SC Magazine
LockBit ransomware spread in millions of emails via Phorpiex botnet
Emails from “Jenny Green” delivered LockBit Black through attached ZIP files.
DarkReading
DBIR: Supply Chain Breaches Up 68% Year Over Year
As Verizon Business redefines "supply chain breach," it could either help organizations address third-party risk holistically or just conflate and confuse.
DarkReading
CISO Corner: Verizon DBIR Lessons; Workplace Microaggression; Shadow APIs
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: a Tech Tip on setting up DMARC, a DNS mystery from Muddling Meerkat, and a cybersecurity checklist for M&A transitions.
Security Magazine
Verizon 2024 Data Breach Report shows the risk of the human element
The 2024 Data Breach Investigations Report reveals the role that the human element plays in cyber threats, and security leaders are weighing in.
SecurityWeek
Horizon3.ai Introduces AI-Assisted Service to Prioritize and Patch Vulnerabilities Faster
Horizon3.ai's AISaaS-based, AI-assisted penetration service allows proactive defensive action against exploitation of new vulnerabilities.
SecurityWeek
Verizon DBIR 2024 Shows Surge in Vulnerability Exploitation, Confirmed Data Breaches
Verizon 2024 DBIR shows that vulnerability exploitation increased three times and confirmed data breaches doubled compared to 2023.
Infosecurity News
Vulnerability Exploits Triple as Initial Access Point for Breaches
The growth of software supply chain attacks pushed vulnerability exploits to the third most used initial access method, Verizon found
DarkReading
Verizon DBIR: Basic Security Gaffes Cause Breach Surge
MOVEit drove a big chunk of the increase, but social engineering and failure to patch led to a doubling of data breaches since 2023, said Verizon Business.
SC Magazine
Verizon’s 2024 Data Breach Investigations Report: 5 key takeaways
Vulnerability exploits, pure extortion and internal risks are on the rise, while AI threats fall short.
CSO
Authentication failure blamed for Change Healthcare ransomware attack
Absence of multi-factor authentication reportedly left a remote access application exposed.
The Hacker News
How Attackers Can Own a Business Without Touching the Endpoint
How attackers are hacking organizations without touching the endpoint by targeting cloud identities.
Cyber Security News
StrelaStealer’s Malware Resurgence: What Security Leaders Need to Know in 2024
we’ll dissect a timely example of credential theft—StrelaStealer—to identify the malware’s characteristics and capabilities.
The Cyber Express
UAE Telecom Giant ETISALAT Hit by LockBit, $100K Demanded for Data Release
ETISALAT, the state-owned Emirates Telecommunications Group Company PJSC in the UAE, is reportedly grappling with a ransomware assault attributed to
The Hacker News
What's the State of Credential theft in 2023?
83% of breaches in 2023 fueled by stolen credentials! Uncover the latest attacker tactics and fortify your defenses against this escalating threat.
CyberSecurity Dive
Lock your doors to Kerberos golden ticket attacks
Golden Ticket attacks hit the Key Distribution Service Account of the KDC, here's how to stop them.
Infosecurity News
How Cyber Threat Intelligence Practitioners Should Leverage Automation and AI
The Cyber Threat Intelligence Summit discussed how automation and generative AI could help CTI practitioners tackle the overload of data they have to process
Cyber Security News
Securing Endpoints: 6 Best Practices to Eliminate Blind Spots
Endpoint Security Best Practices: Endpoint security serves as the first line of defense against cyberattacks for businesses.
Bleeping Computer
The Current State of Business Email Compromise Attacks
Business Email Compromise (BEC) poses a growing threat to businesses of all sizes. Learn more from Specops Software about the types of BEC attacks and how to avoid them.
DarkReading
Analysis: Social Engineering Drives BEC Losses to $50B Globally
Threat actors have grown increasingly sophisticated in applying social engineering tactics against their victims, which is key to this oft-underrated cybercriminal scam's success.
DataBreaches
The 2023 Verizon DBIR is out — get your copy now
Verizon’s top-notch annual Data Breach Investigations Report (DBIR) is out. You can jump to the Executive Summary of the report, download the entire...
DarkReading
Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs
Ransomware continues its runaway growth with median payments reaching $50,000 per incident.
The Hacker News
How to Reduce Exposure on the Manufacturing Attack Surface
Find out why manufacturers are becoming prime targets and what they can do to mitigate the risk.
DarkReading
Cyberattackers Double Down on Bypassing MFA
As companies increasingly adopt MFA (even as companies like Twitter disable it), cybercriminals are developing a variety of strategies to steal credentials and gain access to high-value accounts anyway.
DarkReading
Ransomware Professionalization Grows as RaaS Takes Hold
As ransomware's prevalence has grown over the past decade, leading ransomware groups such as Conti have added services and features as part of a growing trend toward professionalization.
Security Affairs
Strong Authentication – Robust Identity and Access Management Is a Strategic Choice
Passwords no longer meet the demands of today’s identity and access requirements. Therefore, strong authentication methods are needed. “Usernames and passwords are insufficient and vulnerable means of authentication on their own; therefore, it is essential to employ strong authentication techniques like multi-factor authentication (MFA) to confirm users’ identities before granting secure access to resources,” Sarah […]
ThreatPost
Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach
Attackers gained access to private account details through an email compromise incident that occurred in April.
ThreatPost
Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again
Verizon’s annual report for 2022 confirms trends that have been years in the making.
CSO
Ransomware roundup: System-locking malware dominates headlines
From a new ransomware group that demands donations instead of cryptocurrency to the possible resurgence of an infamous gang, these are the stories that caught the attention of infosec pros.
DarkReading
12K Misconfigured Elasticsearch Buckets Ravaged by Extortionists
The cloud instances were left open to the public Internet with no authentication, allowing attackers to wipe the data.
DarkReading
VMware, Airline Targeted as Ransomware Chaos Reigns
Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.
The Record
Alleged leader of Nigerian email fraud group has been captured, Interpol says
It's the latest move by international law enforcement and Nigerian authorities against a group cybersecurity researchers call SilverTerrier.
ThreatPost
Verizon Report: Ransomware, Human Error Among Top Security Risks
2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.
DarkReading
'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds
Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out.
Infosecurity News
Ransomware Attacks Increasing at “Alarming” Rate
Ransomware breaches have increased by 13% – more than last five years combined – according to new report
CyberNews
Mock cybersecurity at your peril, report warns | Cybernews
No wonder the crooks are getting away with the same old phishing scams - company decision-makers seem to think security training is a joke.