Security News
The European car rental company immediately launched an investigation, only to discover that the data being sold was completely doctored, possibly using generative AI. Why fake a data breach? Threat actors can announce a fake data breach, which can spark fears, panic and loss of public confidence, causing the stock prices to drop; in this way, cybercriminals can manipulate the market for financial gain.
Organizations continue to struggle in detecting breaches as they become more targeted and sophisticated, with more than 1 out of 3 organizations citing their existing security tools were unable to detect breaches when they occur, according to Gigamon. As hybrid cloud environments grow in complexity and bad actors launch a barrage of unseen attacks, 65% of respondents believe that their existing solutions cannot effectively detect breaches.
The number of cybersecurity incidents reported by US federal agencies rose 9.9 percent year-on-year in 2023 to a total of 32,211, per a new White House report, which also spilled the details on the most serious incidents suffered across the government. Brute force attacks on networks and services were the only other vector to register more than 1,000 cases - but took the price for the biggest YoY percentage increase in incidents, up from just 197 the year before.
Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million users. This colossal breach, with a price tag of...
US-based Snowflake is a cloud data storage and analytics company with 9,800+ global customers, including Mastercard, Honeywell, Pfizer, Wolt, Adobe, and others. Ten days ago, it was revealed that a threat actor has been stealing data from organizations that use the Snowflake cloud-based platform, and that the attacks began in April 2024.
A threat actor claiming recent Santander and Ticketmaster breaches says they stole data after hacking into an employee's account at cloud storage company Snowflake. Snowflake disputes these claims, saying recent breaches were caused by poorly secured customer accounts.
The Securities and Exchange Commission announced the adoption of amendments to Regulation S-P to modernize and enhance the rules that govern the treatment of consumers' nonpublic personal information by certain financial institutions."These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers' financial data. The basic idea for covered firms is if you've got a breach, then you've got to notify. That's good for investors."
While some may associate cyber risks primarily with technology and data breaches, they can also lead to brand or reputational harm, reduced productivity, and financial losses. This Help Net Security round-up presents excerpts from previously recorded videos featuring security experts covering a spectrum of cyber risk trends, ranging from threats to large language models and supply chains to social engineering tactics and the proliferation of celebrity audio deepfakes.
SSL VPN and WebVPN provide secure remote access to a network over the internet using SSL/TLS protocols, securing the connection between the user's device and the VPN server using an "Encryption tunnel." "The severity of the vulnerabilities and the repeated exploitation of this type of vulnerability by actors means that the NCSC recommends replacing solutions for secure remote access that use SSL/TLS with more secure alternatives. NCSC recommends Internet Protocol Security with Internet Key Exchange," reads the NCSC announcement.
The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches, according to Verizon's 2024 Data Breach Investigations Report, which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023. "This year's DBIR findings reflect the evolving landscape that today's CISO's must navigate - balancing the need to address vulnerabilities quicker than ever before while investing in the continued employee education as it relates to ransomware and cybersecurity hygiene," said Craig Robinson, Research VP, Security Services at IDC. "The breadth and depth of the incidents examined in this report provides a window into how breaches are occurring, and despite the low-level of complexity are still proving to be incredibly costly for enterprises."