Security News

In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024. These threats include data...

Join Intel, DETASAD, Juniper Networks, and Arqit to hear essential strategies in this webinar on July 30th Webinar Artificial Intelligence (AI) is revolutionizing industries worldwide, but with...

When it comes to the cyber threat landscape, change is the only constant: the inevitable interplay between cybercriminals and law enforcement agencies makes it inevitable. Europol's recently released Internet Organised Crime Threat Assessment 2024 report covers events - law enforcement actions - that happened in the last 12 months and how the cyber threat landscape shifted because of them.

As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. These bots target the industry through unauthorized scraping, seat spinning, account takeover, and fraud.

Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America, South America, and Oceania, including two unnamed Asia-Pacific intergovernmental organizations.

The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. The same threat actors are also likely tied to the BlackCat ransomware operation, which recently conducted an exit scam after stealing a UnitedHealth ransom payment.

Elevated Privileges: Accidental download of malware by an insider can grant attackers elevated privileges, allowing them to tamper with critical systems or steal large amounts of data. Attackers can impersonate managers and colleagues to manipulate insiders into divulging sensitive information or exercising their privileges to the benefit of the external threat.

Threat actors are also hijacking non-human identities, including service accounts and OAuth authorizations, and riding them deep into SaaS applications. When threat actors get through the initial defenses, having a robust Identity Threat Detection and Response system in place as an integral part of Identity Security can prevent massive breaches.

While previous Olympic games have faced cybersecurity threats, the Games of the XXXIII Olympiad, also known as Paris 2024, will see the largest number of threats, the most complex threat landscape, the largest ecosystem of threat actors, and the highest degree of ease for threat actors to execute attacks, according to IDC. To defend against these attacks and avoid significant disruptions, IDC estimates that revenue from cybersecurity services in France will increase by $94 million in 2024 as a result of the Olympic Games, adding just over two percentage points to total cybersecurity services spending. Paris 2024 will be the most connected games ever, including but not limited to back-of-house systems, financial systems, critical national infrastructure, city infrastructure, sport technology, broadcast technology, and merchandising and ticketing.

The first step to managing data security risks is to identify and understand what data you have. Without this level of data visibility, managing data security risks is impossible, because data has no rules.