Security News

The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in...

69% of identity-based incidents involved malicious logins from suspicious infrastructure, which are hosting providers or proxies that aren't expected for a user or organization, according to Expel. Identity-based incidents accounted for 64% of all incidents investigated by the Expel SOC, a volume increase of 144% from 2022 to 2023.

This policy from TechRepublic Premium provides guidelines for the reporting of information security incidents by company employees. The goal is to facilitate the security response and remediation process to ensure the least amount of potential damage to systems, networks, customers and business reputation.

Natural catastrophes, fire, explosion, and political risks and violence are the biggest risers in the latest compilation of the top global business risks. In the United States, cyber has replaced business interruption as the leading risk for the year ahead. Natural catastrophes rose to the third spot.

The SEC has instituted a set of guidelines "Requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance." These new guidelines went into effect on December 18, 2023, which means 2024 will be an important year for enterprises and how they adhere to current security regulations. Establishing a reporting infrastructure that sheds light on what, how, and when security incidents are disclosed is important for the industry at large and is a huge step toward having cybersecurity seen as a business-wide issue.

Why is it that when a company becomes aware of a potential data security incident, the team working on it have an immediate and overwhelming feeling that the company is doomed? And yet, when there's another kind of high-risk event, such as an ethics investigation, it doesn't cause the same apocalyptic feelings? Cybersecurity professionals in legal and IT security departments have key roles in working through a data security incident, but often fail to build up a trusted relationship in advance.

Xerox has officially confirmed that a cyber baddie broke into the systems of its US subsidiary - a week after INC Ransom claimed to have exfiltrated data from the copier and print giant. Xerox Business Solutions, a subsidiary of Xerox, offers a range of products and services, from managed IT and print services, to robotic process automation solutions, and more.

As healthcare organizations increasingly rely on interconnected systems, electronic health records, and telemedicine, the industry becomes a prime target for malicious actors seeking to exploit vulnerabilities. The consequences of a cybersecurity breach in healthcare are not only measured in compromised data but also in jeopardized patient safety and trust.

Cybercrime actor DragonForce which claimed responsibility for the attack has also leaked 95 GB of data that it states, belongs to the company. In a statement to BleepingComputer, Yakult Australia confirmed it was investigating a cyber incident that occurred in mid-December.

China's Ministry of Industry and Information Technology (MIIT) on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system. The...