Security News

In The State of Pentesting 2021 report we dive into data from 1,602 pentests performed in 2020 on Cobalt's Pentest as a Service platform. We also survey 601 security practitioners, who are not Cobalt customers, to validate our findings.

Italian energy company ERG reports "Only a few minor disruptions" affecting its information and communications technology infrastructure following a ransomware attack on its systems. While the Italian renewable energy group only reffered to the incident as a hacker attack, La Repubblica reported that the attack was coordinated by the LockBit 2.0 ransomware group.

A bipartisan report released this week by the United States Senate's Homeland Security and Governmental Affairs Committee shows that key government agencies have made little progress in terms of cybersecurity over the past two years. A report published in 2019 found that eight federal agencies failed to meet even the basic cybersecurity standards and protocols.

In the company's annual Human Factor 2021 report assessing how the threat landscape morphed over the past year - released on Wednesday - Proofpoint researchers scratched their heads over the reasons for so many users succumbing to malicious CAPTCHAs or clicking on poisoned images in steganography attacks. Since its inception in 2014, the Human Factor report has looked at how people play into risk, including where users are most vulnerable, how attackers target them, and the havoc that can be wreaked when threat actors compromise privileged access to data, systems and other resources.

Credential phishing accounted for two-thirds of malicious emails, and attacks that tricked users into opening attachments were the most successful, enticing one in five people into opening them. Business email compromise attacks have become more complicated, CAPTCHA screens are now being used to aid in the realism of malicious web pages, and steganography had the highest rate of success, with one in three falling victim.

Like almost all Apple security fixes, the update arrived without any sort of warning, but unlike most Apple updates, only a single bug was listed on the "Fix list," and even by Apple's brisk and efficient bug-listing standards, the information published was thin. All we know is that Apple says that it "Is aware of a report that this issue may have been actively exploited".

Firms looking to save money by shifting to more flexible ways of working will need to think carefully about IT security and the additional cost of breaches linked to staff working from home. That's according to the latest annual "Cost of a Data Breach Report" conducted by Ponemon Institute along with IBM Security, which found that the average total cost of a remote-working data breach was more than $1m higher than cyberattacks where remote working wasn't a factor.

The British government wants to make Amazon, Google, and other digital service providers report cybersecurity breaches to the Information Commissioner, according to newly published plans. Due to Brexit, the government can amend the UK's Network and Information Security Regulations to let the Information Commissioner's Office, the local data watchdog, dictate what kind of cybersecurity breaches must be reported to it.

Shopify has forked out $50,000 in a bug bounty payment to computer science student Augusto Zanellato following the discovery of a publicly available access token which gave world+dog read-and-write access to the company's source code repositories. "I found out that the user in question was a member of the Shopify organisation and that he had push and pull access to all the private Shopify repositories."

Veeam Software announced another quarter of double-digit growth with an annual recurring revenue increase of 26% year-over-year for Q2'21. Veeam delivered more than 20 new product releases including significant enterprise-grade feature updates over the last 18 months and several major releases in 1H'21 - Veeam Backup for Google Cloud Platform and Veeam Backup & Replication v11. "Now, more than ever, especially as ransomware attacks increase, data is the lifeblood of organizations. The need for Modern Data Protection to achieve operational objectives and business continuity is fueling the demand for Veeam's industry-leading solutions," said William H. Largent, Chief Executive Officer and Chairman of the Board at Veeam.