Security News

The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month. During the campaign, Conti affiliates managed to compromise more than 40 organizations in various sectors of activity operating across wide geography but with a focus on companies based in the U.S. A Group-IB spokesperson told BleepingComputer that ARMattack was very swift and explained that the company's report refers to organizations that had their networks compromised.

Take the Codecov case: it is a textbook example to illustrate how hackers leverage hardcoded credentials to gain initial access into their victims' systems and harvest more secrets down the chain. In this article, we will talk about secrets and how keeping them out of source code is today's number one priority to secure the software development lifecycle.

Zero Trust principles - whether applied to identities, network, or data objects - help organizations systematically improve security risks throughout each of visibility, detection, response, and protection. In the modern enterprise, implementing Zero Trust for data without breaking business logic is a new direction that requires a careful shift from Posture Management to Detection-Response to Protection to avoid creating business risk or outage.

India's computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours. "Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents to CERT-In within six hours of noticing such incidents or being brought to notice about such incidents," the government said in a release.

A new ransomware gang known as Black Basta has quickly catapulted into operation this month, breaching at least twelve companies in just a few weeks. Like other enterprise-targeting ransomware operations, Black Basta will steal corporate data and documents before encrypting a company's devices.

T-Mobile hit by data breaches from Lapsus$ extortion group. T-Mobile was the victim of a series of data breaches carried out by the Lapsus$ cybercrime group in March.

Lapsus$ gang says it has breached Okta and MicrosoftAfter breaching NVIDIA and Samsung and stealing and leaking those companies' propertary data, the Lapsus$ cyber extortion gang has announced that they have popped Microsoft and Okta. How to become a passwordless organizationIn this interview with Help Net Security, Den Jones, CSO at Banyan Security, explains the benefits of implementing passwordless authentication and the process every organization has to go through when deploying such technology.

Over the past two years, companies' adoption of public cloud services has surged, but fast-paced change and weaker security controls have led to an increase in data breaches, finds a Laminar report. As companies go digital-first, data security professionals are managing an increasingly complex multi-cloud environment, while struggling with a lack of visibility, inadequate controls, and rising shadow data problem.

The Irish Data Protection Commission on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million for a series of security lapses that occurred in violation of the European Union's GDPR laws in the region. "The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users' data, in the context of the twelve personal data breaches," the watchdog said in a press release.

The US Securities and Exchange Commission has proposed rule amendments to require publicly traded companies to report data breaches and other cybersecurity incidents within four days after they're discovered. According to newly proposed amendments to current rules, listed companies would have to provide information in periodic report filings on policies, implemented procedures, and the measures taken to identify and manage cybersecurity risks on Form 8-K. The amended rules would also instruct companies to provide updates regarding previously reported security breaches.