Data Breaches

Organizations in developed countries are not as prepared for cybersecurity incidents compared to those in developing countries, according to Cisco’s Cybersecurity Readiness Index, released today. Countries that were found to be most mature in their overall cybersecurity readiness included Asia-Pacific countries such as Indonesia, with 39% of organizations in what Cisco considers a “mature stage” of security preparedness; Philippines and Thailand, both with 27% of organizations in the mature stage; and India, with 24% of…

Read More

Cyber asset attack surface management (CAASM) or external attack surface management (EASM) solutions are designed to quantify the attack surface and minimize and harden it. The goal with CAASM tools is to give the adversary as little information about the security posture of the business as possible while still maintaining critical business services. If you’ve ever watched a heist film, step one in executing the score of the century is casing the place: observing security…

Read More

ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure and provide end users with a unified login approach to all their applications. “While ForgeRock already offers passwordless authentication for…

Read More

ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure and provide end users with a unified login approach to all their applications. “While ForgeRock already offers passwordless authentication for…

Read More

Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP) program to “proactively identify information systems that contain security vulnerabilities commonly associated with ransomware attacks.” Once the program identifies vulnerable systems, regional CISA personnel will notify them so they can mitigate the flaws before attackers can cause too much damage.  CISA says it will seek out affected systems using existing services, data sources, technologies, and…

Read More

Ransomware group BianLian has shifted the main focus of its attacks away from encrypting the files of its victims to focusing more on extortion as a means to extract payments from victims, according to cybersecurity firm Redacted. The shift in the operating model comes as a result of Avast’s release of a decryption tool that allowed a victim of the BianLian ransomware gang to decrypt and recover their files without paying any ransom. The decryption…

Read More

Microsoft released its monthly security bulletin this week, covering patches for over 80 vulnerabilities across its products. However, two of them had already been used by attackers before patches were released. One vulnerability affects all supported versions of Outlook for Windows and allows attackers to steal Net-NTLMv2 hashes and then use them in NTLM (New Technology LAN Manager) relay attacks against other systems. The second allows attackers to bypass Microsoft SmartScreen, a technology built into…

Read More