Data Breaches

Growing number of endpoint security tools overwhelm users, leaving devices unprotected

Enterprises that use endpoint security and management technologies face a problem of growing marketplace “sprawl,” as new tools proliferate and options multiply, according to a study released today by the Enterprise Services Group. Between the ongoing influence of remote work and IoT, the number and diversity of devices that have to be managed by endpoint security tools is on the rise. As a consequence, the number of available tools to manage them has also risen.…

Read More

What is the difference between cyber risk management and cyber resilience?

Cyber Security Hub speaks to Sourabh Haldar, threat policy implementation lead of information and cyber security at Standard Chartered Bank about the importance of cyber resilience in the face of emerging threats. Cyber Security Hub: What do you think will be the biggest threat vector and/or threat target in 2023? Sourabh Haldar: From a sector-wide perspective, phishing and social engineering-based attacks are definitely a concern. Phishing is the easiest way for malicious actors to gain…

Read More

Cohesity Data Cloud 7.0 enhances privileged access authentication, ransomware recovery

Data security and management vendor has announced the 7.0 software release of its Cohesity Data Cloud platform. The release provides customers with enhanced cyber resiliency capabilities to help protect and secure data against cyberattacks, the firm stated in its announcement. Expanded features include privileged access hardening, accelerated ransomware recovery for files and objects, and attack surface reduction via AWS GovCloud support, Cohesity added. Cohesity 7.0 focuses on a “data-centric” approach to cyber resilience In a…

Read More

Surge of swatting attacks targets corporate executives and board members

At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would harm first responders, too. Groveland police chief Jeffrey Gillen summoned the police, fire, and emergency mutual aid of the nearby towns of Ipswich, Rowley, Topsfield, and Haverhill. Police evacuated neighboring…

Read More

What CISOs need to know about the renewal of FISA Section 702

In our hyperconnected world, multinational organizations operate within and across multiple nation-states. Those who do business within the United States will want to keep their eye on the status of Section 702 of the Foreign Intelligence Surveillance Act (FISA), which sets out procedures for physical and electronic surveillance and collection of foreign intelligence. Section 702 specifically addresses how the US government can conduct targeted surveillance of foreign persons located outside the US, with the compelled…

Read More

MKS Instruments falls victim to ransomware attack

Semiconductor equipment maker MKS Instruments is investigating a ransomware event that occurred on February 3 and impacted its production-related systems, the company said in a filing with the US Security and Exchange Commission. MKS Instruments is an Andover, Massachusetts-based provider of subsystems for semiconductor manufacturing, wafer level packaging, package substrate and printed circuit boards. An email sent to MKS Instruments seeking more information about the attack remained unanswered, while the company’s website continued to be inaccessible at the time…

Read More

Massive ransomware attack targets VMware ESXi servers worldwide

A global ransomware attack has targeted thousands of servers running the VMware ESxi hypervisor, with many more servers expected to be affected, according to national cybersecurity agencies and security experts around the world. The Computer Emergency Response Team of France (CERT-FR) was the first to notice and send an alert about the attack. “On February 3, CERT-FR became aware of attack campaigns targeting VMware ESXi hypervisors with the aim of deploying ransomware on them,” CERT-FR wrote. …

Read More

The dangerous vulnerabilities caused by weak email security

Why email security Threats to email security are on the rise. Research conducted for Cyber Security Hub’s Mid-Year Market Report 2022 found that 75 percent of cyber security practitioners think that email-based attacks such as phishing and social engineering are the ‘most dangerous’ cyber security threat to their organizations. Companies must protect this vulnerable asset without compromising its efficiency in communication. Email security is integral to protecting companies from external threats but also essential to…

Read More

Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition

Cyber insurance firm Coalition has predicted that there will be 1,900 average monthly critical Common Vulnerabilities and Exposures (CVEs) in 2023, a 13% increase over 2022. The predictions are a part of the company’s Cyber Threat Index, which was compiled using data gathered by the company’s active risk management and reduction technology, combining data from underwriting and claims, internet scans, its global network of honeypot sensors, and scanning over 5.2 billion IP addresses. The 1,900 CVEs…

Read More

OPSWAT mobile hardware offers infrastructure security for the air gap

Infrastructure protection vendor OPSWAT has announced the availability of its new MetaDefender Kiosk K2100 hardware, designed to provide a mobile option for users who want the company’s media-scanning capabilities to work in the field. OPSWAT’s MetaDefender line of kiosks is designed to address a potential security weakness for critical infrastructure defended by air gaps. In order to patch those systems, audit them, or move data among them, removable media like SD cards, USB sticks and…

Read More