Security News

Over the next few weeks, Nissan Oceania will make contact with around 100,000 people in Australia and New Zealand whose data was pilfered in a December 2023 attack on its systems - perhaps by the Akira ransomware gang. Some of those affected by the breach were customers of finance services that Nissan operated and branded for rival automakers Mitsubishi, Renault, Infiniti, LDV, and RAM. "We know this will be difficult news for people to receive, and we sincerely apologize to our community for any concerns or distress it may cause," Nissan said in a statement posted to its website.

In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major...

This policy from TechRepublic Premium provides information on defining an incident, assigning an incident response team, documenting a plan and conducting a response. DOCUMENT AN INCIDENT RESPONSE PLAN. Draw up a plan for incident response and start by including a detailed list of system/application/device information.

The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in...

69% of identity-based incidents involved malicious logins from suspicious infrastructure, which are hosting providers or proxies that aren't expected for a user or organization, according to Expel. Identity-based incidents accounted for 64% of all incidents investigated by the Expel SOC, a volume increase of 144% from 2022 to 2023.

This policy from TechRepublic Premium provides guidelines for the reporting of information security incidents by company employees. The goal is to facilitate the security response and remediation process to ensure the least amount of potential damage to systems, networks, customers and business reputation.

Natural catastrophes, fire, explosion, and political risks and violence are the biggest risers in the latest compilation of the top global business risks. In the United States, cyber has replaced business interruption as the leading risk for the year ahead. Natural catastrophes rose to the third spot.

The SEC has instituted a set of guidelines "Requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance." These new guidelines went into effect on December 18, 2023, which means 2024 will be an important year for enterprises and how they adhere to current security regulations. Establishing a reporting infrastructure that sheds light on what, how, and when security incidents are disclosed is important for the industry at large and is a huge step toward having cybersecurity seen as a business-wide issue.

Why is it that when a company becomes aware of a potential data security incident, the team working on it have an immediate and overwhelming feeling that the company is doomed? And yet, when there's another kind of high-risk event, such as an ethics investigation, it doesn't cause the same apocalyptic feelings? Cybersecurity professionals in legal and IT security departments have key roles in working through a data security incident, but often fail to build up a trusted relationship in advance.

Xerox has officially confirmed that a cyber baddie broke into the systems of its US subsidiary - a week after INC Ransom claimed to have exfiltrated data from the copier and print giant. Xerox Business Solutions, a subsidiary of Xerox, offers a range of products and services, from managed IT and print services, to robotic process automation solutions, and more.