More than 32,000 new Common Vulnerabilities and Exposures (CVEs) have been recorded so far this year alone, and the National Vulnerability Database (NVD), the US government repository for reported vulnerabilities, now faces an unprecedented backlog of CVEs.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Hot Topic has suffered a data breach affecting 57 million retail customers stemming from a compromised cloud account without multi-factor authentication (MFA).
Amazon has confirmed that it was impacted by the MOVEit third party breach that took place in 2023, and that a large amount of employee data was included with a massive trove that was offered for sale on a hacking forum.
Identity security needs to be like salt. A good identity management solution is always there, always working, and always streamlining access without sacrificing security.
Google Cloud will enforce mandatory MFA by the end of 2025 due to the sensitive nature of cloud deployments and phishing and stolen credentials being top attack vectors.
French digital automation and energy management giant Schneider Electric is investigating a data breach after a hacker claimed they stole dozens of gigabytes and demanded a hefty ransom in Baguettes, a classic popular French bread item.
CISA and the "Five Eyes" national intelligence agencies have issued their annual advisory on the top exploited vulnerabilities for the prior year, and its findings bolster some other recent reports that a successful attack is becoming increasingly likely to be the result of a zero-day.
Banks' current measures against cyber fraud are falling short – and the numbers don’t lie. With a hyperactive threat landscape, what steps should financial institutions take to maximize cybersecurity?
A Nokia security breach has leaked source code from a third-party software development partner, exposing the company’s sensitive data, including keys and hardcoded credentials.
Attackers are targeting the DocuSign APIs to generate large amounts of fake invoices, which often skirt automated security and land in inboxes as they originate from "docusign.net" and appear to be coming from legitimate companies.










