How bad is the breach of the MOVEit zero-day to businesses, government agencies and their customers? The short answer is that the known fallout from the Clop ransomware group attack already looks bad and keeps getting worse as ongoing investigations add to the victim count of 20 million people.
While IT-OT convergence is accelerating, awareness and maturity of OT technologies still have a long road ahead. In this transition, organizations need to ensure the safety and health of workers is always the top priority for OT security, said Andre Shori, CISO, APAC with Schneider Electric.
Microsoft estimates that each day threat actors attack 95 million Active Directory accounts. In the face of so many attacks, security teams should assume compromise and focus not just on securing Active Directory but also on recovery and resilience, said Semperis' Simon Hodgkinson.
In the drive to build a more diverse workforce, security organizations are progressing in many ways, such as ensuring that required skills in job descriptions are more inclusive, said Ed Parsons of (ISC)². But he added that job recruiters need to "meet underrepresented groups where they are."
Enterprise software firm JumpCloud says a sophisticated nation-state threat actor is behind a security incident that targeted a small and specific set of customers last week. JumpCloud reset all of its API keys, potentially affecting thousands of customers including Cars.com and GoFundMe.
Based on the 1,862 U.S. data breach notifications issued in the first half of this year, 2023 looks set to break multiple records, especially as more breaches come to light due to the Clop ransomware group exploiting a zero-day flaw in widely used MOVEit file transfer software.
Security appliance manufacturers SonicWall and Fortinet fixed multiple critically rated vulnerabilities in their network security products this week. The fixes include authentication bypass flaws that could result in exposure of sensitive information. Regulators urge users to patch soon.
Security experts say China-based hackers are "leading their peers in the deployment of zero-days" in the wake of another wide-ranging attack that abused a flaw in Microsoft Outlook and used forged authentication tokens to access email accounts of governments in the United States and Western Europe.
Orca has accused cloud security rival Wiz of violating two patents associated with securing virtual machines and virtual cloud assets at rest against cyberthreats. Orca's complaint accused Wiz of patent infringement across its portfolio, including in its CNAPP, CSPM, CIEM, DSPM, IaC and CDR tools.
Retired four-star Gen. Keith Alexander resigned as IronNet's CEO as part of a deal with C5 Capital to take the beleaguered threat detection firm private. C5 extended IronNet a financial lifeline in exchange for Alexander, 71, giving up day-to-day management of the company he founded nine years ago.
Spanish law enforcement authorities said they have brought down a cybercriminal ring that deployed a range of hacking techniques to target banking customers. The group operators extorted 100,000 euros and offered crime as a service to other criminals, the police said.
Honeywell plans to purchase an OT security vendor founded by Israel Defense Forces veterans to deliver asset discovery, threat detection and compliance management to industrial organizations. The SCADAfence acquisition will allow Honeywell to offer an end-to-end enterprise OT cybersecurity platform.
Attackers are targeting the weakest link in the supply chain. Because every vendor poses a risk, you need to classify them by risk and track all the data they manage, said Matan Or-El, co-founder and CEO of Panorays, who advised taking a holistic view of your third-party risk program.
Information on up to 11 million patients of hospital chain HCA Healthcare is up for sale on a dark web forum. HCA Healthcare on Monday confirmed an incident involving data theft from an external location used to automate the formatting of email messages but said it is still investigating.
A security researcher discovered a Bangladesh government web portal that exposed the personal information of about 50 million citizens, including their birth registration records, phone numbers and national identity numbers. His efforts to notify the government of the security flaw went unanswered.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.