F5 Credential Stuffing Report found that credential spills doubled between 2016 and 2020 while credential stuffing became the preferred attack method.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
About 26 Million Fortune 1000 Employee Credentials Available on the Dark Web, Password Reuse Rampant
SpyCloud found about 26 million Fortune 1000 employee credentials circulating on the dark web. Password reuse, weak passwords, and infostealers were responsible for the leaks.
The supply chain attack method leverages commonly-used dependency managers and private or non-existent dependencies to install malicious code and backdoors in internal applications.
Is your vulnerability management team overwhelmed and demoralized by the need to play catch up with a ceaseless flood of vulnerabilities? Using security intelligence can enable risk-prioritized vulnerability management.
New paper tackles the two conflicting challenges that complicate compliance with regulations: fear of failing an audit versus the costs of running effective programs.
From the Capitol riot to squashing of Parler, clamping down on WeChat and TikTok to impact of the SolarWinds hack, these have been a whirlwind few months full of revelations.
Florida city of Oldsmar recently experienced a big scare as a hacker was able to penetrate the water treatment plant via remote access software. The hacker then attempted to poison the city's water supply.
UK's NCSC issued an alert over the growing risk of ransomware attacks as threat actors diversified attack vectors and monetization methods, with some victims hit by repeat attacks shortly after paying a ransom.
The FTC reported that identity theft doubled during the pandemic as scammers targeted COVID-19 relief payments to individuals and government-sponsored loans for small businesses.
Suspected Chinese hackers exploited a second SolarWinds hack to compromise the National Finance Center, which processes salaries for agencies including the FBI and the DHS.










