To many, the new SEC rules that require public companies to disclose “material” cybersecurity incidents within four days of determining their materiality may seem like a challenging, if not unreasonable, demand. Companies should put a priority on preparing incident response plans that will help them meet compliance.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Insurance giant Allianz SE's annual survey on business risk finds that organizations are most concerned about cyber events going into 2024, once again placing it as their top risk category above business interruption and natural catastrophes.
Apparel giant VF Corporation has disclosed in a regulatory filing that the December ransomware attack leaked the personal information of over 35 million customers.
The HPE security breach is not known to be related to the recent announcement from Microsoft that Russian hackers had penetrated the inboxes of its senior leadership. It instead appears to have a connection to a May 2023 attack that the company had previously disclosed.
The 1.2 terabyte MOAB file is broken up into over 3,800 folders, each one representing a prior data leak that saw personal information or credentials make their way to the open internet. In total there are over 26 billion records.
Microsoft has named "Midnight Blizzard," an established team of Russian state sponsored hackers also referred to as NOBELIUM and Cozy Bear, as the culprit behind a recent security breach that compromised high-level corporate email accounts.
Fidelity National Financial disclosed that hackers compromised the data of 1.3 million customers during the November 2023 cyber attack that disrupted operations for a week.
Russian-speaking cyber gang LockBit ransomware has breached Taiwanese Foxconn subsidiary Foxsemicon, defaced its website, and allegedly stole five terabytes of data.
State-sponsored hackers have exploited two Ivanti zero-days to compromise over 1,700 ICS VPN appliances, cybersecurity firm Volexity has found.
Leading data breach cross-checking service Have I Been Pwned has added about 71 million email addresses from "Naz.API," a new dataset circulating on the dark web that contains a massive collection of leaked credentials and plaintext passwords.









