Data Breaches

US Congress funds cybersecurity initiatives in FY2023 spending bill

On December 23, the House and Senate Appropriations Committee agreed to a $1.7 trillion omnibus spending bill that funds government operations through the fiscal year 2023. On December 29, President Biden signed it. The 4,155-page bill reflects an already agreed-upon $858 billion for defense spending and an additional $800 billion for non-defense spending, including several prominent cybersecurity items. US Senator Chris Murphy (D-CT), chair of the Subcommittee on Homeland Security, said, “This bill is a…

Read More

Log4Shell remains a big threat and a common cause for security breaches

The Log4Shell critical vulnerability that impacted millions of enterprise applications remains a common cause for security breaches a year after it received patches and widespread attention and is expected to remain a popular target for some time to come. Its long-lasting impact highlights the major risks posed by flaws in transitive software dependencies and the need for enterprises to urgently adopt software composition analysis and secure supply chain management practices Log4Shell, officially tracked as CVE-2021-44228,…

Read More

CPRA explained: New California privacy law ramps up restrictions on data use

On January 1, 2023, 20, the California Privacy Rights Act (CPRA) will go into effect. Approved by ballot measure as Proposition 24 in November 2020, it created a new consumer data privacy agency and put California another step ahead of other states in terms of privacy productions for consumers—and data security requirements for enterprises. California already had a privacy law in place, the California Consumer Privacy Act (CCPA), adopted in 2018. It went into effect in…

Read More

How does CISO strategy prevent threats?

Executive summary of CISO CISOs are under immense pressure to protect their organization and keep them out of the breach headlines. The largest obstacle to this goal is an evolving threat landscape that is increasing in sophistication. Payments from successful ransomware attacks fuel this evolution in the form of ransomware-as-a-service models. To break the trend, this report will explore why CISOs, and their teams can no longer simply react to these threats and must prevent…

Read More

The most dangerous cyber security threats of 2023

In this round up, we reveal which threat vectors cyber security experts believe will rise to prominence in 2023, and they offer their advice on how best to combat them. When asked in mid-2022 by Cyber Security Hub which threat vectors posed the most dangerous threat to their organizations, 75 percent of cyber security professionals said social engineering and phishing. Since the survey closed, multiple organizations such as Dropbox, Revolut, Twilio, Uber, LastPass and Marriott…

Read More

The top 12 tech stories of 2022

The technology sector’s vulnerability to the vagaries of geopolitics and the macroeconomy became clearer than ever in 2022, as IT giants laid off workers en masse, regulators cracked down on tech rule-breakers, nations negotiated data privacy, the EU-China chip war widened, and the Ukraine war disrupted business as usual. Through it all the classic tech themes—including innovation, constant change, and the fight to bolster cybersecurity—continued as ChatGPT was released, Broadcom sought to purchase VMWare, a…

Read More

Customer details compromised in LastPass data breaches

The data breaches LastPass suffered in August and November 2022 resulted in confidential customer information being compromised. In a statement, LastPass explained that the August breach saw a malicious actor steal source code and technical information from LastPass’ development environment that was then used to target an employee. This allowed the hacker to gain access to credentials and keys, which they then used to access LastPass’ third-party cloud storage service in November 2022. Using the…

Read More

How carding can affect your business

This article explains what carding is, how hackers can gain access to payment details and the effects carding cyber attacks can have on businesses. In the first six months of 2022, there were 230,937 credit card fraud reports filed in the US alone, highlighting the growth of carding as a threat vector This article will explore carding, how it operates and the devastating effects it can have on ecommerce businesses. Contents:  What is carding and…

Read More

How Marvel’s Avengers inspire Pinsent Masons CISO to adapt cybersecurity hiring

Cybersecurity’s ongoing battle with a “skills shortage” has seen the sector lose its way regarding talent hiring and retention, says Christian Toon, CISO at London-based law firm Pinsent Masons. In an industry crying out for diversity and innovation, this year’s number one UK CSO 30 Awards winner says he takes inspiration from the Marvel Comics universe to challenge traditional HR approaches and more effectively recruit and keep security talent. “We have what some describe as…

Read More

Social media use can put companies at risk: Here are some ways to mitigate the danger

We live in a social world, but should our businesses? For many, the answer to that is increasingly no—that’s why laws and regulations have recently been put in place restricting access to some social media in certain situations because of the hidden risks of these seemingly innocuous platforms. The United States federal government and some US states, for example, have barred government-issued devices from the use of Chinese-owned TikTok, which allows users to create and…

Read More