Data Breaches

The threat landscape is highly diverse and attacks range in sophistication from the most basic scams to nation-state-level cyberespionage. However, companies need to prioritize their defenses against the most common threats that are likely to impact them and their employees. In its newly released annual State of Malware report, cybersecurity firm Malwarebytes selected five threats that they consider to be archetypes for some of the most common malware families observed in 2022: LockBit ransomware The…

Cloud-based permissions management startup Entitle debuted Wednesday with the launch of its namesake SaaS-based application, designed to automate access requests and solve the problem of what it calls the “entitlement sprawl” faced by corporations. Enterprise security teams are confronted with an overwhelming amount of permission requests, the Israel-based company said. “We saw that permission management is becoming a big issue and interviewed heads of security about the challenges with governance and relevance of access,” said…

Deployment of backdoors on networks was the top action attackers made in almost a quarter of all incidents remediated in 2022. “Backdoors led to a notable spike in Emotet cases in February and March. That spike inflated the ranking of backdoor cases significantly, as those deployed in this timeframe account for 47% of all backdoors identified globally throughout 2022,” according to the newly released IBM Security X-Force Threat Intelligence Index. “Increased backdoor deployment may also be due to…

Traffic Light Protocol (TLP) was created to facilitate greater sharing of potentially sensitive threat information within an organization or business and to enable more effective collaboration among security defenders, system administrators, security managers, and researchers. TLP grew out of efforts by various public-sector security incident response teams of various nations that began sharing security alerts. The protocol was developed so that recipients of threat data could assess its sensitivity and determine how to share it…

Access control provider Alcatraz AI is adding web-based, mobile enrollment and privacy consent management to its flagship facial authentication product, the Rock, to enhance building security and ease employee and visitor registration. The Rock includes an edge device installed near the doors to buildings and secure areas, using 3D facial mapping and machine learning analytics for facial  authentication. The update adds mobile enrollment to the system to streamline onboarding by allowing new employees and visitors…

Despite the billions of dollars poured annually into cybersecurity by investors, organizations, academia, and government, adequate and reliable cybersecurity remains an ever-elusive goal. The technological complexity and growing attack surface, along with a growing array of threat actors and increased interconnectivity, make securing digital systems and assets a perennial pipedream. Chief among the challenges for decision-makers and experts is simply identifying and comprehending society’s cybersecurity risks. One organization, the Washington, DC-based think tank Bipartisan Policy…

DNA Diagnostics Center, a DNA testing company, will pay a penalty of $400,000 to the attorneys general of Pennsylvania and Ohio for a data breach in 2021 that affected 2.1 million individuals nationwide, according to a settlement deal with the states’ attorneys general.  The company will also be required to implement improvements to its data security, including updating the asset inventory of its entire network and disabling or removing any assets identified that are not necessary for…

The dark web is the place where every CISO hope their company’s data will not end up. It consists of sites that are not indexed by popular search engines such as Google, and the dark web includes marketplaces for data usually obtained as a result of a cyberattack such as compromised user accounts, identity information, or other confidential corporate information. Gaining operational intelligence on what data these sites are offering is critical to defending cybercriminals…