Security News > 2022 > July

Average cost of data breach surpasses $4 million for many organizations. To create its "Cost of a Data Breach Report 2022," IBM Security commissioned Ponemon Institute to analyze 550 organizations hit by data breaches between March 2021 and March 2022.

While 81% of SMBs are monitored by a security operations center, 57% do not operate 24 hours a day, 7 days a week. Considering that 69% of SMBs feel they are facing critical and expanding cybersecurity threats and 75% say cyberattacks have increased in the past three years, the lack of 24/7 coverage continues to put SMBs at risk, according to a survey by Forrester and Pondurance.

Cybercrime is being supercharged through "Plug and play" malware kits that make it easier than ever to launch attacks. The HP Wolf Security threat team worked with Forensic Pathways, a leading group of global forensic professionals, on a three-month dark web investigation, scraping and analyzing over 35 million cybercriminal marketplaces and forum posts to understand how cybercriminals operate, gain trust, and build reputation.

Pentest as a Service allows organizations of all sizes to manage an efficient pentest program with on-demand access to expert security talent and a modern SaaS delivery platform. With integrations into security and development tools and real-time collaboration with pentesters, PtaaS enables modern DevSecOps teams to secure their code faster.

Charter Communications must pay out $7 billion in damages after one of its Spectrum cable technicians robbed and killed an elderly woman, a jury decided Tuesday. Thomas' family sued Charter [PDF] for negligence, claiming Holden had complained to his bosses that he was penniless and desperate after a divorce.

Keeping up with ever-evolving security threats is a heavy burden on any IT team. A multi-layered cyber security strategy that includes threat monitoring and detection is a must, to ensure your end points are secure no matter where your employees are working.

The US government is reportedly investigating Kraken, a massive cryptocurrency exchange suspected of violating sanctions against Iran, and is expected to slap the crypto behemoth with a fine in the near future. Allowing users in Iran to buy and sell tokens would put Kraken in violation of the sanctions, which has drawn the attention of federal investigators, the Times reported, citing five people affiliated with the company or with knowledge of the inquiry.

Microsoft has released the optional KB5015878 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2. This update includes numerous bug fixes and enhancements, including gaming and Windows Autopilot fixes and a new Focus Assist feature. The KB5015878 cumulative update preview is part of Microsoft's July 2022 monthly "C" update, allowing admins to test upcoming fixes released in the August 2022 Patch Tuesday.

A ransomware gang has not only taken down WordFly, a mailing list provider for top arts organizations among others, but also siphoned data belonging to the US-based Smithsonian, Canada's Toronto Symphony Orchestra, and the Courtauld Institute of Art in London. In an update about the ongoing outage, WordFly exec Kirk Bentley said the outfit's engineering team discovered a network disruption on July 10.

System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed. The speed at which threat actors begin scanning for vulnerabilities puts system administrators in the crosshairs as they race to patch the bugs before they are exploited.