Security Boulevard

JUNE 6, 2022

Today we’ve been honored with the “Next Generation in API Security” award in the 2022 Global InfoSec Awards from Cyber Defense Magazine (CDM). Before that, we took the gold as “ Hot Company of the Year ” in the 2022 Information Technology World Awards®, and the week before that snagged the Globee® gold award in the Disruptor Company Awards.

Big data 52

Big data InfoSec Architecture Education 52

Krebs on Security

MAY 31, 2022

The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive.

Ransomware 255

Ransomware Government Hacking Media 255

Security Boulevard

JUNE 23, 2022

Thu, 06/23/2022 - 16:26. A snapshot of those concerns reveal: Nearly half of CIOs see breaches as their biggest organizational risk. 27% say resilience is a top three priority. AI-based attacks: Bot-based attacks are getting better at mimicking user activity, more easily breaching the low-security defenses of many IoT devices.

IoT 98

IoT Social Engineering Firmware Risk 98

Digital Shadows

JANUARY 18, 2023

Ransomware activity stayed at steady levels throughout 2022’s fourth quarter (Q4 2022). One major development was the use of ransomware in hacktivism’s resurgence during 2022. The hacktivists didn’t post any demands or host stolen data, but they did use malware that’s more commonly associated with cyber criminals.

Ransomware 40

Ransomware Accountability Healthcare Data breaches 40

BH Consulting

OCTOBER 15, 2023

Stealing sensitive data could become the central goal of cyber-attacks, feeding the growing criminal market for personal information, Europol said. The document measured the increase in job postings and found demand in the industry more than trebled from 2019 to 2022.

Ransomware 52

Ransomware Data breaches CSO Cyber Attacks 52

Security Boulevard

JULY 11, 2022

Mon, 07/11/2022 - 16:49. The healthcare industry continued to be one of the the most targeted sector in 2021 , witnessing a 51% increase in breaches since 2019. These attacks resulted in: Large amounts of Protected Health Information (PHI) and other sensitive data being stolen. brooke.crothers.

Healthcare 52

Healthcare IoT Authentication Internet 52

Security Boulevard

MAY 16, 2022

Mon, 05/16/2022 - 11:30. The survey data reflects the input of more than 250 respondents, with 26% of respondents having doubled the number of APIs in use from a year ago, and 5% have more than tripled the count. Authentication problems are the next most common issue, at 32%, followed closely by sensitive data exposure at 30%.

Authentication 52

Authentication Risk Data breaches Malware 52

Security Boulevard

OCTOBER 7, 2022

Fri, 10/07/2022 - 14:34. A public key infrastructure (PKI) is responsible for supporting public encryption keys while also enabling users and computers to safely exchange data over networks and verify the identity of other parties. 7 Things Every CISO Needs to Know About PKI. Alexa Cardenas. Reduce risk and achieve compliance.

CISO 52

CISO Risk Cyber Attacks Technology 52

Security Affairs

JUNE 14, 2022

Organizations face the constant need to protect these APIs from attacks so they can protect organizational data. Organizations are rapidly opening their ecosystem through Application Programming Interfaces (API) by ensuring seamless access to data and interaction with external software components and services.

Authentication 76

Authentication Encryption Software Hacking 76

Security Boulevard

JUNE 10, 2022

Fri, 06/10/2022 - 17:06. Identity and Access Management in Multi-Cloud Environments. brooke.crothers. I AM challenges in a multi-cloud environment. There are several challenges to implementing secure IAM practices across a multi-cloud environment. There is no standardized multi-cloud security model.

Architecture 78

Architecture Encryption Risk Technology 78

Security Boulevard

FEBRUARY 28, 2022

Mon, 02/28/2022 - 11:55. The Industrial Internet of Things (IIoT) puts networked sensors and intelligent devices directly on the manufacturing floor to collect data, drive artificial intelligence and do predictive analytics. After RFID readers scan the tags, the data extracted gets transmitted to the cloud for processing.

Manufacturing 98

Manufacturing IoT Authentication Artificial Intelligence 98

Security Boulevard

JUNE 28, 2022

Tue, 06/28/2022 - 17:39. The bank of things facilitates the billions of data transfers that take place every day. IoT has also transformed the financial services sector in a variety of ways: Real-time data. With IoT, data can be gathered in real-time. IoT and Machine Identity Management in Financial Services.

Financial Services 64

Financial Services IoT Banking Retail 64

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. “I ran my own analysis on top of their data and reached the same conclusion that Taylor reported.

Cryptocurrency 348

Cryptocurrency Passwords Encryption Accountability 348

Security Boulevard

JULY 19, 2022

Tue, 07/19/2022 - 18:10. The majority (88%) of IT decision makers are exploring Kubernetes and containers, according to 2021 data from New Relic. 46% say m isconfiguration is the top security concern. 46% say m isconfiguration is the top security concern. A breached container can affect other containers and pods.

Authentication 52

Authentication Digital transformation Risk Engineering 52

Jane Frankland

JUNE 20, 2023

In this blog, and ahead of my talk at Infosec this week , I’m delving into this, and giving you tips for recognising its signs and preventing it as a leader. But although burnout is a prevalent issue, many people still feel uncomfortable discussing it openly. The stakes are simply too high to neglect this.

Cybersecurity 130

Cybersecurity Risk InfoSec CISO 130

Malwarebytes

JULY 13, 2022

Fast forward to 2022, and the headache has become a migraine—not just for IT teams but business owners, employees, and customers as well. To understand how we got here, let’s first take a closer look at recent statistics on the top ransomware variants, countries and industries attacked. Top ransomware variants. Top countries.

Ransomware 105

Ransomware Manufacturing Government Computers and Electronics 105

Cisco Security

OCTOBER 3, 2022

Now, after several readings, debates, committee hearings, and periods of consultation, the Telecommunications (Security) Act is quickly becoming reality for providers of public telecoms networks and services in the UK, going live on 1 October 2022. Those not in compliance face large fines (up to 10% of company turnover for one year).

Telecommunications 116

Telecommunications Data breaches Risk Government 116

Cisco Security

AUGUST 29, 2022

In part one of our Black Hat USA 2022 NOC blog, we discussed building the network with Meraki: Adapt and Overcome. Mapping Meraki Location Data with Python, by Christian Clausen. During an investigation, we used SecureX to visualize the threat intelligence and related artifacts, correlating data.

DNS 86

DNS Wireless Malware Firewall 86

Security Boulevard

APRIL 20, 2022

Download your free copy of the 2022 ThreatLabz Phishing Report, and check out our infographic. As the findings of the ThreatLabz 2022 Phishing Report reveal, the challenge is getting harder: adversaries are getting craftier, and attackers are growing in numbers due to pre-built phishing kits available on the darknet.

Phishing 115

Phishing Retail Risk Architecture 115

SecureList

MAY 27, 2022

IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. IT threat evolution in Q1 2022. Non-mobile statistics. Mobile statistics. Targeted attacks. MoonBounce: the dark side of UEFI firmware. The campaign has two goals: gathering information and stealing cryptocurrency. Roaming Mantis reaches Europe.

Phishing 110

Phishing Spyware Firmware Malware 110

Security Affairs

APRIL 21, 2023

Phishing-borne threats IBM’s 2022 Data Breach report highlighted how effective phishing-based attacks have become, being the second leading cause of cybersecurity incidents globally, by using a sample instance that affected hundreds of international entities. The eight most common forms of phishing-based cyberattacks.

Phishing 79

Phishing Social Engineering Security Awareness Passwords 79

Security Boulevard

MAY 10, 2022

Tue, 05/10/2022 - 12:12. Indeed, Verizon Enterprise wrote in its Data Breach Investigations Report (DBIR) 2021 that credentials—both for human and machine identities—constituted the top variety type in 60% of analyzed breaches for the year. Machine Identities, Human Identities, and the Risks They Pose.

Risk 52

Risk Phishing Digital transformation Social Engineering 52

Centraleyes

JANUARY 14, 2024

Over 9 out of 10 CEOs agree that measuring and communicating risk is critical to achieving long-term success, yet not enough companies know how to conduct risk management practically. Notably, among the top priorities is the imperative to refresh and improve 3rd party risk assessment methods. It is actually a transformative force.

Risk 52

Risk Cybersecurity Government Insurance 52

SecureList

DECEMBER 7, 2021

With double extortion, not only do the attackers encrypt data, but they also steal highly sensitive information (personal data of clients and employees, internal documents, intellectual property, etc.) That is precisely why we have chosen ransomware as our story of the year for Kaspersky’s annual Security Bulletin.

Ransomware 126

Ransomware B2B B2C Government 126

Cisco Security

AUGUST 28, 2023

The Black Hat Network Operations Center (NOC) provides a high security, high availability network in one of the most demanding environments in the world – the Black Hat event. The NOC partners are selected by Black Hat, with Arista, Cisco, Corelight, Lumen, NetWitness and Palo Alto Networks delivering from Las Vegas this year.

Wireless 68

Wireless DNS Mobile Technology 68

Krebs on Security

JULY 13, 2023

The message contained links to confidential Ashley Madison documents, and included a manifesto that said a hacker group calling itself the Impact Team was prepared to leak data on all 37 million users unless Ashley Madison and a sister property voluntarily closed down within 30 days. It was around 9 p.m.

Hacking 182

Hacking Accountability Engineering Media 182

Security Boulevard

JANUARY 2, 2024

The absence of encryption allows attackers to eliminate development cycles and decryption support and quietly exfiltrate data before making ransom demands. Clop ransomware’s zero day attack on the file transfer tool MOVEit was the largest data theft of 2023, impacting 83 million individuals and nearly 3,000 organizations.

CISO 104

CISO Social Engineering Architecture Ransomware 104

Krebs on Security

MARCH 4, 2022

Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches. “ Trump “), a top Conti overlord. Part II explored what it’s like to be an employee of Conti’s sprawling organization. Image: Chainalysis.

Ransomware 201

Ransomware Insurance Cyber Insurance Accountability 201