CyberSecurity Updates

27 Dec

How does CISO strategy prevent threats?

Attacks, Data Breaches

Executive summary of CISO CISOs are under immense pressure to protect their organization and keep them out of the breach headlines. The largest obstacle to this goal is an evolving threat landscape that is increasing in sophistication. Payments from successful ransomware attacks fuel this evolution in the form of ransomware-as-a-service models. To break the trend, this report will explore why CISOs, and their teams can no longer simply react to these threats and must prevent…

Read More
26 Dec

The most dangerous cyber security threats of 2023

Attacks, Data Breaches

In this round up, we reveal which threat vectors cyber security experts believe will rise to prominence in 2023, and they offer their advice on how best to combat them. When asked in mid-2022 by Cyber Security Hub which threat vectors posed the most dangerous threat to their organizations, 75 percent of cyber security professionals said social engineering and phishing. Since the survey closed, multiple organizations such as Dropbox, Revolut, Twilio, Uber, LastPass and Marriott…

Read More
26 Dec

The top 12 tech stories of 2022

Data Breaches, Malware, Social Engineering

The technology sector’s vulnerability to the vagaries of geopolitics and the macroeconomy became clearer than ever in 2022, as IT giants laid off workers en masse, regulators cracked down on tech rule-breakers, nations negotiated data privacy, the EU-China chip war widened, and the Ukraine war disrupted business as usual. Through it all the classic tech themes—including innovation, constant change, and the fight to bolster cybersecurity—continued as ChatGPT was released, Broadcom sought to purchase VMWare, a…

Read More
23 Dec

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]

Information, Malware

by Paul Ducklin STOP THE CROOKS BEFORE THEY STOP YOU! Paul Ducklin talks to world-renowned cybersecurity expert Fraser Howard, Director of Research at SophosLabs, in this fascinating episode, recorded during our recent Security SOS Week 2022. When it comes to fighting cybercrime, Fraser truly is a “specialist in everything”, and he also has the knack of explaining this tricky and treacherous subject in plain English. Click-and-drag on the soundwaves below to skip to any point.…

Read More
23 Dec

LastPass finally admits: They did steal your password vaults after all

Information

by Paul Ducklin Popular password management company LastPass has been under the pump this year, following a network intrusion back in August 2022. Details of how the attackers first got in are still scarce, with LastPass’s first official comment cautiously stating that: [A]n unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account. A folllow-up announcement about a month later was similarly inconclusive: [T]he threat actor gained access…

Read More
23 Dec

Microsoft Patches Azure Cross-Tenant Data Access Flaw

Information, Malware, News

Microsoft has silently fixed an important-severity security flaw in its Azure Container Service (ACS) after an external researcher warned that a buggy feature allowed cross-tenant network bypass attacks. The vulnerability, documented by researchers at Mnemonic, effectively removed the entire network and identity perimeter around  internet-isolated Azure Cognitive Search instances and allowed cross-tenant access to the data plane of ACS instances from any location, including instances without any explicit network exposure. According to Mnemonic researcher Emilien…

Read More
23 Dec

Facebook Agrees to Pay $725 Million to Settle Privacy Suit

Information, News

Facebook parent Meta has agreed to pay $725 million to settle a long-running lawsuit that accused the social network of allowing third parties, including Cambridge Analytica, to access users’ private data. The amount was disclosed in a court filing late on Thursday. “The proposed settlement of $725,000,000 is the largest recovery ever achieved in a data privacy class action and the most Facebook has ever paid to resolve a private class action,” lawyers for the…

Read More
23 Dec

Customer details compromised in LastPass data breaches

Attacks, Data Breaches

The data breaches LastPass suffered in August and November 2022 resulted in confidential customer information being compromised. In a statement, LastPass explained that the August breach saw a malicious actor steal source code and technical information from LastPass’ development environment that was then used to target an employee. This allowed the hacker to gain access to credentials and keys, which they then used to access LastPass’ third-party cloud storage service in November 2022. Using the…

Read More
23 Dec

BetMGM Confirms Breach as Hackers Offer to Sell Data of 1.5 Million Customers

Information, News

MGM Resorts-owned online sports betting company BetMGM confirmed suffering a data breach the same day hackers offered to sell a database containing the information of 1.5 million BetMGM customers. In a statement posted on its website on December 21, BetMGM said “patron records were obtained in an unauthorized manner”. The company said the compromised information includes name, email address, postal address, phone number, date of birth, hashed Social Security number, account identifier, and information related…

Read More
23 Dec

China’s ByteDance Admits Using TikTok Data to Track Journalists

Information, News

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source of leaks to the media, the company admitted Friday. TikTok has gone to great lengths to convince customers and governments of major markets like the United States that users’ data privacy is protected and that it poses no threat to national security. But parent company ByteDance told AFP on Friday that…

Read More