Security News

A list of leaked passwords discovered on a hacker forum may be one of the largest such collections of all time. A 100GB text file leaked by a user on a popular hacker forum contains 8.4 billion passwords, likely gathered from past data breaches, tech news site CyberNews said on Monday.

77% of financial apps have at least one serious vulnerability that could lead to a data breach, an Intertrust report reveals. This report comes at a time where finance mobile app usage has rapidly accelerated, with the number of user sessions in finance apps increasing by up to 49% over the first half of 2020.

Research finds that nearly 50% of data breaches over the past several years originated at the web application layer. Each part of the software development lifecycle interacts with a variety of data stores to enable real-time results and improved user functionality, setting up potential data security hazards.

Researchers also found unauthorized access was the leading cause of breaches for the third consecutive year, increasing year-over-year for the past two years, accounting for 43% of all breaches in 2020. Correspondingly, the total number of breaches increased and while the number of 100-million plus record "Mega-breaches" dropped, cybercriminals broadened their attack surfaces to include organizations of all sizes and across industries to seize valuable assets.

Offices of multiple Japanese agencies were breached via Fujitsu's "ProjectWEB" information sharing tool. Fujitsu also said that attackers had gained unauthorized access to projects that used ProjectWEB, and stolen proprietary data.

The Verizon report examines more breaches than ever before, and sheds light on how the most common forms of cyber attacks affected the international security landscape during the global pandemic. This year's report saw 5,258 breaches from 83 contributors across the globe, a third more breaches analyzed than last year.

Additional insights 93% of organizations who use Microsoft 365 report suffering negative impacts following an email data breach, compared to 84% of organizations who do not use Microsoft 365. 15% of organizations using Microsoft 365 have suffered over 500 data breaches in the last year, compared to just 4% of organizations not using it.

On Wednesday, software company Egress released a report titled "Outbound email: Microsoft 365's security blind spot" highlighting email data breaches and IT frustrations during the coronavirus pandemic. "We can't ignore the risk of email data loss from Microsoft 365 and the limitations of static DLP solutions to mitigate the outbound email security risks that organizations face today."

The results revealed that 28% of middle market leaders claimed that their company experienced data breaches in the last year, a sharp rise from 18% in last year's survey and the highest level since 2015. According to the survey, 33% of middle market executives said they experienced a ransomware attack or demand in 2020, the highest number since ransomware became a focus of the data four years ago, and a 10% increase from last year.

The data breaches caused by the Clop ransomware gang exploiting a zero-day vulnerability have led to a sharp increase in the average ransom payment calculated for the first three months of the year. Clop's attacks did not encrypt a single byte but stole data from large companies that relied on Accellion's legacy File Transfer Appliance and tried to extort them with high ransom demands.