Security News

Whether it's through stolen credentials, phishing attacks, or simply user errors, people continue to pose the greatest risk to cybersecurity. While behavioral attacks are nothing new, Verizon's recently released Data Breach Investigations Report shows that it's as bad as ever, with 82% of breaches in the report involving a human element.

How would you describe the biggest security threat to your organization? Perhaps you envision a faceless cybercrime syndicate or hostile state. As SANS Institute senior instructor Lance Spitzner explains in this analysis of Verizon's latest Data Breach Incident Report, your biggest security threat is actually the humans you work with day in, day out.

PCI DSS is a global standard that provides a baseline of technical and operational requirements designed to protect account data. To provide organizations time to understand the changes in the new version and implement any updates needed, the current version of PCI DSS, 3.2.1, will remain active for two years until it is retired on 31 March 2024.

Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency, has warned the UK government that they could be the victim of a 9/11-style cyber-attack unless they face up to the "Magnitude of the threat" posed by ransomware. In agreement with this, Steve Barclay, the UK government Minister responsible for cybersecurity, claims that "The greatest cyber threat to the UK - one now deemed severe enough to pose a national security threat - is from ransomware attacks."

In the world of illegal cyber activities, different kinds of threat actors exist. Another category of threat actors exists, dubbed hackers-for-hire.

In this video for Help Net Security, Scott Sutherland, Senior Director, Adversary Simulation and Infrastructure Testing, NetSPI, discusses how, in order to stay ahead of malicious actors,...

An employee of OpenSea's email delivery vendor Customer.io "Misused" their access to download and share OpenSea users' and newsletter subscribers' email addresses "With an unauthorized external party," Head of Security Cory Hardman warned on Wednesday. "If you have shared your email with OpenSea in the past, you should assume you were impacted," Hardman continued.

The report also shows that EMEA continues to be a hotspot for malware threats. Overall regional detections of basic and evasive malware show WatchGuard Fireboxes in EMEA were hit harder than those in North, Central and South America at 57% and 22%, respectively, followed by Asia-Pacific at 21%. "Based on the early spike in ransomware this year and data from previous quarters, we predict 2022 will break our record for annual ransomware detections," said Corey Nachreiner, chief security officer at WatchGuard.

The threat of firmware attacks is a growing concern for IT leaders now that hybrid workers are connecting from home networks more frequently: With hybrid or remote work now the norm for many employees there is a greater risk of working on potentially unsecure home networks meaning that the level of threat posed by firmware attacks has risen. More than eight-in-ten IT leaders say firmware attacks against laptops and PCs now pose a significant threat, while 76% of ITDMs said firmware attacks against printers pose a significant threat.

Conti, Quantum and Mountlocker were all linked to having used the new piece of software to inject systems with ransomware. The post New Bumblebee malware loader increasingly adopted by cyber...