Tag: Information Security Buzz

In the digital age, data is the lifeblood of businesses and organizations. Protecting this valuable asset is crucial to ensuring business continuity and safeguarding against unforeseen events. In the realm of databases, one of the essential practices for data protection…

Read more →

In the ever-evolving landscape of technology and information security, individuals who possess a diverse skill set are the driving force behind innovation and resilience. One such individual who stands out in this regard is Alex Tray – a polymath with…

Read more →

In our increasingly interconnected world, the protection of data privacy has become a paramount concern. With the rapid advancement of technology and the widespread use of the internet, personal and sensitive information is more vulnerable than ever before. From financial…

Read more →

Recent incidents highlight a pattern of data breaches in police departments. Two leading police forces in England, Norfolk and Suffolk, have publicly acknowledged mishandling sensitive data. This breach affected 1,230 individuals, including victims, witnesses, and suspects related to cases ranging…

Read more →

New findings by Ivanti, a pioneer in the arena of enhanced and secured tech solutions for flexible working, have sparked serious concerns within the IT sector. The company’s latest “Defending IT Talent Report” discloses that a staggering 25% of IT…

Read more →

Clorox, the household cleaning product titan, disclosed a significant cybersecurity incident this week, which led the company to shut down several of its systems temporarily. The revelation came from a regulatory filing with the U.S. Securities and Exchange Commission (SEC)…

Read more →

The best practices and tips for implementing third-party backup tools, including choosing a reliable tool, determining what to back up and setting up a backup schedule. As more and more organizations rely on cloud-based solutions like Microsoft 365, data protection…

Read more →

A data-driven culture is a mindset, a philosophy that encompasses more than mere data collection. It signifies an entire organization’s shift, where every decision is underpinned by data analytics, evidence, and insights, rather than merely relying on intuition or anecdotal…

Read more →

REST and SOAP APIs are the two most common application protocols that define how to build application programming interfaces (APIs). While they share some similarities, there are critical differences that organizations must understand to secure their REST and SOAP APIs…

Read more →

The Amazon Elastic Compute Cloud, popularly known as EC2, is used to run applications on Amazon Web Services (AWS). The amount of data available since the invention of the Internet has increased a great deal. This has increased the need…

Read more →

Considering the known-known statistics, we seem to encounter a serious security breach at least once a week – and these are only the events which are notified or discovered. In fact, according to the BreachAware Report issued end July 2023,…

Read more →

In a recent shocking revelation, the UK has witnessed its most substantial data breach to date. The **Electoral Commission**, an independent body set up by the UK Parliament, confirmed that “hostile actors” penetrated its protective digital barriers, allowing unauthorized access…

Read more →

The recent cybersecurity breach at the Colorado Department of Higher Education (CDHE) underscores the ever-increasing need for robust digital safeguards, especially in the educational sector. This latest ransomware attack has not only placed CDHE in the spotlight but also impacted…

Read more →

In the digital era, even the world of sports isn’t immune to cybersecurity threats. A recent study titled “State of Play” conducted by Microsoft shed light on the amplified risks at major sporting events, highlighting a fertile ground for cybercriminals…

Read more →

In a rapidly digitalizing world, cyber threats continue to evolve, and recent disclosures from Microsoft have reinforced this concern. Microsoft Teams, a widely-used collaboration tool, has been targeted in a sophisticated phishing campaign by a hacker group with ties to…

Read more →

In today’s rapidly evolving digital landscape, organizations face an ever-increasing number of cybersecurity threats. Among these, insider threats are among the most challenging and potentially damaging. Insider threats are the intentional or unintentional misuse of an organization’s assets, systems, or…

Read more →

Social media marketing (SMM) has emerged as a useful tool for businesses to connect with their target audience, establish brand recognition, and generate conversions in the highly competitive landscape. However, social media platforms continue to implement sophisticated security measures to…

Read more →

As technology advances, cybercrime continues to evolve and mature. Fortunately, the market for cyber security solutions is changing. Perpetrators are constantly using new tactics to gain access to systems and improving as well to try and keep ahead of the…

Read more →

In the ever-evolving landscape of cybersecurity threats, a new technique involving Google’s Accelerated Mobile Pages (AMP) is being increasingly used by cybercriminals for phishing attacks. As a widely respected and trusted platform, Google AMP has now unfortunately become a tool…

Read more →

Everlast, the renowned American boxing equipment brand, recently fell victim to a brazen cyberattack orchestrated by a cybergang associated with the world’s biggest online bank heist. The attackers infiltrated Everlast’s online shop, discreetly capturing credit card data during the checkout…

Read more →

Tempur Sealy, the global leader in bedding products, faces a severe cybersecurity crisis as a malicious cyberattack forces the company to take immediate action. The cyber intrusion commenced on July 23 and has significantly impacted Tempur Sealy’s operations, leading the…

Read more →

Moving to the cloud often means lower costs, 24/7 access, and higher security. But higher security doesn’t mean guaranteed. It takes two to make cloud security work: the cloud service provider, and you—the user. While a reputable cloud service provider…

Read more →

New SEC Rules for Cyber Attack Disclosure The U.S. Securities and Exchange Commission (SEC) has approved new rules that mandate publicly traded companies to disclose details of a cyber attack within four days of identifying a “material” impact on their…

Read more →

New API Rules Unveiled In a bid to enhance user privacy, Apple has unveiled a significant modification to its App Store API regulations. From fall 2023 onwards, developers will be mandated to justify their utilization of certain APIs capable of…

Read more →

SEC Mandates Cyber Attack Disclosure Within Four Days: A Major Shift in Cybersecurity Transparency The U.S. Securities and Exchange Commission (SEC) has approved new rules that mandate publicly traded companies to disclose details of a cyber attack within four days…

Read more →

There are now more identities than ever, thanks to shifts to the cloud and other emerging technologies and trends. For one thing, with more people now working remotely or in a hybrid model, there’s been a major shift to the…

Read more →

Data regulations are likely top of mind for any business leader, with the new EU Data Act being the latest in a long list that will be leading businesses to take stock of how they manage and secure sensitive consumer…

Read more →

Data breaches can be incredibly costly. Be it lawsuits, regulatory fines, or a fall in stock price, the financial consequences of a breach can bring even the largest organization to its knees. However, in the face of economic damage, it’s…

Read more →

Security researchers from Midnight Blue, a Netherlands-based security firm, have discovered five vulnerabilities in the Terrestrial Trunked Radio (TETRA) communication systems. These systems are extensively used by government agencies, law enforcement, and emergency services organizations across Europe, the United Kingdom,…

Read more →

The IBM Cost of a Data Breach Report 2023 serves as a critical resource for understanding the financial implications of data breaches. This article aims to spotlight the key findings from the report, providing valuable insights for business leaders. The…

Read more →

In the rapidly evolving cybersecurity landscape, the concept of Zero Trust has emerged as a critical framework for enhancing security infrastructure. A recent survey conducted by PlainID, the Authorisation Company™, provides valuable insights into the implementation of Zero Trust programmes.…

Read more →

In a bid to bolster the security of digital products like smart TVs, home cameras, connected toys, and smart fridges before they hit the market, representatives from EU member states have agreed on a shared position regarding the proposed Cyber…

Read more →

Ah, summer vacation. Something we almost all look forward to each year – a time to relax and reset. It’s a time for employees to take a much-deserved break from work and recharge their batteries. It’s also a time for…

Read more →

Whilst the conceptual and academic discussions around dangerous forms of code have been on the agenda for many decades past, it was in 1983 when the young student Fred Cohen (who I think of as a distant friend) created the…

Read more →

One of the most pressing concerns in the digital age is the abundance of cyber threats from all directions, with a large number of those threats coming from email. Users must be aware of what threats exist, how to detect…

Read more →

Executive Summary In today’s complex and volatile business environment, Enterprise Risk Management (ERM) has become a strategic imperative. This article provides a comprehensive guide to aligning risk appetite, tolerance, and thresholds with strategic, operational, and tactical business planning activities. It…

Read more →

In the digital age, data is one of the most valuable assets a company can possess. However, with the increasing value of data comes the increasing risk of data loss, breaches, and non-compliance with data protection regulations. This is where…

Read more →

The humble password. A pillar of society and a cybersecurity comfort blanket for end users (and IT teams) across different applications and programmes across the globe. Humanity has been using passwords in one form or another for centuries. However, the first…

Read more →

It’s no secret that penetration testing is among the most effective methodologies for helping determine an organization’s risk posture. While it’s true that other standard processes like gap assessments, auditing, architecture reviews, and vulnerability management all offer significant value, there’s…

Read more →

Historically, the financial services sector has been the most attacked by cybercriminals. Still, in 2021 there was a substantial shift, and a different industry ranked at the top for the first time – the manufacturing industry. For the second year…

Read more →

In the realm of data loss prevention (DLP) solutions, Forcepoint DLP has solidified itself as a market-leading choice, recognized for its comprehensive coverage, robust feature set, and user-friendly interface. This review delves into the strengths and potential shortcomings of this…

Read more →

In a bid to protect its users, Apple has rolled out an important update, iOS 16.5.1, along with macOS 13.4.1, which patches two critical security flaws that have been actively exploited. The company has taken immediate action to remediate these…

Read more →

In the first quarter of 2023, the Trellix Advanced Research Center (ARC) has unveiled a comprehensive CyberThreat Report, delivering crucial insights into the evolving global threat landscape. The study meticulously analyses the key challenges faced by CISOs and SecOps teams,…

Read more →

In the vast and evolving world of cybersecurity, where cryptic jargon and a vast array of certifications can sometimes seem daunting, it is vital to recognize that the pathway to success lies not merely in the accumulation of theoretical knowledge…

Read more →

Introduction: In today’s interconnected world, the threat of cyber attacks is a constant concern for organizations across all industries. While the term “cybersecurity” is widely debated, the concept of cyber resilience offers a more comprehensive approach to mitigating risks. Cyber…

Read more →

Today’s evolving interconnected digital world has created a diverse and intricate threat landscape for organizations. Within this landscape, insider and outsider threats have emerged as significant security risks organizations must address. While the debate regarding the severity of insider versus…

Read more →

Introduction Data security is a top priority for businesses worldwide. As the volume and value of data continue to grow, the need to protect sensitive information from unauthorized access, disclosure, and data breaches has become vital. Organizations must implement effective…

Read more →

A hacking forum has exposed a database containing the personal data of over 8.8 million users of Zacks Investment Research, surpassing the company’s initial data breach reported in January 2023. The database, as confirmed by data breach notification service Have…

Read more →

Description: Fortinet has urgently issued security updates to remediate a critical vulnerability in its SSL VPN product. The vulnerability, identified as CVE-2023-27997, enables attackers to execute arbitrary code on susceptible systems. This vulnerability originates from the way Fortinet SSL VPN…

Read more →

The Verizon 2023 Data Breach Investigations Report (DBIR) presents a comprehensive analysis of global data breaches, offering valuable insights into the contemporary state of cybersecurity threats. In this analysis, we will delve into key findings from the report, including the…

Read more →

Summary: Both British Airways and Boots have recently fallen victim to data breaches, resulting in millions of customers’ personal information being compromised. Hackers accessed the personal information of 380,000 British Airways customers and 90,000 Boots customers, including sensitive data such…

Read more →

Inspired e-Learning’s  new cybersecurity awareness training game, Phishin’ Impossible, takes a novel approach in teaching employees about cyber threats. Players assume the role of a white hat hacker tasked with crafting convincing scam emails to fool unsuspecting staff. Players learn…

Read more →

Our recent Threat Report showed that while, on the whole, overall threat detections fell by 13.2%, there was one category that thrived: Android. The category registered a remarkable growth of 57% in detections, driven by a 163% increase in Adware…

Read more →

Meta Faces Hefty €1.2bn Fine For GDPR Breach In EU-US Data Transfers Meta was fined €1.2bn for transmitting consumer data to the US. Ireland’s Data Protection Commission (DPC) punished Facebook for EU data protection violations on Monday. It said Dublin-based…

Read more →

After days of doubt, and despite official claims of a “cyber incident,” the BlackByte ransomware gang has claimed credit for the computer attack on the City of Augusta. BlackByte, notorious for attacking the US government and financial institutions as well…

Read more →

Security specialists have detected a new type of malware, named “CosmicEnergy,” that possesses the potential to wreak havoc on key infrastructure systems and electricity networks. The researchers from Mandiant discovered the malware, which they claim has capabilities similar to the…

Read more →

Apria Healthcare, a manufacturer of medical equipment for the home, is sending out breach notifications to roughly two million people whose information may have been stolen in data breaches in 2019 and 2021. Close to two million people in the…

Read more →

According to Microsoft and the “Five Eyes” governments, an invisible Chinese hackers infiltrated and remained undetected in critical infrastructure organizations in the United States and Guam for years. Under the codename Volt Typhoon, the tech giant’s threat intelligence team is…

Read more →

The perpetrators behind the budding Buhti ransomware have abandoned their own payload in favor of exploiting vulnerabilities in Windows and Linux using the exposed LockBit and Babuk ransomware families. The cybersecurity firm knows them as Blacktail and is following them.…

Read more →

Barracuda, a provider of email and network security solutions, issued a warning to its customers today that a zero-day vulnerability had been exploited to compromise some of their Email Security Gateway (ESG) equipment last week. The email attachment scanning module…

Read more →

Based on a research by Tel Aviv-based cybersecurity firm ClearSky, several Israeli shipping and logistics websites were hacked to collect customer data. The business has “low confidence” that the Iranian hackers outfit Tortoiseshell (also known as TA456 and Imperial Kitten)…

Read more →

Back in March, Microsoft released data suggesting that Russian hacker groups were appearing to be preparing for a renewed wave of cyber-attacks against Ukraine, including a ransomware-style threat to organisations serving Ukraine’s supply lines. At the time, Clint Watts, General…

Read more →

GoldenJackal is a new advanced persistent threat actor that targets government and diplomatic organizations in the Middle East and South Asia. Kaspersky Labs, a Russian cybersecurity company, has been monitoring the group’s actions since the middle of 2020 and has…

Read more →

Many small businesses believe they are immune to cyberattacks because of their presumed lack of valuable information (such as customer data or computing resources), but this is far from the truth. The allure of a small business to cybercriminals lies…

Read more →

Picture this: you are a developer working tirelessly to streamline your workflows and keep up with the ever-increasing demands of your organization. But what if the AI and automation tools you rely on to make your job easier could be…

Read more →

Earlier yesterday, the stock market took a small fall due to highly realistic AI-generated visuals going popular on Twitter suggesting an explosion near the Pentagon. Many verified Twitter accounts, including a Russian state media account with millions of followers and…

Read more →

The Chinese government has ordered infrastructure operators to stop buying Micron Technology chips. The action follows a US prohibition on using the social video app TikTok on government phones and US limitations on exporting some advanced computer components to China.…

Read more →

Facebook’s owner Meta has been fined €1.2bn ($1.3m) by EU regulators for violating the General Data Protection Regulation (GDPR), the Irish Data Protection Commission (DPC) announced on May 22, 2023. The Irish watchdog claimed that Meta’s transfers of personal data…

Read more →

Threat hunting is the means of exploring and searching for malicious software or unauthorized users on your network. Since a security information and event management (SIEM) system gives insight into network, endpoint, and application behavior that may indicate an attack,…

Read more →

Toyota: Tragic Data Breach, 2 Million Vehicles Affected For Ten Years Toyota revealed a data breach from ten years ago that impacted over 2 million cars. The breach affected their cloud-based Connected service, which is limited to Japanese cars between…

Read more →

VulnerabilitiesApple released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari on Thursday to address three new zero-day issues that are being actively exploited. The three security issues are. 1. WebKit bug CVE-2023-32409 could allow a hostile actor to…

Read more →

Significant supply chain concerns are posed by the cybercrime organization Lemon Group, which is exploiting millions of pre-infected Android handsets around the world to carry out malicious operations. Cybersecurity firm Trend Micro stated that infected smartphones became “mobile proxies,” or…

Read more →

According to today’s DOJ announcement, a Wisconsin man named Joseph Garrison, 18, has been accused of breaking into the accounts of about 60,000 customers of the DraftKings accounts for the sports betting website in November 2022. The complaint states that…

Read more →

Can you buy reputation? Sure you can—who hasn’t clicked on a 5-star item on Amazon with hundreds of (questionably real) reviews? But in times of crisis, that’s a much harder sell. How will you handle a crippling cyber attack? Have…

Read more →

In today’s digital age, where cyber threats continue to evolve, organizations must remain vigilant in protecting their sensitive information and digital assets. Cybersecurity monitoring plays a vital role in this endeavor, acting as a proactive defense mechanism against malicious activities…

Read more →

Cybersecurity’s increased influence in this digital ecosystem can be traced to the rise of DevSecOps. Organizations are becoming more aware of the necessity of giving security top priority in their software development procedures as a result of the frequency and…

Read more →

Another is the codecov breach, where the attack was made on their docker images and credentials, and the private data of thousands of customers were stolen. This shows that the consequences of successful attacks can be severe, as evidenced by these…

Read more →

According to reports, international electronics firm Lacroix thwarted a cyberattack on its French (Beaupréau), German (Willich), and Tunisian (Zriba) activity sites. The company claims it has temporarily disabled a number of its online services in order to analyze the damage…

Read more →

CISA & FBI has released a joint Cybersecurity Advisory from government agencies in the United States and Australia to warn businesses about the most recent tactics, methods, and procedures (TTPs) utilized by the BianLian ransomware group. Since June 2022, BianLian,…

Read more →

Russian hacker Mikhail Matveev was indicted and sanctioned by the United States on Tuesday for allegedly leading the Babuk cybercrime group and serving as a “major actor in the Russian ransomware ecosystem.” Matveev was charged by federal prosecutors in New…

Read more →

The Chinese state-sponsored hacking outfit “Camaro Dragon” attacks household TP-Link routers with bespoke “Horse Shell” malware to attack European foreign affairs organizations. Hackers use backdoor virus in custom firmware for TP-Link routers to launch assaults from home networks. According to…

Read more →

The ransomware attacks of the recently identified RA Group, the latest threat actor to use the stolen Babuk code, have increased in frequency and severity. Their specialized technique sets them apart from the rest of the Babuk tribe. This week,…

Read more →

Based on reports from The Philadelphia Inquirer, the paper’s operations were severely disrupted over the weekend due to a hack, making it impossible to print the paper’s Sunday issue. The attack was discovered on Saturday morning when staff noticed the…

Read more →

South and Southeast Asian government, airline, and telecom institutions have been targeted by a new APT hacking outfit called Lancefly, which employs a variant of the ‘Merdoor’ backdoor malware. Symantec Threat Labs announced today that Lancefly has been using the…

Read more →

On April 8 that the Money Message ransomware organization attacked the national pharmacy network PharMerica and its parent company. The home and community healthcare business BrightSpring Health. Threat actors exposed evidence data, a statement was obtained from BrightSpring, and additional…

Read more →

Recently, Toyota admitted to having one of the worst data breaches in the automotive sector. Approximately 2 million automobiles sold in the business’s home market have had their information put at danger, the company said. Unlikely as it may sound,…

Read more →

A rundown of the headlines of news and events from the past week pertaining to ransomware, data breaches, quick response security, and other related topics. Malware Attacks From SmokeLoader And RoarBAT, CERT-UA Warns CERT-UA has reported the spread of SmokeLoader…

Read more →

Mother’s Day is a special day celebrated across many countries, including the United States. To commemorate the love and contributions of mothers and mother figures to their families. It most times falls on the second Sunday in May and is…

Read more →

As many as nine distinct ransomware families that are able to target VMware ESXi systems have been developed thanks to the disclosure of Babuk (also Babak or Babyk) ransomware code in September 2021. Alex Delamotte, a security researcher at SentinelOne,…

Read more →

The Black Basta ransomware assault apparently hampered business activities at the Swiss multinational corporation ABB, a renowned electrification and automation technology provider. ABB has its headquarters in Zurich, Switzerland, and in 2022 expects to bring in $29.4 billion in sales…

Read more →

Web development involves building and programming websites and apps. It’s different from web design, which focuses on how websites look. Web developers make sure websites work well and are easy to use. They write code using different programming languages depending…

Read more →

Gmail users now have access to Google’s free dark web monitoring service, which can detect if their email is being shared on hacking forums. Google One, the search giant’s paid subscription service in the United States, already has a dark…

Read more →

The Seoul National University Hospital (SNUH) was hacked by North Koreans, according to the Korean National Police Agency (KNPA), who were after patients’ personal information and medical records. The crime occurred between May and June of 2021, and the police…

Read more →

A citizen of the United Kingdom has entered a guilty plea in connection with the July 2020 Twitter attack that compromised a large number of high-profile accounts and scammed other users. Joseph James O’Connor, whose online alias was PlugwalkJoe, was…

Read more →

The National Police of Spain detained 25 persons in Madrid and Seville for alleged bank scams, including 2 hackers, 15 members of a criminal organization, and another 12 people involved in unlawful financial operations. Over 300,000 people may have been…

Read more →

U.S. officials announced on Tuesday that they had destroyed a worldwide network of compromised computers that Russian intelligence personnel had used to spy on the U.S. and its allies for over 20 years. It has been reported that a branch…

Read more →

The National Police of Spain detained 25 persons in Madrid and Seville for alleged bank scams, including 2 hackers, 15 members of a criminal organization, and another 12 people involved in unlawful financial operations. Over 300,000 people may have been…

Read more →

“AndoryuBot’ is a new malware botnet that infects unpatched Wi-Fi access points for DDoS assaults using a key Ruckus Wireless Admin panel weakness. CVE-2023-25717 allows remote attackers to execute code on susceptible Ruckus Wireless Admin panels version 10.4 and older…

Read more →

According to reports, legal experts for the EU have warned that plans to force tech companies to scan customers’ private chats for child abuse (CSEA) content are likely to be struck down by the courts. A contentious clause of the…

Read more →

LinkedIn is eliminating 716 jobs and will begin winding down its local jobs app in China as part of the company’s restructuring. In a letter that was sent out today, LinkedIn CEO Ryan Roslanky explained the decision to discontinue the…

Read more →