Legal action may be forthcoming for organizations that do not patch Log4j. The FTC has issued an alert that references the Equifax breach (which ended in a settlement of $700 million) as a precedent.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Password Manager LastPass says no master password was compromised after multiple users received unauthorized login alerts. The company blamed credential stuffing and system errors.
By increasing security awareness, an organization can reduce its chance of having a cybersecurity incident by up to 70%. But, cybersecurity training can be cumbersome, meaning companies, and its employees, might not prioritize it, or at the very worst, not do it all.
Cyber attack on Norwegian media company Amedia halted the publication of printed newspapers and potentially compromised personal information of employees and subscribers.
To address supply chain attacks, the latest Firmware Integrity Measurement (FIM) specification, released by Trusted Computing Group, provides a framework to establish the integrity baseline of the firmware running on a device at the manufacturing stage.
Fraudsters stole at least S$8.5 million from OCBC Bank customers through fake SMS impersonating the bank. OCBC warned of increased phishing scams in December 2021.
Work from home has quickly taken over in many enterprises due to the recent crisis. However, a majority of enterprises forced into the remote work paradigm were unprepared at an infrastructural, policy, and cultural level.
Quantitative cybersecurity budgeting helps security professionals properly translate security risks into business risks and demonstrate how cyber risks impact the organization as a whole – which are key to getting buy-in from non-technical stakeholders.
Positive Technologies found that cybercriminals can penetrate 93% of company networks, disrupt processes and services, steal funds and data, while insiders can breach 100% of networks.
Ethereum DeFi system Polygon has announced that it patched a critical vulnerability that stood to put some $24 billion of its MATIC coins at risk. The company kept the issue quiet for weeks as it worked to patch it out.










