Data Breaches

Web hosting and infrastructure provider GoDaddy said it suspects a recent attack on its infrastructure in December 2022 may be connected to a series of incidents the business has been experiencing since 2020. The attack involved an unauthorized third-party gaining access to and installing malware on GoDaddy’s cPanel hosting servers, the company disclosed in an SEC filing. The company only discovered the security breach following customer reports in early December 2022 that their sites were…

Read More

With cyberattacks rising at an alarming rate around the world, cyber insurance has become an increasingly popular layer of protection for businesses across all sectors. However, despite its clear appeal as a means of supporting and augmenting cyber risk management, insurance might not be the right fit for all companies in every circumstance. In fact, there are compelling reasons why some might be advised to avoid, delay, or at least seriously reconsider buying or renewing…

Read More

The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs has recommended that the European Commission reject the proposed EU-US Data Privacy Framework, which would govern the way in which the personal information of EU citizens is handled by US companies. The committee’s decision — formally, a draft motion for a resolution— represents a rejection of the European Commission’s recommendation, announced in December, that the data privacy framework should be adopted. The recommendation stated…

Read More

A new variant of Mirai — the botnet malware used to launch massive DDoS attacks —has been targeting 13 vulnerabilities in IoT devices connected to Linux servers, according to researchers at Palo Alto Network’s Unit 42 cybersecurity team.  Once the vulnerable devices are compromised by the variant, dubbed V3G4, they can fully controlled by attackers and become part of a botnet, capable of being used to conduct further campaigns, including DDoS attacks.  “The vulnerabilities have…

Read More

A new study of over a half-million malware samples collected from various sources in 2022 revealed that attackers put a high value on lateral movement, incorporating more techniques that would allow them to spread through corporate networks. Several of the most prevalent tactics, as defined by the MITRE ATT&CK framework, that were identified in the dataset aid lateral movement, including three new ones that rose into the top 10. “An increase in the prevalence of…

Read More

The evolution of cybercrime is weighing heavily on digital forensics and incident response (DFIR) teams, leading to significant burnout and potential regulatory risk. That’s according to the 2023 State of Enterprise DFIR survey by Magnet Forensics, a developer of digital investigation solutions. The firm surveyed 492 DFIR professionals in North America and Europe, the Middle East, and Africa working in organizations in industries such as technology, manufacturing, government, telecommunications, and healthcare. Respondents described the current…

Read More

Abnormal Security has identified two groups that are using executive impersonation to execute Business Email Compromise (BEC) attacks on companies worldwide.  The first group, Midnight Hedgehog, engages in payment fraud, while the second group, Mandarin Capybara, executes payroll diversion attacks. Both groups have launched BEC campaigns in at least 13 different languages, including Danish, Dutch, Estonian, French, German, Hungarian, Italian, Norwegian, Polish, Portuguese, Spanish, and Swedish, the researchers noted. While attacking targets across various regions…

Read More

With the rapid growth and increasing complexity of cloud environments, organizations are increasingly at risk from various security threats. Cloud security posture management (CSPM) is a process that helps organizations continuously monitor, identify, and remediate security risks in the cloud. The use of automation in CSPM is crucial to ensuring the security and compliance of an organization’s cloud infrastructure. A key component of CSPM is the automation of its core tasks: continuous monitoring, remediation of…

Read More

Identity and access management (IAM) vendor Okta today released a report detailing app use and security trends among its broad user base. Among other trends it identified, the report found that zero trust security policies have become more common, and uptake of a wide range of security tools has been sharply on the rise. Okta survyed 17,000 customers globally, and found that zero trust usage among its  clients has increased from 10% two years ago…

Read More