Security News > 2024 > January

Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider...

A password-less database containing an estimated 1.3 million sets of Dutch COVID-19 testing records was left exposed to the open internet, and it's not clear if anyone is taking responsibility.Among the information revealed in the publicly accessible and seemingly insecurely configured database were 118,441 coronavirus test certificates, 506,663 appointment records, 660,173 testing samples and "a small number" of internal files.

One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vulnerability management. In this article, we discuss omission bias in vulnerability management, particularly vulnerability remediation, and how IT operators can overcome it with today's new management platforms.

An article published today by the UK National Cyber Security Centre suggests there is a "Realistic possibility" that by 2025, the most sophisticated attackers' tools will improve markedly thanks to AI models informed by data describing successful cyber-hits. At the lower end, cyber criminals who employ social engineering are expected to enjoy a significant boost thanks to the wide-scale uptake of consumer-grade generative AI tools such as ChatGPT, Google Bard, and Microsoft Copilot.

BSides are happening all over the USA. To find an event near you, visit their website. This event features industry professionals from automotive cybersecurity, artificial intelligence, machine learning, quantum computing, R&D, LLM, and innovation, allowing them to understand the impact of AI in cybersecurity and prepare for it.

A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue...

In this Help Net Security interview, Randy Marchany, CISO at Virginia Tech, discusses the challenges and strategies associated with implementing CIS Controls in organizations of varying sizes. The discussion also highlights the prioritization of key controls for inventory management, the use of metrics to measure implementation effectiveness and the adaptation of CIS Controls for different organizational scales.

In this Help Net Security video, Frank Shultz, CEO of Infinite Blue, discusses how more frequent and severe disruptions and our increasingly interconnected world collide to create a new threat for resilience leaders to manage: polycrises. These multiple concurrent or cascading incidents bring a ripple effect that could impact every industry, organization, and individual.

92% of organizations will increase 2024 data protection spend, to achieve cyber resilience amidst continued threats of ransomware and cyberattacks, according to Veeam Software. "It's the number one cause of outages today, and protecting against it is hampering digital transformation efforts. Furthermore, although companies are increasing their spend on protection, less than a third of companies believe they can recover quickly from a small attack. The findings in this year's report highlight the need for continued cyber vigilance, and the importance of every organization to ensure they have the right protection and recovery capabilities."

The last 12 months have also seen software supply chain attacks shed complexity and boost accessibility. No longer just the domain of nation-state actors, software supply chain attacks are increasingly being perpetrated by low-skill cybercriminals, evidenced by the use of open source packages to support commodity phishing campaigns that deliver turnkey, automated attacks used to facilitate the theft of victim data.