Data Breaches

As phishing attacks increase, preventing them from doing damage is proving costly for organizations. Phishing-related activities are consuming a third of the total time available to IT and security teams and costing organizations anywhere between $2.84 and $85.33 per phishing email, according to a new report by Osterman Research. The report does not calculate the cost of damage caused by phishing, rather the productivity loss of IT and security teams. On average, organizations spend 16-30…

Read More

Losses to imposter scams based on synthetic identities—identities that only exist as figments in a credit reporting bureau’s records—will rise from a reported $1.2 billion in 2020 to $2.48 billion by 2024 in the US, according to an analysis published Thursday by identity verification vendor Socure. Synthetic identities became a common concern for businesses and financial institutions in the mid-2010s, Socure’s report said. Typically, such an identity is based on a real person, but with…

Read More

Distributing malware inside password-protected archives has long been one of the main techniques used by attackers to bypass email security filters. More recently, researchers have spotted a variation that uses nested self-extracting archives that no longer require victims to input the password. “This is significant because one of the most difficult obstacles threat actors face when conducting this type of spam campaign is to convince the target to open the archive using the provided password,”…

Read More

Threat actors are actively exploiting multiple Common Vulnerabilities and Exposures (CVEs) against enterprise cloud-hosted collaboration software and email platform Zimbra Collaboration Suite (ZCS), according to an advisory update jointly issued by the US Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The latest update lists CVEs currently being exploited based on a new Malware Analysis Report, MAR-10398871.r1.v2 and warns that threat actors may be targeting unpatched ZCS instances in…

Read More

The number of documented supply chain attacks involving malicious third-party components has increased 633% over the past year, now sitting at over 88,000 known instances, according to a new report from software supply chain management company Sonatype. Meanwhile, instances of transitive vulnerabilities that software components inherit from their own dependencies have also reached unprecedented levels and plague two-thirds of open-source libraries. “The networked nature of dependencies highlights the importance of having visibility and awareness about…

Read More

Today’s credential-based attacks are much more sophisticated. Whether it’s advanced phishing techniques, credential stuffing, or even credentials compromised through social engineering or breaches of a third-party service, credentials are easily the most vulnerable point in defending corporate systems. All these attacks key on traditional credentials, usernames and passwords, which are past their expiration date as a legitimate security measure. The most effective way forward in enhancing access security is implementing multi-factor authentication (MFA). Security professionals…

Read More

Millennials and Gen Z employees in the US are much less likely to prioritize or adhere to cybersecurity protocols than their older Gen X and Baby Boomer counterparts, according to a recent survey by EY Consulting. The survey suggests that despite understanding the need for security measures, younger, digitally native workers were significantly more likely to disregard mandatory IT updates for as long as possible (58% for Gen Z and 42% for millennials vs. 31%…

Read More

GitGuardian has added infrastructure-as-code (IaC) scanning to its code security platform to enhance the security of software development. The firm said the new feature will help security and development teams write, maintain, and run secure code, protecting the software development lifecycle (SDLC) against risks like tampering, code leakage and hardcoded credentials. The release reflects a growing industry focus on improving the cybersecurity of software development processes to help better protect widely used resources and supply…

Read More