Data Breaches

Congressional health insurance service hit by data breach

A health insurance marketplace that provides coverage for members of the US Congress and congressional staffers was found to be compromised on Wednesday, according to a letter apparently sent from House Chief Administrative Officer Catherine L. Szpindor to members of that chamber. Szpindor’s office would not directly confirm or deny the authenticity of the letter, which was first published on Twitter by a reporter for the right-wing Daily Caller news site. However, a spokesperson for…

Read More

GitHub begins 2FA rollout for code contributors

GitHub has begun its official rollout of two-factor authentication (2FA) for developers who contribute code to the platform to enhance the security of accounts and the software supply chain. GitHub first announced its intention to mandate 2FA for all code contributors in May 2022, and will begin the first group’s enrolment on Monday, March 13. GitHub is allowing users to choose their preferred 2FA method – SMS, TOTP, security keys, or GitHub mobile. The rollout…

Read More

Lazarus group infiltrated South Korean finance firm twice last year

Lazarus group was spotted exploiting flaws in unnamed software to gain access to a South Korean finance firm twice last year.  The North Korea-linked group had infiltrated the affected company in May 2022 and again in October through the same software’s zero-day vulnerability, according to a research by AhnLab Security Emergency Response Center (ASEC).  ASEC reported the software in question to the Korean Internet and Security Agency since the vulnerability has not been fully verified…

Read More

SANS, Google launch academy to promote cloud security, diversity in workforce

SANS Institute has launched the SANS Cloud Diversity Academy (SCDA) in partnership with Google, to help provide training and certifications to women, ethnic minorities, Indigenous people and other groups that are currently underrepresented in the cybersecurity sector. A 2022 report by Cybersecurity Ventures found that women make up only 25% of the cybersecurity workforce globally, while an Aspen Digital Tech Policy report from the same year found that only 9% of cybersecurity experts are Black,…

Read More

Hard-coded secrets up 67% as secrets sprawl threatens software supply chain

The number of detected hard-coded secrets increased by 67% last year compared to 2021, with 10 million new secrets discovered in public GitHub commits in 2022. That’s according to GitGuardian’s State of Secrets Sprawl 2023 report. It found that hard-coded secrets and accelerating secrets sprawl (storing secrets in many different places) are threatening the security of software supply chains. Hard-coded secrets pose significant security risks because they are often stored in plain text, making it…

Read More

How CISOs can do more with less in turbulent economic times

CISO Nicole Darden Ford has become accustomed to doing more with less since the COVID-19 pandemic suddenly upended her company’s workforce. “I got off a plane from India and saw all these people with masks at the airport in Washington, DC, and I wondered what was going on. I went straight to the office where my CEO and CIO explained our new reality: We were going into quarantine and we had less than a week…

Read More

Attack campaign uses PHP-based infostealer to target Facebook business accounts

Over the past year, a group of attackers has targeted Facebook business account owners by spreading information stealing malware through malicious Google ads or fake Facebook profiles. The infection chain uses DLL sideloading via legitimate apps, as well as self-contained executable files written in various programming languages such as Rust, Python, and PHP. “We have seen SYS01stealer attacking critical government infrastructure employees, manufacturing companies, and other industries,” researchers from security firm Morphisec said in a…

Read More

Akamai releases new threat hunting tool backed by Guardicore capabilities

Akamai on Tuesday launched Akamai Hunt, a visibility tool that uses the infrastructure of microsegmentation platform Guardicore to allow customers to identify and remediate threats and risks in their cloud environments. Akamai acquired Guardicore in October 2022 for about $600 million. Akamai Hunt combines Akamai’s historic data with Guardicore’s network segmentation and visualization capabilities to help identify and eliminate threats. “An earlier version of Hunt was available through Guardicore to a limited set of customers,”…

Read More

What is zero trust? A model for more effective security

Security leaders are embracing zero trust, with the vast majority of organizations either implementing or planning to adopt the strategy. The 2022 State of Zero-Trust Security report found that 97% of those surveyed either have or plan to have a zero-trust initiative in place within 18 months. In fact, the percentage of organizations with zero trust already in place more than doubled in just one year, jumping from 24% in 2021 to 55% in the…

Read More

PayPal sued for negligence in data breach that affected 35,000 users

A pending class action lawsuit accuses online payments giant PayPal of failing to adequately safeguard the personal information of its users, leaving them vulnerable to identity theft and related ills at the hands of the unidentified perpetrators of a data breach that occurred late last year. Nearly 35,000 people were affected by the cyberattack, which used previously compromised usernames and passwords to gain access to PayPal’s systems. PayPal’s notice to users whose personal information was…

Read More