Security News > 2022 > August

The number of organizations that will be either unable to afford cyber insurance, be declined cover, or experience significant coverage limitations is set to double in 2023, according to Huntsman Security. "Loss ratios will not improve until premium incomes better match the current level of pay-outs. With this reduced insurance access alongside increasing cyber threats and tightening regulations, many organizations are losing cyber insurance as an important risk management tool. Even those who can still get insurance are paying a prohibitively high cost," Woollacott continued.

Miscreants aren't only working to exploit flaws in an enterprise's security posture, they're also looking for holes in organizations' privacy programs to steal user data, according to Meta's Scott Tenaglia. Similar to their security counterparts, these other red teams help test organizations' privacy defenses in a controlled setting.

Computer scientists at North Carolina State University have put one of its tools to the test by evaluating software package registries npm and PyPI using OpenSSF Scorecards. In a preprint paper distributed via ArXiv, NCSU researchers Nusrat Zahan, Parth Kanakiya, Brian Hambleton, Shohanuzzaman Shohan, and Laurie Williams applied the OpenSSF Scorecard to software packages within npm and PyPI in order to see what security practices could be identified among the developers using those registries.

Protect your organization before, during, and after a cyber attack. When it comes to cyber security, your employees are your best defense - and your greatest weakness.

Expert best practice in building a strong security culture. A security culture occurs when both the values and behaviors of leaders and employees align to support the wider cyber risk management...

Critical steps for a successful cyber security awareness campaign. Staff working remotely are at greater risk of compromising organizational security. Home connections are less secure. Employees...

It's time to reorganize the US government and create a new agency focused solely on on digital risk management services, according to former CISA director Chris Krebs. Or, if that's too ambitious for Uncle Sam, Krebs proposed to at least pull CISA out of the Department of Homeland Security and make it a sub-cabinet agency that's allowed to operate independently.

Several new marketplaces have appeared on the dark web, claiming to be the dedicated online portals for notorious criminal cartels from Mexico. The emergence of these markets was spotted by DarkOwl analysts, who identified a trend, shifting from large markets that drew law enforcement attention to smaller, less publicized sites.

7-Eleven Denmark has confirmed that a ransomware attack was behind the closure of 175 stores in the country on Monday. "This is a so-called ransomware attack, where the criminals have forced access to the network and locked the systems," 7-Eleven DK said in a statement on Facebook.

An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours. The attacks followed an initial breach of the company's systems by a likely initial access broker in December 2021, who exploited a firewall misconfiguration to breach the domain controller server using a Remote Desktop Protocol connection.