Security News

The number of known Snowflake customer data breaches is rising
2024-06-10 12:44

US-based Snowflake is a cloud data storage and analytics company with 9,800+ global customers, including Mastercard, Honeywell, Pfizer, Wolt, Adobe, and others. Ten days ago, it was revealed that a threat actor has been stealing data from organizations that use the Snowflake cloud-based platform, and that the attacks began in April 2024.

Snowflake account hacks linked to Santander, Ticketmaster breaches
2024-05-31 17:31

A threat actor claiming recent Santander and Ticketmaster breaches says they stole data after hacking into an employee's account at cloud storage company Snowflake. Snowflake disputes these claims, saying recent breaches were caused by poorly secured customer accounts.

SEC requires financial institutions to notify customers of breaches within 30 days
2024-05-20 09:53

The Securities and Exchange Commission announced the adoption of amendments to Regulation S-P to modernize and enhance the rules that govern the treatment of consumers' nonpublic personal information by certain financial institutions."These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers' financial data. The basic idea for covered firms is if you've got a breach, then you've got to notify. That's good for investors."

Understanding cyber risks beyond data breaches
2024-05-20 03:00

While some may associate cyber risks primarily with technology and data breaches, they can also lead to brand or reputational harm, reduced productivity, and financial losses. This Help Net Security round-up presents excerpts from previously recorded videos featuring security experts covering a spectrum of cyber risk trends, ranging from threats to large language models and supply chains to social engineering tactics and the proliferation of celebrity audio deepfakes.

Norway recommends replacing SSL VPN to prevent breaches
2024-05-16 19:07

SSL VPN and WebVPN provide secure remote access to a network over the internet using SSL/TLS protocols, securing the connection between the user's device and the VPN server using an "Encryption tunnel." "The severity of the vulnerabilities and the repeated exploitation of this type of vulnerability by actors means that the NCSC recommends replacing solutions for secure remote access that use SSL/TLS with more secure alternatives. NCSC recommends Internet Protocol Security with Internet Key Exchange," reads the NCSC announcement.

2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element
2024-05-02 05:30

The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches, according to Verizon's 2024 Data Breach Investigations Report, which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023. "This year's DBIR findings reflect the evolving landscape that today's CISO's must navigate - balancing the need to address vulnerabilities quicker than ever before while investing in the continued employee education as it relates to ransomware and cybersecurity hygiene," said Craig Robinson, Research VP, Security Services at IDC. "The breadth and depth of the incidents examined in this report provides a window into how breaches are occurring, and despite the low-level of complexity are still proving to be incredibly costly for enterprises."

How insider threats can cause serious security breaches
2024-04-29 04:30

Please turn on your JavaScript for this page to function normally. Insider threats are a prominent issue and can lead to serious security breaches.

Russian Sandworm hackers pose as hacktivists in water utility breaches
2024-04-17 17:08

The Sandworm hacking group associated with Russian military intelligence has been hiding attacks and operations behind multiple online personas posing as hacktivist groups. Sandworm - a.k.a. BlackEnergy, Seashell Blizzard, Voodoo Bear, has been active since at least 2009, with multiple governments attributing its operations to Unit 74455, the Main Centre for Special Technologies within the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, better known as the Main Intelligence Directorate.

Stopping security breaches by managing AppSec posture
2024-04-11 03:00

Many security vulnerabilities result from human error, and the majority of these are reflected in the application layer. These errors may occur at any stage in the software development life cycle, from code to cloud.

New Latrodectus malware replaces IcedID in network breaches
2024-04-04 20:38

A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023. IcedID is a malware family first identified in 2017 that was originally classified as a modular banking trojan designed to steal financial information from infected computers.