CyberSecurity Insiders

SEPTEMBER 22, 2022

The 2023 Cybersecurity Excellence Awards are officially open – recognizing companies, products and professionals that demonstrate excellence, innovation and leadership in information security. VOTING – Voting is open throughout the award nomination season and closes January 27, 2023.

Cybersecurity 52

Cybersecurity InfoSec Information Security Media 52

Security Affairs

JANUARY 19, 2024

Ransomware groups claimed that they successfully targeted 4191 victims in 2023, Cybernews researchers report. of attacks in 2023), while summer was the most active for ransomware attacks (30.4%). The top 10 groups, based on the number of victims, collectively account for 59% of the total victims in 2023.

Ransomware 117

Ransomware Manufacturing Retail Insurance 117

Approachable Cyber Threats

DECEMBER 7, 2023

The 2023 update to our research on the perception of cybersecurity incident and data breach causes that’s helped organizations re-evaluate how they are at risk of a cybersecurity incident or data breach instead of what feels right. Source: Verizon DBIR [1] Patterns over time in cybersecurity data breaches.

Cybersecurity 52

Cybersecurity Social Engineering Data breaches Engineering 52

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST.

Passwords 107

Passwords Authentication Architecture Risk 107

Security Affairs

OCTOBER 31, 2023

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. The attacker can then use that account to gain control of the affected system.”

Internet 122

Internet Internet Software Accountability 122

Security Affairs

OCTOBER 20, 2023

More than 40,000 Cisco IOS XE devices have been compromised in attacks exploiting recently disclosed critical vulnerability CVE-2023-20198. Whatever you were thinking about CVE-2023-20198 ( #Cisco IOS EX) it's 100x worst. The attacker can then use that account to gain control of the affected system.”

Hacking 118

Hacking Internet Internet Accountability 118

Security Affairs

APRIL 25, 2023

VMware released security updates to address two zero-day vulnerabilities ( CVE-2023-20869, CVE-2023-20870 ) that were chained by the STAR Labs team during the Pwn2Own Vancouver 2023 hacking contest against Workstation and Fusion software hypervisors. They earned $80,000 and 8 Master of Pwn points.

Hacking 96

Hacking Education Software Media 96

Security Affairs

SEPTEMBER 18, 2023

Software development company Retool was the victim of a smishing attack that resulted in the compromise of 27 accounts of its cloud customers. Software development company Retool revealed that 27 accounts of its cloud customers were compromised as a result of an SMS-based social engineering attack.

Accountability 108

Accountability Social Engineering Authentication VPN 108

Security Affairs

APRIL 12, 2023

SAP April 2023 security updates include a total of 24 notes, 19 of which are new vulnerabilities. CVE-2023-28765 : An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) – versions 420, 430, can exploit the issue to access to lcmbiar file and further decrypt the file.

Education 81

Education Media Authentication Passwords 81

Security Affairs

APRIL 19, 2023

Google rolled out emergency fixes to address another actively exploited high-severity zero-day flaw, tracked as CVE-2023-2136 , in its Chrome web browser. The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023.

Education 89

Education Media Engineering Hacking 89

eSecurity Planet

MAY 30, 2024

Table of Contents Toggle Recent Healthcare Attacks & Breaches 5 Key Cybersecurity Management Lessons to Learn Bottom Line: Learn Healthcare’s Lessons Before Suffering Pain Recent Healthcare Attacks & Breaches Large breaches affected over 88 million individuals in the USA in 2023, a 60% increase from 2022. Ascension lost $2.66

Healthcare 73

Healthcare Cybersecurity Backups Ransomware 73

Security Affairs

APRIL 14, 2023

Google released an emergency security update to address the first Chrome zero-day vulnerability (CVE-2023-2033) in 2023, the company is aware of attacks in the wild exploiting the issue. The vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11. “Type Confusion in V8.

Education 82

Education Media Engineering Hacking 82

Krebs on Security

MARCH 12, 2024

The security updates are available in iOS 17.4 , iPadOS 17.4 , and iOS 16.7.6. Security Update addresses dozens of security issues. Apple’s macOS Sonoma 14.4 ” CVE-2024-21334 earned a CVSS (danger) score of 9.8 (10 ” CVE-2024-21334 earned a CVSS (danger) score of 9.8 (10 CVE-2024-21435 is a CVSS 8.8

Authentication 246

Authentication Engineering Accountability Internet 246

Security Affairs

MAY 15, 2023

DRM Dashboard Ransomware Monitor released the first quarterly report for the year 2023 about the activities of ransomware groups globally. DRM Dashboard Ransomware Monitor, an independent platform of cybersecurity monitoring, is pleased to release the quarterly the DRM-Report for the first quarter of 2023.

Ransomware 77

Ransomware Cybercrime Cybersecurity Hacking 77

SecureList

JANUARY 18, 2023

Last year, the cybersecurity of corporations and government agencies was more significant than ever before, and will become even more so in 2023. The trend for personal data leaks grew rapidly in 2022 and will continue into 2023. More personal data leaks; corporate email at risk. The number of fake reports grows along with that.

Media 108

Media Social Engineering Ransomware Hacking 108

Security Affairs

AUGUST 12, 2023

The DHS’s CSRB will review cloud security practices following recent hacks of Microsoft Exchange accounts used by US govt agencies. The Board will develop actionable recommendations that will advance cybersecurity practices for both cloud computing customers and CSPs themselves.”

Accountability 82

Accountability Hacking Cybersecurity Technology 82

Security Affairs

JANUARY 25, 2024

The attackers were collecting information on the cybersecurity division of the company and other functions. HPE became aware of the intrusion on December 2023 and immediately launched an investigation into the security breach with the help of external cybersecurity experts. ” continues the company.

Hacking 108

Hacking Accountability Passwords Cybersecurity 108

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported. Ahead of the U.S.

Accountability 88

Accountability Phishing Financial Services Surveillance 88

Security Boulevard

JANUARY 18, 2024

Cybersecurity risks increase every year and bludgeon victims who fail to prepare properly. Cybersecurity predictions offer a glimpse at the dangerous oncoming traffic and help leaders develop strategies to navigate their journey safely. Those in cybersecurity who fail to look ahead will be crushed by what they don’t see coming.

Risk 115

Risk Cybersecurity CISO Technology 115

Security Affairs

APRIL 3, 2023

31, 2023 – Wiz Research reported the Bing issue to MSRC Jan. 31, 2023 – MSRC issues initial fix to Bing app Feb. 25, 2023 – Wiz Research reported the other vulnerable applications to MSRC Feb. 27, 2023 – MSRC starts issuing fixes for said applications Mar. 28, 2023 – MSRC awards Wiz Research with $40,000 bug bounty Mar.

Accountability 78

Accountability Education Media Authentication 78

Security Affairs

MAY 26, 2024

The threat actors focus on compromising accountants’ PCs (which are used to support financial activities, such as access to remote banking systems), stealing credentials, and making unauthorized fund transfers. CERT-UA warned Ukrainian CEOs to enhance cybersecurity measures for accountants’ automated workplaces.

Malware 101

Malware Banking Accountability Phishing 101

Security Affairs

MARCH 29, 2024

The company was the victim of credential stuffing attacks against its website and mobile application on November 18-19 and November 25, 2023. The attackers detected suspicious login activity to certain Hot Topic Rewards accounts. Threat actors obtained valid account credentials obtained from an unknown third-party source.

Accountability 105

Accountability Mobile Passwords Authentication 105

Security Affairs

MAY 19, 2024

WebTPA discovered suspicious activity on its network on December 28, 2023 and launched an investigation with the help of third-party cybersecurity experts. The investigation revealed that an unauthorized actor may have obtained personal information between April 18 and April 23, 2023.

Data breaches 103

Data breaches Healthcare Insurance Identity Theft 103

Security Affairs

AUGUST 24, 2023

The FBI warned that patches for a critical Barracuda ESG flaw CVE-2023-2868 are “ineffective” and patched appliances are still being hacked. The Federal Bureau of Investigation warned that security patches for critical vulnerability CVE-2023-2868 in Barracuda Email Security Gateway (ESG) are “ineffective.”

Hacking 77

Hacking Malware Phishing Network Security 77

SecureWorld News

AUGUST 21, 2023

In Q&A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes. Krista Arndt is the Chief Information Security Officer for United Musculoskeletal Partners (UMP). A : Multi-factor- authentication (MFA) on personal accounts.

Cybersecurity 70

Cybersecurity Healthcare Risk Cyber Risk 70

Centraleyes

JANUARY 21, 2024

The emergence of NIS2 alongside GDPR stems from the acknowledgment that while data protection is vital, it represents just one aspect of cybersecurity. As a global trailblazer in information security and data protection regulation, the EU continues to lead the way in comprehensive cybersecurity standards.

Cybersecurity 110

Cybersecurity Energy and Utilities Cyber threats Risk 110

Security Affairs

MARCH 17, 2023

Unquestionably, ‘insider threats’ is one of the most neglected aspects of cybersecurity and some companies fail to recognize associated dangers. Many businesses concentrate their cybersecurity efforts solely on external attacks, which leaves more openings for internal risks.

Social Engineering 81

Social Engineering Risk Technology Cybersecurity 81

Security Affairs

OCTOBER 23, 2023

The City of Philadelphia discloses a data breach that resulted from a cyber attack that took place on May 24 and that compromised City email accounts. The City of Philadelphia announced it is investigating a data breach after attackers that threat actors broke some of City email accounts containing personal and protected health information.

Data breaches 105

Data breaches Identity Theft Accountability Scams 105

Security Affairs

MAY 12, 2023

Email-based threats have become increasingly sophisticated, how is changing the Email Security Landscape? For over a decade, email has been a common source of cybersecurity threats. What Can We Expect in 2023? As part of their report, the team at VIPRE made three predictions for the email security landscape this year. #1

Phishing 88

Phishing Social Engineering Small Business B2B 88

SecureWorld News

SEPTEMBER 12, 2023

On June 14, 2019, Taylor Swift posted a seemingly random string of text to her social media accounts: gxgjxkhdkdkydkhdkhfjvjfj!!! taylor swift is truly a mastermind pic.twitter.com/MH40rzxvgH — Ron (@midnightstrack2) June 14, 2023 It's a typical, long-time-coming Easter Egg, a tradition that seasoned Swifties know All Too Well.

Cybersecurity 91

Cybersecurity InfoSec Threat Detection Accountability 91

Security Affairs

JANUARY 20, 2023

Bad news for T-Mobile, the company disclosed a new data breach that resulted in the theft of data belonging to 37 customer accounts. T-Mobile suffered a new data breach, threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts.

Data breaches 73

Data breaches Mobile Accountability Telecommunications 73

Security Affairs

SEPTEMBER 18, 2023

Cybersecurity firm Wiz discovered that the Microsoft AI research division accidentally leaked 38TB of sensitive while publishing a bucket of open-source training data on GitHub. Microsoft used Azure SAS tokens to share data stored in Azure Storage accounts used by its research team. Below is the timeline of this security incident: Jul.

Accountability 126

Accountability Backups Risk Passwords 126

Security Affairs

FEBRUARY 13, 2024

The bank has sent notification letters to 57,000 customers, informing them that their personal information has been compromised Infosys disclosed the security breach on November 3, 2023, in a filing with SEC the company reported it was the victim of a cyberattack that resulted in the non-availability of certain applications and systems.

Data breaches 104

Data breaches Banking Identity Theft Ransomware 104

Joseph Steinberg

JANUARY 4, 2023

Zero Trust is a term that is often misunderstood and misused, which is why I wrote an article not long ago entitled Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean. appeared first on Joseph Steinberg: CyberSecurity Expert Witness, Privacy, Artificial Intelligence (AI) Advisor.

Architecture 333

Architecture Artificial Intelligence Encryption Cybersecurity 333

Duo's Security Blog

JANUARY 23, 2024

Throughout 2023, we’ve heard about many high-profile security incidents targeting a wide range of publicly listed companies. Additionally, Chief Information Security Officers (CISOs) have also been under scrutiny for the actions they’ve taken to address these issues. WebAuthn is important.

Authentication 77

Authentication Accountability CISO Technology 77

Security Affairs

MAY 2, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2023-7028 (CVSS score: 10.0), is an account takeover via Password Reset. prior to 16.1.6,

Passwords 115

Passwords Accountability Hacking Risk 115

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 102

Ransomware Encryption Antivirus VPN 102