Social Engineering

The Australian Federal Police has revealed that those responsible for the data breach of Australian private health insurer Medibank are in Russia. On October 13, Medibank paused trading in the Australian Securities Exchange and announced there had been a “cyber incident”. At the time the company believed no data had been accessed and that the main issue was at its ahm and international student policy management units. But what started as the second largest breach…

Read More

Cloud security vendor Lacework this week announced the availability of a cloud-native application protection platform (CNAPP) for its broader Polygraph Data Platform offering, providing an agentless, low-touch option for organizations looking to improve their application security posture. There are two main components to the CNAPP release, according to Lacework, both of which require only that the user connect their cloud accounts with Lacework’s apparatus. The first is attack path analysis, which uses Lacework’s systems to…

Read More

For enterprises that handle credit card data, which means just about every consumer-facing company, payment processing is a mission-critical system that requires the highest levels of security. The volume of transactions conducted with general purpose credit cards (American Express, Discover, Mastercard, Visa, UnionPay in China, and JCB in Japan) totaled $581 billion in 2021, up 24.5% year-over-year, according to the Nilson Report. However, credit card issuers, merchants, banks, and third-party transaction processors lost $28.58 billion…

Read More

Potential access management customers got a new option from Okta Wednesday, as the identity and access management (IAM) provider announced a newly streamlined Consumer Identity Cloud system designed to simplify the deployment and use of its various products. Okta said that the new cloud program is split into two main components—those aimed at providing identity validation services for consumers, and those aimed at enterprise customers. The former is focused on providing high-security options for online…

Read More

Over the past several years, hackers have targeted public-facing network devices such as routers, VPN concentrators, and load balancers to gain a foothold into corporate networks. While finding remote code execution vulnerabilities in such devices is not uncommon, incidents where attackers were able to deploy malware on them that can survive restarts or firmware upgrades have been rare and generally attributed with sophisticated APT groups. Because they use flash memory that degrades over time if…

Read More

GitHub has announced new security features across its platform to help protect the software development lifecycle (SDLC). These include private vulnerability reporting, CodeQL vulnerability scanning support for the Ruby programming language, and two new security overview options. The world’s leading development platform said these updates make securing the SDLC end-to-end easier and more seamless for developers. The releases come as SDLC cybersecurity remains high on the agenda with research revealing an increase of almost 800%…

Read More

Software security platform Rezilion has expanded its Dynamic Software Bill of Materials (SBOM) capability to support Windows environments. The firm said the move will provide organizations with the tools to efficiently manage software vulnerabilities and meet new regulatory standards, addressing functionality gaps of traditional vulnerability management tools primarily designed for use with Linux OS. Features include the ability to search and pinpoint vulnerable components, view Windows and Linux risk side by side in one UI,…

Read More

You have several options to manage patching on Microsoft networks: let machines independently update or use a third-party patching tool, Windows Software Update Services (WSUS), or another Microsoft management product. If you are still using WSUS as your key patching tool, you may want to review your options. Microsoft is developing additional patching tools that will allow you to better manage systems and control administrative access. Is WSUS on the way out? Microsoft has long…

Read More

Fortanix is offering a free tier for its data security manager software, aiming squarely at attracting new small- and medium-size businesses into its customer ranks. The Explorer tier, announced Tuesday, offers five separate solutions for businesses to try or implement long-term, as long as they stay within the various usage caps. Those solutions include tokenization and Google Cloud external key management, which are limited to one application or 10,000 operations per month, Google Workspace client-side…

Read More

In today’s data-driven world, data breaches can affect hundreds of millions or even billions of people at a time. Digital transformation has increased the supply of data moving, and data breaches have scaled up with it as attackers exploit the data-dependencies of daily life. How large cyberattacks of the future might become remains speculation, but as this list of the biggest data breaches of the 21st Century indicates, they have already reached enormous magnitudes. […

Read More