Leading insurer Lloyd's of London has issued a dire warning about a potential cyber attack scenario on one of the world's major payments systems, estimating that the global cost would total about $3.5 trillion and that much of the recovery cost would not be covered by insurance policies.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
A hacker who leaked one million genetic profiles from 23andMe in early October has returned with an even larger trove, this time dumping a little over four million files and including the DNA Relatives feature that allows for connections between relations to be made.
The FBI warns that cybercriminals are targeting plastic surgery offices and stealing sensitive information, including medical records, in a multi-stage cyber extortion campaign.
The software supply chain is becoming the new battleground. Trust, once a cornerstone of open-source, is now under scrutiny. Developers need to exercise caution, vetting each package, no matter how reputable the source might seem.
Okta Support System Compromised by Cookie Hijacking, Security Breach May Have Exposed Customer Files
Attackers were able to steal a session cookie from the Okta support system and access an administrator account, possibly providing them with further access to customer environments in an early October security breach.
Taiwanese networking giant D-Link has confirmed a data breach after an employee fell victim to a phishing attack. The company said the stolen information originated from a product registration system that reached its end of life in 2015.
Joint international law enforcement effort involving about a dozen countries has taken down Ragnar Locker ransomware gang's dark web site, with an announcement that at least one arrest had been made.
Google is making passkeys the default sign-in option across its services for all users. User feedback found that at least 64% of users said passkeys were easier to use than passwords or two-factor authentication.
Updated FFIEC compliance guidelines specifically delineate APIs as a distinct attack surface, shedding light on the amplified risks they introduce. Financial institutions might be on a tighter compliance timeline than anticipated to prioritize fortifying their API security.
BianLian ransomware group disputed Air Canada's claim that data breach impacted only limited personal information of some employees and certain records. Ransomware group claims to have stolen 210 GB of technical and operational data spanning from 2008 to 2023.










