A poorly configured Amazon cloud database resulted in the Capital One breach exposing information of 106 million U.S. and Canadian customers and applicants. What are the five steps that organizations can take to prevent such attacks?
The New York Department of Financial Services (NYDFS) Cybersecurity Regulation blazed a trail in 2017, forming the basis for similar laws for other industries in other states. Currently, the regulation serves as a useful model for managing cybersecurity risks, regardless of industry.
About 90 major hotels and resorts worldwide had their security logs exposed in a third party data breach. Source of the breach is ironically from their management company's intrusion detection system.
Most ransomware attacks begin with some combination of phishing and social engineering. An enterprising ransomware gang in Nigeria appears to be skipping this messy step, simply making a direct pitch to employees to join in on the attack.
Because of the significant damage a DDoS attack can cause, many IT teams will put protecting against the threat high on their agenda. However, what many IT teams may be completely unaware of is that there are a wide variety of different types of DDoS attack vectors in a cybercriminals’ arsenal.
The Lazarus hackers are generally in pursuit of profit. But in this case, the main interest appears to be cyber espionage. A report indicates that the group is targeting the Log4j vulnerability in energy companies.
Report found that most organizations that suffered successful ransomware attacks since 2019 had perimeter defenses in place and had trained their employees on phishing.
419 million Facebook users are vulnerable to phishing attacks, SIM swaps and spam with their phone numbers exposed through a number of online databases found without password protection.
Hacker created a Telegram bot to sell information belonging to 533 million Facebook users. Buyers could search users' mobile numbers using account IDs or vice versa.
Lloyd’s of London has issued a bulletin indicating that its cyber insurance products will no longer cover the fallout of cyber attacks exchanged between nation-states. This definition extends to operations that have "major detrimental impact on the functioning of a state."