Security News

Although CISA doesn't provide specific password recommendations in the ransomware guidance, it recommends following the NIST password security guidelines. In one analysis it was discovered 83% of compromised passwords satisfy the password length and complexity requirements of regulatory password standards.

Every year hundreds of millions of malware attacks occur worldwide, and every year businesses deal with the impact of viruses, worms, keyloggers, and ransomware. Businesses need to defend against malware entering the network, and then on top of that have systems and processes in place to restrict the damage that malware can do if it infects a user device.

ESET researchers have uncovered a compromise of an East Asian data loss prevention company. The attackers utilized at least three malware families during the intrusion, compromising both the internal update servers and third-party tools utilized by the company.

A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the software developer's network, and trojanized installers of legitimate tools used by the company, which eventually resulted in the execution of malware on the computers of the company's customers," ESET researcher Facundo Muñoz said.

The ransomware attack on Rackspace has taught us the importance of good cybersecurity habits. Rackspace took to social media on December 6, 2022, posting on Twitter that the outage resulted from a ransomware attack.

Before digging into DLP specifics, consider the deceptive marketing behind data loss prevention "As a service." The name implies that DLP is just one aspect of maintaining a security posture, when in fact, preventing data loss encompasses almost all of cybersecurity. An organization must ensure they have the right people, with the right experience, and enough of them to implement DLP properly.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Since the early stages of the pandemic, account takeover fraud has significantly transformed, quickly becoming one of the fastest-growing cybersecurity threats with 22% of adults in the US falling victim to this attack. With new user fraud, synthetic ID, IRSF and promo abuse increasing rapidly, the new avenues for account takeover have turned this scheme into a beast that feels unstoppable.

Many cyberattacks begin with the same weakness: user accounts. More specifically, they exploit user credentials, with 89% of web application attacks in 2021 involving stolen or misused usernames and passwords.

As attackers rely on a range of automated offensive testing tools to scan their targets' attack surfaces and propagate inside their network, a purely reactive defensive stance based on detection and response is increasingly likely to be overwhelmed by an attack. The logical tactical move is to emulate attackers' TTPs and behaviors beforehand by integrating attack simulation tools to continuously validate the impermeability of the attack surface as a whole, the efficacy of security controls, as well as access management and segmentation policies, etc.