Data Breaches

The recent arrest of US Air Force airman Jack Teixeira following his illegal sharing of classified information just to show off to his buddies shone a spotlight on the conversation surrounding access control. In Teixeira’s case, all the ingredients necessary to protect the classified information were in place, but sadly they appear to have been ignored and abused by Teixeira and his superiors. In the mythical land of Nirvana, where everything is perfect, CISOs would…

Read More

When organizations consider application programming interface (API) security, they typically focus on securing APIs that are written in-house. However, not all the APIs that companies use are developed internally, rather some are designed and developed by other organizations. The problem is that many companies don’t realize that using third-party APIs can expose their applications to security issues, such as malware, data breaches, and unauthorized access. Third-party APIs are software interfaces that allow organizations to leverage…

Read More

The vast majority of CISOs have observed positive security culture gains in their organizations in the last year despite a perceived dip in the quality of overall security posture, according to the 10th annual Information Security Maturity Report published by ClubCISO and Telstra Purple. The research surveyed 182 members of ClubCISO, a global community of information security leaders working in public and private sector companies. The paper paints an optimistic picture of organizational security with…

Read More

In an unusual attack campaign, a hacker has been setting up rogue GitHub repositories that claim to host zero-day exploits for popular applications but which instead deliver malware. The attacker also created fake GitHub and Twitter accounts posing as security researchers and even used real photos of researchers from well-known cybersecurity firms. “The attacker has made a lot of effort to create all these fake personas, only to deliver very obvious malware,” researchers from security…

Read More

Researchers investigating an Office 365 account compromise resulting from an adversary-in-the-middle (AitM) phishing attack found evidence of a much larger global attack campaign that spans the past year and is possibly tied to an infostealer malware called FormBook. “In the past few years, Sygnia’s IR teams have engaged in numerous incidents in which world-wide organizations were targeted by BEC attacks,” researchers from cybersecurity firm Sygnia said in their report. “While some of these attacks were…

Read More

Cybersixgill’s new IQ cybersecurity threat intelligence application promises to offer quicker and more digestible intelligence on potential threats on the dark web, by leveraging generative AI to provide automated reporting and dissemination of information. The idea is to simplify access to threat intelligence data, which ordinarily is done manually by analysts. According to the company’s announcement, Cybersixgill IQ, which is trained on the company’s own data sets, is able to “democratize” cybersecurity threat intelligence by…

Read More

Software supply chain security vendor Rezilion has announced the release of a new agentless solution for vulnerability management. It enables security teams to monitor exploitable software attack surfaces in runtime without using an agent, reducing the time and overhead required for traditional runtime-based software vulnerability analysis, according to the firm. Rezilion’s new solution covers all versions of Windows and Linux across 12 code languages, it said. Effective prioritization and remediation of software vulnerabilities can be…

Read More

With an ever-increasing number of cybersecurity threats and attacks, companies are becoming motivated to protect their businesses and customer data both technically and financially. Finding the right insurance has become a key part of the security equation, which is no surprise given that the average cost of a data breach in the US has risen to $9.44 million — more than twice the global average of $4.35 million. The global cyber insurance market was valued…

Read More