Security News
This attack and many others reinforce the importance of an effective Privileged Access Management framework that enforces the principle of least privilege with Just-in-Time privilege elevation. Reasons why you need Just-in-Time privilege elevation Minimize attack surface.
Almost 2,000 data breaches reported for the first half of 2022. In a new report entitled State of Data Breach Intelligence: 2022 Midyear Edition, security firm Flashpoint looks at the number and types of data breaches reported for the first half of 2022.
The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month. During the campaign, Conti affiliates managed to compromise more than 40 organizations in various sectors of activity operating across wide geography but with a focus on companies based in the U.S. A Group-IB spokesperson told BleepingComputer that ARMattack was very swift and explained that the company's report refers to organizations that had their networks compromised.
Take the Codecov case: it is a textbook example to illustrate how hackers leverage hardcoded credentials to gain initial access into their victims' systems and harvest more secrets down the chain. In this article, we will talk about secrets and how keeping them out of source code is today's number one priority to secure the software development lifecycle.
Zero Trust principles - whether applied to identities, network, or data objects - help organizations systematically improve security risks throughout each of visibility, detection, response, and protection. In the modern enterprise, implementing Zero Trust for data without breaking business logic is a new direction that requires a careful shift from Posture Management to Detection-Response to Protection to avoid creating business risk or outage.
India's computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. "Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents to CERT-In within six hours of noticing such incidents or being brought to notice about such incidents," the government said in a release.
A new ransomware gang known as Black Basta has quickly catapulted into operation this month, breaching at least twelve companies in just a few weeks. Like other enterprise-targeting ransomware operations, Black Basta will steal corporate data and documents before encrypting a company's devices.
T-Mobile hit by data breaches from Lapsus$ extortion group. T-Mobile was the victim of a series of data breaches carried out by the Lapsus$ cybercrime group in March.
Lapsus$ gang says it has breached Okta and MicrosoftAfter breaching NVIDIA and Samsung and stealing and leaking those companies' propertary data, the Lapsus$ cyber extortion gang has announced that they have popped Microsoft and Okta. How to become a passwordless organizationIn this interview with Help Net Security, Den Jones, CSO at Banyan Security, explains the benefits of implementing passwordless authentication and the process every organization has to go through when deploying such technology.
Over the past two years, companies' adoption of public cloud services has surged, but fast-paced change and weaker security controls have led to an increase in data breaches, finds a Laminar report. As companies go digital-first, data security professionals are managing an increasingly complex multi-cloud environment, while struggling with a lack of visibility, inadequate controls, and rising shadow data problem.