Real estate professionals lost access to property data and resorted to manual systems after a Californian multiple listing service (MLS) Rapattoni Corporation suffered a cyber attack.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
This appears to be the first time that the SEC has sent a Wells Notice to a CISO. While novel, this Wells Notice furthers the SEC’s recent enforcement and rulemaking focus on meaningful and timely cybersecurity-related disclosures, as well as holding individual liable for their roles in company violations.
Data leak occurred when a sensitive document was mistakenly shared in connection to a freedom of information request, and takes place amidst a backdrop of increased tensions and fears of terrorism that have been growing since early 2023.
The US Cyber Safety Review Board (CSRB) has published a comprehensive analysis of the Lapsus$ hacker group’s cyber extortion activities. The report highlighted simple but effective tactics the Lapsus$ hackers used to compromise organizations and the existing security gaps enabling them.
The true essence of Zero Trust lies in embracing a process-centric approach rather than relying solely on products. CISA has established a set of maturity pillars that guide organizations in their journey toward zero trust. Understanding these pillars is essential for CISOs and CPOs looking to build a robust security framework.
Threat actors accessed personal and protected health information from the Colorado Department of Health Care after third-party vendor IBM suffered a MOVEit data breach.
Though Microsoft is hardly alone in terms of cloud services experiencing serious security breaches, a string of Redmond mishaps appears to have prompted new security reviews by the Cyber Safety Review Board (CSRB).
Security researchers have discovered an EvilProxy phishing campaign targeting 120,000 Microsoft 365 users with a focus on business executives with access to financial assets or sensitive information.
Some ecommerce sites may be unwittingly placing customer data at risk of exposure through forms that unintentionally collect PII without user consent. Here’s what retail security teams need to know about “leaky forms” and how to implement security policies that can protect customer data from this hazard.
One of the most significant barriers for cybercriminals when trying to compromise a user account is Multi-Factor Authentication (MFA). But what happens when users are overrun by notifications? Enter MFA bombing attacks to exploit MFA fatigue.










