[Weekly Security News] Data breaches which are happening even now
[January 31 2024]
1. Authorities investigating massive security breach at Global Affairs Canada
Canadian authorities are investigating a prolonged data security breach following the “detection of malicious cyber activity” affecting the internal network used by Global Affairs Canada staff. The breach affected at least two internal drives, as well as emails, calendars and contacts of many staff members and working remotely was stopped as of last Wednesday. It’s not clear whether secret information was lost in the breach, which lasted longer than a month. It’s also not clear who was behind the breach.
Source : CBC
2. Security alerts CVE-2023-46805 & CVE-2024-21887: Stormshield Products Response
Two new critical vulnerabilities impacting Ivanti Connect Secure (previously Pulse Connect Secure), identified as CVE-2023-46805 and CVE-2024-21887, are actively exploited. The CVE-2023-46805 allows an attacker to bypass authentication on the web server, while the CVE-2024-21887 allows an authenticated shell command injection. By combining these vulnerabilities, an attacker can achieve an unauthenticated remote code execution.
Source : STORMSHIELD
3. Mother of all breaches reveals 26 billion records: what we know so far
The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak, which contains LinkedIn, Twitter, Weibo, Tencent, and other platforms’ user data, is almost certainly the largest ever discovered.
Source : Cybernews
Regardless of our attitude toward personal data breaches, they are still happening everywhere. This can lead to a decrease in the company’s trust from their customers, and it is very difficult to restore damaged trust.
A fully managed WAAP (Web Application and API Protection) service, Cloudbric WAF+, provides advanced protection against ever-growing web security threats such as malware, viruses, ransomware, and DDoS attacks. Using a logic-based detection engine and patented deep learning engine, Cloudbric WAF+ ensures maximum protection against emerging threats.
Find more information about Cloudbric WAF+ from the Cloudbric Service website!
Check out Cloudbric product lines:
No.1 in the Asia Pacific – WAF with A.I & Logic-based detection engine: Cloudbric WAF+
Zero Trust Network Access-based Remote Access Solution: Cloudbric RAS
Agent based Zero Trust Network Access Solution: Cloudbric PAS
Blockchain: Blockchain Security Solution
Click here for inquiries regarding the partner system
Make sure to follow us on our social media platforms (LinkedIn, Twitter, and Facebook)