Data Breaches

Rezilion expands SBOM to support Windows environments

Software security platform Rezilion has expanded its Dynamic Software Bill of Materials (SBOM) capability to support Windows environments. The firm said the move will provide organizations with the tools to efficiently manage software vulnerabilities and meet new regulatory standards, addressing functionality gaps of traditional vulnerability management tools primarily designed for use with Linux OS. Features include the ability to search and pinpoint vulnerable components, view Windows and Linux risk side by side in one UI,…

Read More

Why it’s time to review your Microsoft patch management options

You have several options to manage patching on Microsoft networks: let machines independently update or use a third-party patching tool, Windows Software Update Services (WSUS), or another Microsoft management product. If you are still using WSUS as your key patching tool, you may want to review your options. Microsoft is developing additional patching tools that will allow you to better manage systems and control administrative access. Is WSUS on the way out? Microsoft has long…

Read More

Fortanix unveils free DSM Explorer edition for managed data security

Fortanix is offering a free tier for its data security manager software, aiming squarely at attracting new small- and medium-size businesses into its customer ranks. The Explorer tier, announced Tuesday, offers five separate solutions for businesses to try or implement long-term, as long as they stay within the various usage caps. Those solutions include tokenization and Google Cloud external key management, which are limited to one application or 10,000 operations per month, Google Workspace client-side…

Read More

Hacker threatens to release data stolen from 9.7m Medibank customers

A threat to release 200GB worth of data stolen from Australian health insurance company Medibank has been posted to a site backed by Russian ransomware group, REvil. The threat comes after Medibank made a public statement that it would not be paying the ransom demanded by the hacker. In the message, the supposed hacker quotes Confuscious, implying Medibank is making a “mistake” by not paying the ransom. The malicious actor then said that they would…

Read More

The 15 biggest data breaches of the 21st century

In today’s data-driven world, data breaches can affect hundreds of millions or even billions of people at a time. Digital transformation has increased the supply of data moving, and data breaches have scaled up with it as attackers exploit the data-dependencies of daily life. How large cyberattacks of the future might become remains speculation, but as this list of the biggest data breaches of the 21st Century indicates, they have already reached enormous magnitudes. […

Read More

Medibank refuses pay ransom after 9.7m customers’ details stolen

Australian health insurance company Medibank has said that it will not be paying a ransom to the hacker that accessed the personal details for 9.7m current and former customers.  The data breach took place after a hacker gained unauthorized access to Medibank’s internal servers on October 13. Originally, Medibank believed that no customer information had been stolen during the hack, however the company was then contacted on October 16 by the supposed hacker, who threatened…

Read More

How to prepare for a SOC 2 audit – it’s a big deal, so you’d better get ready

Organizations that want to prove to others – and to themselves – that they have a solid cybersecurity and data privacy program will undergo a SOC 2 audit. As such, a SOC 2 audit is a big deal, and it’s demanding, and it requires some serious preparation. SOC audits were created by the American Institute of CPAs (AICPA) under several evaluation and reporting frameworks comprising the System and Organization Controls headers SOC 1, SOC 2,…

Read More

Qualys previews TotalCloud FlexScan for multicloud security management

Vulnerability management vendor Qualys this week announced the trial availability of its TotalCloud with FlexScan offering, an agentless, cloud-native vulnerability detection and response platform designed for use in multicloud and hybrid environments. The software is designed to provide a holistic overview of an organization’s cloud-based workloads and identify known vulnerabilities. The system also scans workloads to check whether they’ve opened network ports, and monitors a host of other factors to offer a detailed picture of…

Read More

Geopolitics plays major role in cyberattacks, says EU cybersecurity agency

The ongoing Russia-Ukraine conflict has resulted in an increase in hacktivist activity in the past year, with state-sponsored threat actors targeting 128 governmental organizations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA). In addition, some threat actors targeted Ukrainian and Russian entities during the early days of the conflict, likely for the collection of intelligence, according to the 10th edition of the ENISA threat landscape report. The report—this…

Read More

New US CISO appointments, September 2022

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security. Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have…

Read More