Security News
"Technology is accelerating at a breakneck pace - bringing sophisticated new tools to both attackers and defenders. And although attacker tools are evolving, social engineering continues to be the leading tactic used to breach corporate networks," said Noopur Davis, EVP, Chief Information Security and Product Privacy Officer, Comcast Corporation and Comcast Cable. The report leverages data from 23.5 billion cybersecurity attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities.
As you can imagine, especially in an online world in which ransomware breaches can bring a company to a digital standstill overnight, and where even coughing up a multimillion-dollar blackmail payment to the attackers for a "Recovery program" might not be enough to get things going again. Ransomware attacks these days frequently involve cybercriminals stealing copies of your trophy data first, notably including employee and customer details, and then scrambling your copies of those very same files, thus squeezing you into a double-play cybersecurity drama.
Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. A typical example of an IDOR flaw is the ability of a user to trivially change the URL to obtain unauthorized data of another transaction.
The defense sector in Ukraine and Eastern Europe has been targeted by a novel. NET-based backdoor called DeliveryCheck that's capable of delivering next-stage payloads.
Thales cloud security study shows that 79% of organizations have more than one cloud provider and 75% of companies said they store at least 40% of their sensitive data in the cloud. While Thales, in its 2023 Cloud Security Study, found that well over a third of businesses experienced a data breach in their cloud environment last year versus 34% in 2021, organizations are increasingly caching sensitive data in multiple cloud environments.
While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches aren't spotted by IT and security professionals, according to Gigamon. Only 19% claim effective security education for staff is a crucial factor for gaining confidence on IT infrastructure security.
Findings in network intelligence firm Gigamon's Hybrid Cloud Security Survey report suggest there's a disconnect between perception and reality when it comes to vulnerabilities in the hybrid cloud: 94% of CISOs and other cybersecurity leaders said their tools give them total visibility of their assets and hybrid cloud infrastructure, yet 90% admitted to having been breached in the past 18 months, and over half fear attacks coming from dark corners of their web enterprises. Key to understanding hybrid cloud security Must-read security coverage Google offers certificate in cybersecurity, no dorm room required The top 6 enterprise VPN solutions to use in 2023 EY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverse Electronic data retention policy.
American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data breaches on Friday caused by the hack of Pilot Credentials, a third-party vendor that manages multiple airlines' pilot applications and recruitment portals. According to breach notifications filed on Friday with Maine's Office of the Attorney General, American Airlines said the data breach affected 5745 pilots and applicants, while Southwest reported a total of 3009.
Verizon Business today released the results of its 16th annual Data Breach Investigations Report, which analyzed 16,312 security incidents and 5,199 breaches. Chief among its findings is the soaring cost of ransomware - malicious software that encrypts an organization's data and extorts large sums of money to restore access.
API calls make up the majority of our digital lives. Take, for example, the everyday use of a cloud-based food delivery app, which could involve up to 25 API calls.