Security News
The Securities and Exchange Commission announced the adoption of amendments to Regulation S-P to modernize and enhance the rules that govern the treatment of consumers' nonpublic personal information by certain financial institutions."These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers' financial data. The basic idea for covered firms is if you've got a breach, then you've got to notify. That's good for investors."
While some may associate cyber risks primarily with technology and data breaches, they can also lead to brand or reputational harm, reduced productivity, and financial losses. This Help Net Security round-up presents excerpts from previously recorded videos featuring security experts covering a spectrum of cyber risk trends, ranging from threats to large language models and supply chains to social engineering tactics and the proliferation of celebrity audio deepfakes.
SSL VPN and WebVPN provide secure remote access to a network over the internet using SSL/TLS protocols, securing the connection between the user's device and the VPN server using an "Encryption tunnel." "The severity of the vulnerabilities and the repeated exploitation of this type of vulnerability by actors means that the NCSC recommends replacing solutions for secure remote access that use SSL/TLS with more secure alternatives. NCSC recommends Internet Protocol Security with Internet Key Exchange," reads the NCSC announcement.
The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches, according to Verizon's 2024 Data Breach Investigations Report, which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023. "This year's DBIR findings reflect the evolving landscape that today's CISO's must navigate - balancing the need to address vulnerabilities quicker than ever before while investing in the continued employee education as it relates to ransomware and cybersecurity hygiene," said Craig Robinson, Research VP, Security Services at IDC. "The breadth and depth of the incidents examined in this report provides a window into how breaches are occurring, and despite the low-level of complexity are still proving to be incredibly costly for enterprises."
Please turn on your JavaScript for this page to function normally. Insider threats are a prominent issue and can lead to serious security breaches.
The Sandworm hacking group associated with Russian military intelligence has been hiding attacks and operations behind multiple online personas posing as hacktivist groups. Sandworm - a.k.a. BlackEnergy, Seashell Blizzard, Voodoo Bear, has been active since at least 2009, with multiple governments attributing its operations to Unit 74455, the Main Centre for Special Technologies within the Main Directorate of the General Staff of the Armed Forces of the Russian Federation, better known as the Main Intelligence Directorate.
Many security vulnerabilities result from human error, and the majority of these are reflected in the application layer. These errors may occur at any stage in the software development life cycle, from code to cloud.
A relatively new malware called Latrodectus is believed to be an evolution of the IcedID loader, seen in malicious email campaigns since November 2023. IcedID is a malware family first identified in 2017 that was originally classified as a modular banking trojan designed to steal financial information from infected computers.
A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable of delivering additional backdoors on compromised Linux...
Even fake data breaches can have real repercussions. Epic Games, maker of Fortnite was a victim of a fake data breach by a cybercrime group that claimed without evidence it had absconded source code and sensitive user data.