Category: Information Security Buzz

This Halloween, it’s not just ghosts and goblins sending chills down our spines—this season brings some truly spine-tingling stats about the state of cybersecurity in 2024. In our “Spooky Security Stats” roundup, we’re revealing findings from several reports published over…

Read more →

Data Security Posture Management (DSPM) is a rising star in the cybersecurity world, and for good reason. With so many diverse environments, complex pipelines, and random repositories, important data often ends up in the wrong places, or worse – lost…

Read more →

The US Department of Justice, in collaboration with international law enforcement partners, has launched a major crackdown on RedLine and META, two of the world’s most prolific infostealer malware variants responsible for stealing sensitive data from millions of victims worldwide.…

Read more →

Cyware, a provider of threat intelligence management and cyber fusion solutions, has teamed up with ECS, a player in technology solutions for US public sector and defense organizations, to bolster government cybersecurity through an enhanced Intel Exchange platform. This partnership…

Read more →

Three malicious packages uploaded to the npm registry were discovered to harbor BeaverTail, a JavaScript downloader and information stealer associated with a continuing North Korean campaign known as Contagious Interview. The packages—passports-js, bcrypts-js, and blockscan-api collectively amassed 323 downloads, and…

Read more →

It’s no secret that human error accounts for a disproportionate number of data breaches. Last year, it accounted for 74%; this year, the Verizon 2024 Data Breach Investigations Report noted that it rose to 76% per the same criteria. States…

Read more →

Malware‘s rise presents a rigorous challenge for organizations, meaning their security teams must remain ever-vigilant. Unfortunately, business email compromise (BEC), which takes advantage of communication channel vulnerabilities, has become a significant attack vector that has impacted many organizations. For example,…

Read more →

Datacenter cybersecurity is critical because of the vast industries using these facilities. Healthcare, finance, education, and other sectors rely on this storage solution to protect records and sensitive information. Companies may adjust their storage needs based on demand, so understanding…

Read more →

A recent cybersecurity report by SecurityScorecard and KPMG reveals that the US energy sector remains at high risk of cyber threats, particularly from third-party sources. This analysis, evaluating 250 top US energy companies, highlights vulnerabilities across the energy supply chain—from…

Read more →

ReliaQuest has released a detailed investigation into a cyber intrusion that impacted a manufacturing company in October 2024. The attack has been attributed with high confidence to the predominantly English-speaking cyber collective “Scattered Spider,” now partnering with the notorious “RansomHub”…

Read more →

As we wrap up our Cybersecurity Awareness Month series, we’d like to extend a huge thank you to everyone who contributed their insights and expertise. The response to this series has been incredible, and we’re grateful for the valuable advice…

Read more →

WhatsApp is rolling out a series of updates aimed at making it easier for users to manage their contacts privately across devices. Previously, users could only add contacts via their mobile device by entering a phone number or scanning a…

Read more →

In a new and sophisticated campaign, the infamous North Korean-affiliated Lazarus APT group and its BlueNoroff subgroup have once again proven their expertise in exploiting zero-day vulnerabilities. The group, known for targeting financial institutions, governments, and even cryptocurrency platforms, has…

Read more →

The US Cybersecurity and Infrastructure Security Agency (CISA) has announced a set of proposed security requirements aimed at protecting Americans’ sensitive personal data and government-related information from foreign adversaries. These measures are part of the implementation of Executive Order 14117,…

Read more →

Cybersecurity has become a critical concern for businesses of all sizes. With cyber threats becoming more sophisticated and frequent, the cost of cybersecurity breaches continues to rise dramatically. In fact, the Netwrix 2024 Hybrid Security Trends Report found that 79% of organizations…

Read more →

The manufacturing industry has emerged as the most targeted by cyber attacks, accounting for more than 25% of incidents across the top 10 sectors, with 45% of these involving malware. The industry’s appeal to malefactors has grown, largely due to…

Read more →

Cybersecurity experts from Positive Technologies’ Security Expert Center (PT ESC) have uncovered an exploit targeting Roundcube Webmail, an open-source email client written in PHP.   According to the researchers, Roundcube’s “extensive functionality and the convenient access it gives users to email accounts via a browser—without the…

Read more →

The manufacturing industry has emerged as the most targeted by cyber attacks, accounting for more than 25% of incidents across the top 10 sectors, with 45% of these involving malware. The industry’s appeal to malefactors has grown, largely due to…

Read more →

A staggering 70% of exploited vulnerabilities in 2023 were leveraged as zero days, meaning threat actors exploited the flaws in attacks before the impacted vendors knew of the bug’s existence or had been able to patch them. In addition, the…

Read more →

The NHS App is set to undergo a major transformation, with plans to make full medical records, test results, and doctor’s letters accessible to patients across England. This initiative is part of a new 10-year strategy aimed at revolutionizing how…

Read more →