technica

2.9 billion hit in one of the largest data breaches ever — full names, addresses and SSNs exposed | Tom’s Guide

Crisis Management

DICK’S shuts down email, locks employee accounts after cyberattack

Expert confirms Columbus Ohio data leak affects residents

Channel File 291 Incident RCA is Available | CrowdStrike

Sources: Bank accounts for 2 Columbus police officers hacked as city deals with ransomware attack | 10tv.com

Emergency Management

How to Align Your Incident Response Practices With the New SEC Disclosure Rules – SecurityWeek

Why the toxins from the Ohio train derailment could have posed deadly threats for residents nearby – ABC News

Train derails, goes up in flames in Ohio, causes half of town to evacuate – ABC News

Shrinking Mississippi River Puts American Farm Trade at Risks

Risk Management

TD Bank ordered to pay $28 mln by US CFPB for misreporting consumer credit data | Reuters

CFPB Takes Action to Ensure Consumers Can Dispute Charges and Obtain Refunds on Buy Now, Pay Later Loans | Consumer Financial Protection Bureau

Measles outbreak prompts health warning | NBC4 WCMH-TV

CISA hit by hackers, key systems taken offline

Compliance

After cybersecurity lab wouldn’t use AV software, US accuses Georgia Tech of fraud | Ars Technica

Liberty University fined $14 million by Dept. of Education over failure to comply with campus safety standards | Fox News

Be Ready For The Brussels Effect — It’s Coming To Data And AI

Revisit Your Password Policies to Retain PCI Compliance