Report from Momentum Cyber finds that the first half of 2021 was the busiest on record for the cybersecurity market in terms of investment and strategic activity. The torrid pace has been indirectly driven by the massive spike in ransomware attacks.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
UPS Canada has disclosed an extended data breach from February 2022 to April 2023. Attackers were able to access customer shipping information that should have been private, and are believed to have used some of it in an SMS phishing campaign.
While there was no unauthorized access of user accounts for the third party breach, Dave’s users can expect phishing and identity fraud scams based on the information that was breached.
A two-day international summit held in the UK has concluded with an agreement on AI safety, with 28 countries that represent most of the leading forces in AI development getting on board.
DHS is now requesting that the U.S. Congress grant it extraordinary administrative subpoena powers so that it can request ISPs to turn over the contact information for the owners of industrial control systems.
Individuals, business leaders, and all other types of organization leaders need to improve their ransomware protections to protect their personal data, preserve privacy, and maintain access to their other data. What are some of the simple steps to avoid being a ransomware victim?
Globant SAS confirmed a data breach affecting a "limited" number of customers after Lapsus$ hackers published 70GB of source code allegedly stolen from the company. Screenshots suggested that the leaked customer source code belonged to companies like Apple, Facebook and DHL.
A new OpenSSH vulnerability discovered by threat researchers is the biggest security issue to appear in the utility suite in about two decades. The bug is an unauthenticated RCE vulnerability that builds on a prior issue that was patched out in 2006.
NIST’s Guide to a Secure Enterprise Network Landscape released in November 2022 examines the shift from on-premise networks to multiple cloud servers. Although the guide doesn’t address SaaS applications directly many of the principles it discusses can be applied to the SaaS ecosystem.
Law firm associated with Donald Trump and half of Fortune 500 companies leaked 100 GB of confidential client information in a third-party data breach linked to Clop ransomware.










