Cyber Security Informer

GUEST ESSAY: The Top 10 cybersecurity shortfalls that put SMBs, enterprises at elevated risk

The Last Watchdog

APRIL 17, 2023

Even the most well-protected companies can be susceptible to attacks if they are not careful about a proactive approach towards cyber security. Here are a few of the top security weaknesses that threaten organizations today: Poor risk management. Anemic asset management. Weak access controls.

Risk

Risk Cybersecurity Data breaches Cyber Attacks

Does moving to the cloud mean compromising on security?

Security Boulevard

FEBRUARY 18, 2024

Cloud security means multiple teams with a shared responsibility. However, some organisations are now moving back to on-premise systems due to concerns around high operational costs, cloud performance issues, or cyber security. But can be be secure, and if so - how?

Encryption

Encryption Authentication Insurance Risk

NSA on Authentication Hacks (Related to SolarWinds Breach)

Schneier on Security

DECEMBER 18, 2020

The NSA has published an advisory outlining how “malicious cyber actors” are “are manipulating trust in federated authentication environments to access protected data in the cloud.” From the summary : Malicious cyberactors are abusing trust in federated authentication environments to access protected data.

Authentication

Authentication Hacking Accountability Cybersecurity

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

VMware Flaw a Vector in SolarWinds Breach?

Krebs on Security

DECEMBER 18, 2020

National Security Agency (NSA) warned on Dec. 7, 2020, the NSA said “Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication.”

Software

Software Authentication Hacking Government

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

Identity and access management services provider Okta warned of a spike in credential stuffing attacks aimed at online services. Attackers automate the process of trying these credentials on various websites until they find a match, granting them unauthorized access to compromised accounts.

VPN

VPN Accountability Firewall Data breaches

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Krebs on Security

APRIL 3, 2024

But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding their illegal activities. Since that story ran, KrebsOnSecurity has heard from this Saim Raza identity on two occasions. Image: DomainTools. The first was in the weeks following the Sept.

Phishing

Phishing Cybercrime Malware Advertising

Graduation to Adulting: Navigating Identity Protection and Beyond!

Webroot

MAY 9, 2024

There’s one first you might not have considered: your first identity protection plan. Why is identity protection important? Why protecting your identity matters Imagine this: you’re building your credit score, applying for a credit card, or renting your first apartment. But it’s not just about identity theft.

Identity Theft

Identity Theft VPN Password Management Antivirus

Data Security Trends: 2024 Report Analysis

Thales Cloud Protection & Licensing

MARCH 24, 2024

Data Security Trends: 2024 Report Analysis madhav Mon, 03/25/2024 - 05:08 Amid ongoing economic uncertainty and a progressively complex threat landscape, businesses are trying to navigate increasingly stringent regulatory requirements while bolstering their security posture.

Artificial Intelligence

Artificial Intelligence IoT Technology Threat Reports

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The Last Watchdog

NOVEMBER 8, 2021

However, healthcare data ranks at the top of the list for needing improvements in security and privacy protections. This data is managed by different entities, such as primary care facilities, acute care facilities and within associated applications that collect, store and track health data, creating numerous exposure vulnerabilities.

Healthcare

Healthcare Technology Architecture IoT

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

GUEST ESSAY: 3 sure steps to replace legacy network security systems — in a measured way

The Last Watchdog

MAY 18, 2021

To make matters more difficult, implementing new security software and processes to address these issues is another big hurdle, often causing disruption—and not the good kind. Take identity management—arguably one of the most important defenses against cyber threats—for example. Never stop evaluating and auditing.

Network Security

Network Security Technology Software Government

Kroll Employee SIM-Swapped for Crypto Investor Data

Krebs on Security

AUGUST 25, 2023

Security consulting giant Kroll disclosed today that a SIM-swapping attack against one of its employees led to the theft of user information for multiple cryptocurrency platforms that are relying on Kroll services in their ongoing bankruptcy proceedings. ” T-Mobile has not yet responded to requests for comment.

Mobile

Mobile Cyber Risk Cryptocurrency Data breaches

Navigating the Future: Strategic Insights on Identity Verification and Digital Banking in 2024

Thales Cloud Protection & Licensing

JANUARY 3, 2024

Navigating the Future: Strategic Insights on Identity Verification and Digital Banking in 2024 madhav Thu, 01/04/2024 - 05:32 As we embark on 2024, the digital landscape is undergoing a seismic shift, especially in identity verification and digital banking. The need for enhanced security and user convenience drives this change.

Banking

Banking Data privacy Technology Encryption

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Thales Cloud Protection & Licensing

APRIL 29, 2024

However, a relentless barrage of data breaches, ransomware attacks, and sophisticated cyber threats steadily erodes this trust. Comprehensive cybersecurity legislation is imperative to build and maintain confidence in the future and ensure a secure digital landscape. The finalized version might be accessible by late 2024.

Risk

Risk Manufacturing Digital transformation Cybersecurity

Cybersecurity Awareness Month 2023 – What it is and why we should be aware

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cyber threats have evolved from poorly-written scam emails to state-sponsored attacks, ransomware onslaughts, and deepfake technologies. They were rallying calls, urging everyone, from large corporations to individual users, to be stewards of their cyber safety. Themes such as "Our Shared Responsibility" and "Own IT. Protect IT."

Cybersecurity

Cybersecurity Cyber threats Authentication Phishing

How Thales and Red Hat Protect Telcos from API Attacks

Thales Cloud Protection & Licensing

FEBRUARY 21, 2024

Unfortunately, API attacks are increasing as vectors for security incidents. In this blog, we will explain the unique data security challenges for Telcos and three ways how both Thales and Red Hat can help them protect against future API attacks. These volumes are in turn managed by numerous applications and other IT solutions.

Encryption

Encryption Mobile Government Consumer Protection

Security Buyers Are Consolidating Vendors: Gartner Security Summit

eSecurity Planet

JUNE 7, 2023

IT security buyers are consolidating vendors at an overwhelming rate, according to a speaker at this week’s Gartner Security & Risk Management Summit. ” Security Products Merge Into Platforms As part of that trend, security products are consolidating too, MacDonald said.

Workplace Security

Workplace Security Technology Risk Cybersecurity

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Security Boulevard

APRIL 29, 2024

However, a relentless barrage of data breaches, ransomware attacks, and sophisticated cyber threats steadily erodes this trust. Comprehensive cybersecurity legislation is imperative to build and maintain confidence in the future and ensure a secure digital landscape. The finalized version might be accessible by late 2024.

Risk

Risk Manufacturing Cybersecurity Digital transformation

Access Management is Essential for Strengthening OT Security

Thales Cloud Protection & Licensing

MAY 23, 2022

Access Management is Essential for Strengthening OT Security. We have reached the point where highly connected cyber-physical systems are the norm, and the lines between information technology (IT) and operational technology (OT) are blurred. Tue, 05/24/2022 - 06:11. The threat landscape. Attacks against the food sector.

Healthcare

Healthcare Ransomware Authentication Threat Reports

Why Are We Still Separating Credential Management and Machine Identity Management?

Security Boulevard

MARCH 14, 2022

Why Are We Still Separating Credential Management and Machine Identity Management? A fragmented identity management landscape. In a widely distributed business and computing environment, where identities are now the new perimeter to defend, controlling the access to data is crucial. brooke.crothers.

Cloud Migration

Cloud Migration Digital transformation Data breaches Authentication

WeLeakInfo Leaked Customer Payment Info

Krebs on Security

MARCH 15, 2021

com , a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card.

Passwords

Passwords Accountability Hacking Data breaches

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. com , is what’s known as a “SOCKS Proxy” service. SocksEscort[.]com

Malware

Malware VPN Internet Internet

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. Image: spur.us.

Malware

Malware Passwords Accountability Advertising

Nissan Oceania data breach impacted roughly 100,000 people

Security Affairs

MARCH 14, 2024

Nissan Oceania, the regional division of the multinational carmaker, announced in December 2023 that it had suffered a cyber attack and launched an investigation into the incident. Nissan immediately notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre.

Data breaches

Data breaches Identity Theft Financial Services Cybercrime

Cyber Attack on Succession Wealth and NHS Staff Data Leaked

CyberSecurity Insiders

FEBRUARY 17, 2023

Succession Wealth, a financial wealth management service offering company, has released a press statement that a cyber attack targeted its servers and it can only reveal details after the investigation gets concluded. Prima Facie revealed that hackers accessed no client data in the attack.

Cyber Attacks

Cyber Attacks Identity Theft Insurance Social Engineering

Modern Identity and Access Security - Keeping the Good Guys In and the Bad Guys Out

Thales Cloud Protection & Licensing

JUNE 6, 2023

Modern Identity and Access Security - Keeping the Good Guys In and the Bad Guys Out madhav Tue, 06/06/2023 - 07:27 Regarding identity and access, it's becoming harder and harder, if not impossible, to distinguish the "good guys" from the "bad guys." Access security and authentication play an important role.

Authentication

Authentication Identity Theft Marketing Risk

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Security Affairs

JANUARY 7, 2024

Sea Turtle cyber espionage group targeted telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. Sea Turtle also used code from a publicly accessible GitHub account, which is likely under the control of the threat actor. Between 2017 and 2019, the APT group mainly used DNS hijacking in its campaigns.

Media

Media Accountability Telecommunications Government

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

JUNE 23, 2021

The challenge of embracing digital transformation while also quelling the accompanying cyber risks has never been greater for small- and mid-sized businesses. But this also opens up a sprawling array of fresh security gaps that threat actors are proactively probing and exploiting. Related: How ‘PAM’ improves authentication.

Accountability

Accountability Passwords Hacking Cyber Risk

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. That InfraGard member, who is head of security at a major U.S.

Hacking

Hacking Energy and Utilities Cybercrime Accountability

Identity Management Day 2022: Identity Security Is Our Responsibility

Thales Cloud Protection & Licensing

APRIL 12, 2022

Identity Management Day 2022: Identity Security Is Our Responsibility. As the lines between our personal and professional lives continue to blur, protecting our digital identities as consumers, employees, or partners is essential to security. Identity, the last frontier. Tue, 04/12/2022 - 09:41.

Authentication

Authentication Digital transformation Data breaches Phishing

Why Businesses Can’t Afford Anything Less Than Zero Trust in IoT

Security Boulevard

JUNE 23, 2022

68% of IT and security professionals plan to use zero trust for device security; 42% actually do. Some risks specifically affecting IoT include : Built-in vulnerabilities : IoT devices are often shipped specifically for consumer use, without enterprise-grade encryption or security controls.

IoT

IoT Social Engineering Firmware Risk

The Retail Data Threat Environment and Why CIAM is a Key Cornerstone to Better Cybersecurity.

Thales Cloud Protection & Licensing

MAY 10, 2023

Yet, the heart of retail operations - point-of-sale (POS) devices - are constantly on the radar of scammers, and when it comes to digital interactions, the retail sector is ranked as one of the most vulnerable industries to cyber-attacks. Customers must be aware of retail cyber threats.

Retail

Retail Cybersecurity Ransomware Authentication

A Guide to Key Management as a Service

Thales Cloud Protection & Licensing

JUNE 15, 2023

A Guide to Key Management as a Service madhav Thu, 06/15/2023 - 11:29 As companies adopt a cloud-first strategy and high-profile breaches hit the headlines, securing sensitive data has become a paramount business concern. The most effective way to ensure data security is through encryption and proper key management.

Encryption

Encryption Data breaches Authentication Risk

McLaren Health Care revealed that a data breach impacted 2.2 million people

Security Affairs

NOVEMBER 10, 2023

The security breach exposed the sensitive personal information of 2,192,515 people. The investigation revealed that threat actors gained unauthorized access to McLaren’s network between July 28, 2023, and August 23, 2023. McLaren offers to impacted individuals an identity protection services for 12 months. It is a $6.6

Data breaches

Data breaches Identity Theft Insurance Ransomware

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

Thales Cloud Protection & Licensing

NOVEMBER 13, 2023

Defending Financial Services Against Fraud in a Shifting Cyber Landscape sparsh Tue, 11/14/2023 - 05:05 As we approach International Fraud Awareness Week during 12-18 November 2023, taking stock of the evolving threat landscape and the vulnerabilities that financial services organizations face is crucial. billion annually.

Financial Services

Financial Services Encryption Cybercrime Threat Reports

Thales Wins Big in 2023

Thales Cloud Protection & Licensing

NOVEMBER 1, 2023

Google Cloud Technology Partner of the Year Award Thales was selected as the Google Cloud Technology Partner of the Year in the Security – Data Protection category. Powered by Channel Partner Insights, the MSP Innovation Awards Europe celebrates the best of the managed services provider market.

Marketing

Marketing Cybersecurity Technology CISO

The Bridge to Zero Trust

CyberSecurity Insiders

FEBRUARY 28, 2023

No one likes to think their company might be hit by a cyber attack or breach, but the truth is cybercrime is one of the biggest threats your organization can face. This is why governments and organizations around the world are implementing a zero trust security framework to reduce the risk of attacks while protecting resources and data.

Architecture

Architecture Authentication Technology CISO

Cyber Packs: How They're Key to Improving the Nation's Cybersecurity

Thales Cloud Protection & Licensing

MAY 16, 2022

Cyber Packs: How They're Key to Improving the Nation's Cybersecurity. In a previous blog post, I discussed how The White House Executive Order issued on May 12, 2021 laid out new, rigorous government cyber security standards for federal agencies. Fortunately, those organizations can draw upon four new Thales “Cyber Packs”.

Cybersecurity

Cybersecurity Encryption Architecture Technology

Unleashing the Power of Lean: Strengthening Cybersecurity Defenses on Limited Resources

Cytelligence

NOVEMBER 16, 2023

In today’s digital landscape, cyber threats pose a significant risk to organizations of all sizes. While larger corporations can afford robust security teams and sophisticated defense measures, small and lean security teams often struggle to keep up.

Cybersecurity

Cybersecurity Cyber threats Penetration Testing Firewall

CSPM vs CWPP vs CIEM vs CNAPP: What’s the Difference?

eSecurity Planet

AUGUST 4, 2023

As cloud computing evolves, so has cloud security, and buyers in the market for cloud security solutions may find themselves facing a dizzying array of acronyms, like CNAPP, CWPP, CSPM, and CIEM. Securing all those new cloud environments and connections became a job for cybersecurity companies.

Architecture

Architecture Risk Data breaches Threat Detection

Data Security Trends: 2024 Report Analysis

Security Boulevard

MARCH 24, 2024

Data Security Trends: 2024 Report Analysis madhav Mon, 03/25/2024 - 05:08 Amid ongoing economic uncertainty and a progressively complex threat landscape, businesses are trying to navigate increasingly stringent regulatory requirements while bolstering their security posture.

Artificial Intelligence

Artificial Intelligence IoT Technology Threat Reports

How to Secure Access for your Seasonal Workers

Thales Cloud Protection & Licensing

NOVEMBER 20, 2022

How to Secure Access for your Seasonal Workers. These temporary employees will require immediate access to mobile catalogues, ordering systems, loyalty programs, and even point-of-sales (POS) systems. Access management risks of seasonal workers. The importance of effective access management.

Retail

Retail Authentication Data breaches Risk

Identity Management Day Underpins the Importance of Securing Digital Identities

Thales Cloud Protection & Licensing

APRIL 13, 2021

Identity Management Day Underpins the Importance of Securing Digital Identities. Thales is happy to participate in the first-ever Identity Management Day which is held on 13 April 2021. Therefore first and foremost, identity and access to sensitive data and applications must be protected.

Authentication

Authentication Digital transformation Data breaches Technology

Kaiser Permanente Discloses Data Breach Impacting 13.4 Million People

SecureWorld News

APRIL 29, 2024

Department of Health and Human Services on April 12th, Kaiser Permanente suffered a data breach in mid-April that exposed the personal information of approximately 13.4 million affected individuals to inform them of the data breach and provide guidance on steps they can take to protect themselves against potential fraud or identity theft.

Data breaches

Data breaches Healthcare Identity Theft Advertising

GUEST ESSAY: The Top 10 cybersecurity shortfalls that put SMBs, enterprises at elevated risk

Does moving to the cloud mean compromising on security?

Webinars

Trending Sources

NSA on Authentication Hacks (Related to SolarWinds Breach)

Webinars

VMware Flaw a Vector in SolarWinds Breach?

Okta warns of unprecedented scale in credential stuffing attacks on online services

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Graduation to Adulting: Navigating Identity Protection and Beyond!

Data Security Trends: 2024 Report Analysis

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

GUEST ESSAY: 3 sure steps to replace legacy network security systems — in a measured way

Kroll Employee SIM-Swapped for Crypto Investor Data

Navigating the Future: Strategic Insights on Identity Verification and Digital Banking in 2024

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Cybersecurity Awareness Month 2023 – What it is and why we should be aware

How Thales and Red Hat Protect Telcos from API Attacks

Security Buyers Are Consolidating Vendors: Gartner Security Summit

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Access Management is Essential for Strengthening OT Security

Why Are We Still Separating Credential Management and Machine Identity Management?

WeLeakInfo Leaked Customer Payment Info

Who and What is Behind the Malware Proxy Service SocksEscort?

Giving a Face to the Malware Proxy Service ‘Faceless’

Nissan Oceania data breach impacted roughly 100,000 people

Cyber Attack on Succession Wealth and NHS Staff Data Leaked

Modern Identity and Access Security - Keeping the Good Guys In and the Bad Guys Out

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Identity Management Day 2022: Identity Security Is Our Responsibility

Why Businesses Can’t Afford Anything Less Than Zero Trust in IoT

The Retail Data Threat Environment and Why CIAM is a Key Cornerstone to Better Cybersecurity.

A Guide to Key Management as a Service

McLaren Health Care revealed that a data breach impacted 2.2 million people

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

Thales Wins Big in 2023

The Bridge to Zero Trust

Cyber Packs: How They're Key to Improving the Nation's Cybersecurity

Unleashing the Power of Lean: Strengthening Cybersecurity Defenses on Limited Resources

CSPM vs CWPP vs CIEM vs CNAPP: What’s the Difference?

Data Security Trends: 2024 Report Analysis

How to Secure Access for your Seasonal Workers

Identity Management Day Underpins the Importance of Securing Digital Identities

Kaiser Permanente Discloses Data Breach Impacting 13.4 Million People

Stay Connected