Two zero-day vulnerabilities in Ivanti products that were disclosed in January (and patched weeks later) have turned out to be the source of a breach of MITRE, the US government-funded cybersecurity research center. China's nation-state hackers are suspected to be behind the attack given similarities in exploiting these same vulnerabilities in other incidents, but this is not confirmed as of yet.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Global chipmaker Nexperia confirmed a significant data breach after hackers accessed some of its systems and potentially stole sensitive information, including the company’s intellectual property.
The LabHost phishing service had been active since 2021 and was responsible for the theft of at least 480,000 credit and debit card numbers with 64,000 pin numbers. According to the London Metropolitan Police, university students were among the 37 suspects recently rounded up in a law enforcement operation that took down the LabHost phishing service.
A “large-scale cyber attack” has taken down local government services in several French municipalities since the night of Tuesday, April 9. Local media reported that municipal workers who reported to work on Wednesday were instructed not to switch on their computers or use other devices.
Leading cybersecurity firm Mandiant believes that a notorious group of Russian hackers is behind a recent rash of attacks on water utilities in several countries, including the United States. On January 18 the group was able to induce a tank overflow at a Texas water treatment plant, and has made similar incursions in France and Poland.
After weathering two waves of credential stuffing attacks thus far in 2024, the second of which involved over half a million compromised accounts, Roku is now requiring that customers set up a 2FA method.
Weak cyber security practices mean a company will almost certainly experience a data breach – the only question is the order of magnitude of dollars lost, reputational damage, and downstream harm to the individuals who trusted the company with their data.
Home improvement retail chain Home Depot suffered a third-party data breach when a trusted vendor leaked a sample of 10,000 employee records during software testing.
As with many of these recent attempts at a comprehensive federal privacy law, the bill has bipartisan support. But its fate is just as uncertain as any of its predecessors during a Congressional period in which data privacy has been kept in the backseat.
Fraud detection and cybersecurity have traditionally been separate disciplines. However, increasingly sophisticated attacks, especially those targeting APIs with malicious bots, demand a more integrated defense.










