Category: Cybersecurity Insiders

A couple weeks ago, an IT outage hit Microsoft Windows 10 and 11 servers shortly after CrowdStrike released a Falcon Sensors software update. Rather than resolving, the update transformed into a software bug , affecting over 8.2 million PCs and…

Read more →

The threat actor known as USDoD, infamous for leaking sensitive information from major databases including those of Airbus, TransUnion, and the US Environmental Agency, has resurfaced in the news. On July 25, 2024, USDoD released a portion of a dataset…

Read more →

On June 3rd of this year, Synnovis, a provider of technology and pathology services, fell victim to a ransomware attack, causing significant disruptions to IT systems within Britain’s National Health Service (NHS). The British healthcare organization has issued a public…

Read more →

In an increasingly interconnected world where digital threats loom large, the integration of Defensive Artificial Intelligence (AI) emerges as a critical bulwark against cyberattacks. From sophisticated ransomware assaults on critical infrastructure to relentless phishing schemes targeting sensitive data, the need…

Read more →

APT45, a cyber threat group associated with North Korea’s Reconnaissance General Bureau, known by aliases such as Stonefly, Silent Colima, Nickey Hayatt, Andriel, and Onyx Sleet, has recently shifted its focus from cyber espionage to spreading ransomware. The group has…

Read more →

It’s deeply concerning to hear about the ransomware attack on Split Airport, affecting its operations and causing significant disruptions to flights and passenger services. Ransomware attacks targeting critical infrastructure such as transit systems can have severe consequences, not just for…

Read more →

In recent years, cybersecurity threats have often involved hackers stealing identities through various digital channels to gather sensitive information. However, a recent incident within the administrative environment of cybersecurity firm KnowBe4 has highlighted concerns about insider threats. According to a…

Read more →

A ransomware attack has crippled operations at the Superior Court of Los Angeles County, shutting down court services since last Friday morning. The incident affected all 36 courthouse locations across the county, prompting ongoing efforts to recover compromised systems. Initially,…

Read more →

Achieving cyber resilience in the digital era is crucial for businesses to safeguard their operations and data integrity. Here’s how businesses can attain cyber resilience: 1. Comprehensive Risk Assessment: Begin with a thorough assessment of potential cyber risks and vulnerabilities.…

Read more →

In June of this year, the SE#i Ransomware group, now rebranded as APT Inc, targeted VMware ESXi server environments, employing double extortion tactics to extort money from victims. Following this trend, the Play Ransomware group has also adopted similar strategies,…

Read more →

The security operations center faces significant challenges in the form of data overload and the resulting increases in ingestion costs. But companies looking to sufficiently protect their systems also face heavy pressure inside their own four walls. To overcome this…

Read more →

Service mesh is a tool for adding observability, security, and traffic management capabilities at the application layer. A service mesh is intended to help developers and site reliability engineers (SREs) with service-to-service communication within Kubernetes clusters. The challenges involved in…

Read more →

The 2024 Paris Olympic Games, set to begin later this week and extend through mid-August, are anticipated to face significant cybersecurity risks according to experts. Here are the primary concerns: 1. State-sponsored Hacking: French intelligence agency ANSSI has issued warnings…

Read more →

Indian Prime Minister Narendra Modi has offered a valuable tip to enhance cybersecurity for home PCs and laptops: consistently logging out of Microsoft Windows sessions. This advice applies universally across Windows 10 and Windows 11 operating systems. Highlighting this cybersecurity…

Read more →

The recent update to CrowdStrike Falcon sensor software has caused widespread issues, leading to the infamous BSOD “blue screen of death” on over 8.2 million Windows OS devices globally. Despite initial fears of a cyber attack, experts indicate this incident…

Read more →

In an increasingly digital world, ransomware attacks have become a prevalent threat to businesses and individuals alike. These malicious attacks involve cyber-criminals encrypting data or locking users out of their systems, demanding payment (often in cryptocurrency) to restore access. While…

Read more →

Identity security has become increasingly complex, presenting a formidable challenge for CISOs, security operations (SecOps), and identity and access management (IAM) teams worldwide. It’s not surprising then that a staggering 80% of today’s cyber attacks begin with compromised identities, making…

Read more →

Millions of PCs running Windows 10 and 11 Operating Systems have been experiencing a widespread issue identified as the Blue Screen of Death (BSOD) over the past few hours. This technical problem has resulted in significant global disruptions across various…

Read more →

Millions of PCs running Windows 10 and 11 Operating Systems have been experiencing a widespread issue identified as the Blue Screen of Death (BSOD) over the past few hours. This technical problem has resulted in significant disruptions across various sectors,…

Read more →

Data Pseudonymization and Data Anonymization are crucial techniques in data protection and privacy. They offer several benefits that are essential in today’s data-driven world. Here are the key benefits: 1. Enhanced Privacy Protection: Pseudonymization: This process replaces identifying information with…

Read more →

France Cybersecurity Agency, ANSSI, has issued a stark warning regarding the upcoming Paris Olympics 2024, cautioning that the event’s IT infrastructure will face relentless cyber attacks, potentially including sophisticated ransomware variants. ANSSI disclosed that French government security teams have been…

Read more →

Microsoft, the American technology giant, has issued a warning regarding a newly identified cybercrime group known as Octo Tempest. This group is reportedly spreading two new variants of ransomware named RansomHub and Qilin, which are causing significant cybersecurity threats. These…

Read more →

Recent cybersecurity incidents affecting auto dealerships nationwide have underscored the growing importance of strong security measures. United States government organizations have emphasized that entities handling sensitive customer financial information must establish data protection protocols. Given auto dealerships fall into this…

Read more →

Business Email Compromise (BEC) is a social engineering scam where attackers impersonate legitimate business emails to defraud employees, partners, and potentially even customers. While deceptively simple, these attacks can cause significant financial damage.  BEC scams, like most cyber-attacks, are global.…

Read more →

As the cyber workforce skills gap persists, companies that fail to upskill their IT teams with the knowledge to defend themselves in the ever-changing tech landscape are vulnerable to opportunistic attackers. In addition to prioritizing skills for emerging tech trends,…

Read more →

Recently, a notorious ransomware group previously known as SE#i Ransomware has rebranded itself as APT Inc., setting its sights on VMware ESXi servers worldwide, particularly in corporate environments. This campaign predominantly targets Linux-based systems using the Babuk Encryptor, while Windows…

Read more →

One of the most effective tools in our cybersecurity arsenal at Exabeam is the regular deployment of phishing simulations. These exercises are not just routine checks but essential components of our defense strategy, especially during significant organizational change and public…

Read more →

New independent research commissioned by Six Degrees has found that, over the last 12 months, 40% of IT decision-makers at SMEs felt rushed while undertaking public cloud migration projects.  Out of all the sectors covered in the report, those working…

Read more →

If you work in the security industry, you have likely heard about the polyfill.io incident that came into the public light a couple of weeks ago. We don’t know exactly how many websites were affected, but it seems we have…

Read more →

Phishing is an ever-growing concern in cybersecurity. It was the most common attack type in 2023, accounting for 43.3% of email-based threats – and its danger has been supercharged by the rise of generative AI. Businesses are right to be…

Read more →

In June of this year, the Kaspersky cybersecurity firm, led by Eugene Kaspersky, was banned by the Joe Biden administration, citing concerns over national security. Being of Russian origin, the company faced allegations of sharing intelligence with Kremlin entities. After…

Read more →

The Australian Signals Directorate has partnered with Amazon, the American technology giant, to establish a highly secure data center aimed at safeguarding military information from illicit access on the dark web. The project, estimated to cost over $2 billion under…

Read more →

As Paris gears up to host the 2024 Olympic Games, the city and its organizers face a monumental task not only in ensuring the safety and smooth operation of the physical events but also in safeguarding against potential cyber threats.…

Read more →

DragonForce Ransomware, like many other malicious groups, recently targeted the servers of 911 emergency services in California on June 16th of this year, an incident disclosed to the public earlier this week. According to reports from the South Bay Regional…

Read more →

A recent cybersecurity report from WithSecure ( previously known as F-Secure) highlights concerns over potential cyber-attacks targeting the upcoming Olympic Games in Paris. The report suggests that these attacks, possibly orchestrated by nation-state adversaries like Russia, could involve sophisticated tactics…

Read more →

Alphabet Inc., the parent company of Google, is set to acquire the cybersecurity startup Wiz for a substantial $23 billion in an all-cash deal expected to close by September this year. This move comes amidst heightened scrutiny by US regulators,…

Read more →

Over the past few days, AT&T, a major American telecom company, has made headlines due to a sophisticated cyber-attack that exposed the details of over 109 million mobile customers dating back to 2022. According to updates received by our Cybersecurity…

Read more →

In an increasingly interconnected world, where technology drives every facet of life, even the weather predictions we rely on may not be immune to cyber threats. The integration of advanced computer systems and data analytics has revolutionized meteorology, enabling more…

Read more →

On June 3, the public comment period closed for the U.S. Cybersecurity & Infrastructure Security Agency’s (CISA) Notice of Proposed Rule Making (Proposed Rule) under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). CISA now has until October 2025…

Read more →

The cybersecurity landscape is evolving at an unprecedented pace, driven by the rapid expansion of digital infrastructures, the adoption of cloud technologies, and the relentless advancement of threat capabilities, including new AI tools and techniques. This dynamic environment presents a…

Read more →

Cyberthreats never stay the same. Just as fast as cybersecurity providers shut down an attack vector or develop a fix for a particular form of attack, cybercriminals develop new exploits and tactics to burrow their way in. One major newer…

Read more →

mSpy, a popular cell phone tracking software utilized by millions, has recently made headlines due to a significant cyber attack that has compromised the data of countless customers. As reported by Cybersecurity Insiders, hackers successfully breached the Zendesk-powered customer support…

Read more →

APIs are at the core of modern technology stacks, and power organizations’ digital operations. Facilitating seamless connections between customers and vital data and services, it is no surprise that API usage has, and continues to, accelerate. Given the amount of…

Read more →

Sizable fines imposed for data breaches in recent years indicate that regulators are increasingly determined to crack down on organizations that fail to adequately protect consumer data. Meta, for example, was fined a record $1.3 billion in 2023 for violating…

Read more →

The face of cyber threats has transformed dramatically over the decades. At first, they emerged as hacks, viruses and denial of service attacks, often hatched by young computer whiz kids chasing thrills and bragging rights. Then, criminal organizations leveraged increasingly…

Read more →

The evolving technological landscape has been transformative across most industries, but it’s arguably in the world of finance where the largest strides have been taken. Digital calculators and qualifier tools have made it quick and easy for customers to apply…

Read more →

In today’s digital landscape, organizations face a myriad of security threats that evolve constantly. Among these threats, human risk remains one of the most significant and challenging to mitigate. Human Risk Management (HRM) is the next step for mature Security…

Read more →

As the internet becomes increasingly integral to daily life, it simultaneously exposes individuals to heightened risks of exploitation by hackers. While digital connectivity facilitates essential communications with loved ones, it also exposes users to potential cyber threats such as cyberstalking.…

Read more →

Artificial Intelligence (AI) has revolutionized numerous fields, including cybersecurity. However, its application in cyber-crime represents a dual-edge sword, offering both innovative tools for attackers and advanced defenses for cybersecurity professionals. AI-based cyber-crime refers to the utilization of artificial intelligence techniques…

Read more →

The Chief Executive of the National Cyber Security Centre (NCSC), Professor Ciaran Martin, has highlighted concerns regarding the outdated software and hardware in NHS IT systems. He attributes recent ransomware attacks on the NHS to vulnerabilities in these systems. Notably,…

Read more →

Apple Inc. has issued a global warning to its iPhone users regarding a significant cybersecurity threat known as the Mercenary Spyware Attack. The alert highlights the potential vulnerability of iPhone users to sophisticated espionage-related spyware, reminiscent of the Pegasus surveillance…

Read more →

Information security policies are a table-stakes requirement for any significantly sized organization today but too often they are a mess composed of checkbox lists describing off-the-peg policies. CISOs now recognize the importance of a security policy document not just as…

Read more →

The history of artificial intelligence (AI) is a fascinating journey of innovation and discovery that spans decades. From the early days of simple machine learning algorithms to today’s advanced neural networks, AI has become an integral part of our daily…

Read more →

Recent developments in the world of cybersecurity highlight significant incidents involving ransomware attacks across various sectors. One notable event involves Avast, a prominent antivirus software provider, stepping forward to offer free decryption keys to victims of the DoNex ransomware. Collaborating…

Read more →

Microsoft, the American technology giant, has issued an email request to all its employees in China to stop using Android phones for office communication and switch to iPhones loaded with genuine iOS. This initiative is believed to be part of…

Read more →

In today’s interconnected digital landscape, the threat posed by botnets continues to evolve, presenting significant challenges to corporate cybersecurity. Botnets, networks of compromised devices controlled by malicious actors, can be utilized for various malicious activities, including distributed denial-of-service (DDoS) attacks,…

Read more →

CISA’s recent guidance to shift from VPNs to SSE and SASE products strengthens data protections, but misses an opportunity to champion more robust, hardware-enforced, security controls to harden access points like web browsers. Acting in the wake of several major…

Read more →

Since the SEC’s updated Cybersecurity Disclosure rulings came into force in December, unsuspecting CISOs have seen a sudden shift in the pressures they are under. Not only are they under the burden of additional cybersecurity reporting, but sharing reports that…

Read more →

The human element is one of the biggest reasons why data breaches have risen in recent years. And even though most organizations have some level of security awareness training already in place, employees continue to fall prey to phishing attacks…

Read more →

In recent years, the landscape of remote work and cybersecurity has undergone significant changes, driving organizations to reevaluate their reliance on traditional Virtual Private Networks (VPNs). The 2024 VPN Risk Report, compiled by Cybersecurity Insiders in collaboration with HPE Aruba…

Read more →

The National Security Agency (NSA) of the United States, responsible for overseeing national security and defense matters, has recently made headlines due to a reported cyber attack resulting in a significant data breach. Approximately 1.4GB of data, including classified information…

Read more →

Configuration drift happens when the configurations of storage & backup systems and software deviate from a baseline or standard configuration over time. When this happens, it can inadvertently introduce vulnerabilities into the systems, paving the way for breaches.  Changes to…

Read more →

Symantec, a cybersecurity firm based in California, has issued a warning to all 1.5 billion Apple device users regarding a potential cyber-attack targeting their Apple IDs. Researchers have discovered that threat actors can send deceptive messages to users, luring them…

Read more →

Researchers from a security firm( name withheld) have uncovered a significant data breach involving Twitter user data, revealing a leaked dataset of approximately 9.86GB. This trove includes over 200 million user records linked to account profiles, names, email addresses, and…

Read more →

The 2024 Summer Olympic Games, also referred to as XXXIII Olympiad, are set to take place from July 26th to August 11th this year. However, amidst the excitement, there is a growing concern regarding cyber threats targeting attendees and team…

Read more →

Mobile Security is increasingly crucial in today’s digital landscape, where smartphones are integral to both personal and professional lives. Samsung Knox offered exclusively to Galaxy phone users stands out as a robust security platform designed to protect devices against a…

Read more →

Airtel, also known as Bharti Airtel, has denied reports of a data breach following speculation from various media outlets. The telecom giant stated that preliminary investigations have shown claims made by certain threat actors to be unfounded and baseless. Earlier,…

Read more →

Users of Twilio, the cloud-based communication service provider, are being alerted to a security breach affecting Authy, its platform for multi-factor authentication. It has been reported that a threat actor successfully accessed Authy’s end servers, potentially compromising user phone number…

Read more →

Software as a Service (SaaS) has revolutionized how businesses operate by offering convenient, scalable, and cost-effective solutions for various operational needs. However, the widespread adoption of SaaS also brings significant challenges and risks, particularly concerning data security. 1. Data Breaches…

Read more →

As cloud adoption continues to surge, so do concerns about data security. These concerns are amplified for businesses adopting hybrid cloud models, where sophisticated AI cyber attacks are increasingly targeting cloud service providers. To address these challenges, IBM and Microsoft…

Read more →

As the world eagerly anticipates the Paris 2024 Olympic Games, a less visible but equally crucial competition is underway: the race to protect the vast amounts of sensitive information collected during this global spectacle. With an estimated 3 million spectators…

Read more →

FireTail announces a free version of its enterprise-level API security tools, making them accessible to developers and organizations of all sizes. FireTail’s unique combination of open-source code libraries, inline API call evaluation, security posture management, and centralized audit trails helps…

Read more →

Recent cyber attacks involving ransomware have garnered significant attention in recent days, with two notable incidents making headlines: Patelco Credit Union, a prominent non-profit organization in the San Francisco Bay Area, confirmed it fell victim to a ransomware attack affecting…

Read more →

Last year was a brutal year in the cybersecurity field. Technologies like generative AI introduced new attack vectors to already outsized attack surfaces, and security teams were overwhelmed with sheer amounts of data while dealing with outdated legacy systems. Top…

Read more →

With data breaches making the headlines more often, companies are well aware that keeping data safe and meeting compliance standards like SOC 2 is more important than ever. But navigating the complexities of SOC 2 compliance can be overwhelming. That’s…

Read more →

According to the Office of the Comptroller of the Currency, “Financial crime threatens the safety and soundness of financial systems worldwide. In some cases, these crimes threaten the security and safety of the nation. These crimes range from fairly simple…

Read more →

In a disturbing evolution of ransomware tactics, a new group known as Volcano Demon has emerged, diverging from the usual approach of encrypting databases for ransom. Unlike traditional ransomware operations, Volcano Demon threatens victims directly via phone calls, promising to…

Read more →

UK-based law firm Barings has brought to light a concerning incident involving alleged cyber espionage targeting British armed personnel. According to Barings Law, state-funded actors from China infiltrated systems and illicitly obtained names and banking details of more than 5,000…

Read more →

In today’s interconnected digital landscape, ransomware has emerged as one of the most pervasive and damaging cyber threats. These malicious attacks target organizations of all sizes, encrypting critical data and demanding hefty ransom payments in exchange for decryption keys. As…

Read more →

The FBI has issued a Private Industry Notification (PIN) warning of vulnerabilities in the US Renewable Energy Sector to cyber-attacks. These attacks, aimed at stealing intellectual property, disrupting operations, ransomware extortion, or gaining political advantage, pose significant risks. Specifically, the…

Read more →

Australia’s leading financial institutions are bracing for what could be the most significant cyber attack in the history of the banking sector, with warnings issued by the top four banks. Over the past three years, these institutions have faced relentless…

Read more →

HubSpot, a prominent American CRM and marketing software company, has initiated an investigation following a cyber attack that potentially compromised data from a limited number of customer accounts. The incident, which occurred on June 22, prompted immediate action from the…

Read more →

Protecting data both at rest and in transit is crucial for maintaining the confidentiality, integrity, and availability of sensitive information. Here’s a comprehensive guide on how to safeguard data in these two states: Protecting Data at Rest Data at rest…

Read more →

Businesses are increasingly recognizing the critical need to enhance their cybersecurity defenses amid today’s evolving cyber landscape. Consequently, they are strategically investing in fortifying their existing infrastructure. This proactive approach has led to a notable decline in the demand for…

Read more →

In 2024, we’ve seen several high-profile data breaches that have caused tangible and widespread damage to companies and their customers. One of the hardest-hit industries also includes one of our most critical: healthcare. The UnitedHealth data breach has had ripple…

Read more →

Asymmetric and symmetric encryptions are the modes of encryption typically used in cryptography. There is a single key involved with symmetric encryption used both for encryption and decryption. The key needs to be shared among the parties who are involved…

Read more →

The financial services industry has been at the forefront of the digital transformation age for some time. Agility and convenience are mandatory in this sector, and customers have expected reliable access to financial services at a moment’s notice. Everything from…

Read more →

TeamViewer, a remote monitoring and management tool based in Germany, has reported a security breach within its internal corporate IT environment. The incident occurred on June 26, 2024, prompting immediate remedial actions to prevent any potential data compromise. The company,…

Read more →

Recently, commuters in California, Paris, Singapore, Queensland, and London have been encountering Apple Inc.’s Safari Browser ads on billboards and public buildings. These ads cleverly promote Safari as the browser of choice for iPhone users while taking a swipe at…

Read more →

In recent years, the threat posed by state-sponsored ransomware actors has become increasingly pronounced, with malicious cyber activities orchestrated by governments or their proxies posing significant risks to global cybersecurity. As these actors continue to exploit vulnerabilities in critical infrastructure…

Read more →

Evolve Bank, based in Arkansas, is currently investigating a potential cyber-attack on the servers of the Federal Reserve System, which may have exposed customer data. Reports indicate that a collection of records has surfaced on the dark web, linked to…

Read more →

Woven into the fabric of everyday life, the Internet of Things (IoT) is ever-expanding, from smart home devices to industrial sensors. But an ecosystem on the edge of innovation comes hand-in-hand with a growing attack surface, creating a permeable landscape…

Read more →

Addressing the Current Cybersecurity Climate and Disaster Recovery Shortfalls In the current digital era, characterized by increasingly complex and sophisticated cyber threats, the role of IT security leaders in safeguarding organizational assets has never been more challenging. The inadequacy of…

Read more →

It’s no secret that the Olympics is one of the most highly attended events in the world. This year, it is expected that the Olympics will bring over 15 million visitors to Paris. With such a heavy influx of people,…

Read more →

Partnership with BCR Cyber Will Provide Jobs and Access to Advanced Experiential Training at Maryland Community Colleges Baltimore, MD (6/25/24) – The Maryland Association of Community Colleges (MACC), in partnership with Baltimore Cyber Range dba BCR Cyber, has been awarded…

Read more →

The 2024 Paris Olympics is set to begin on July 26, global adversaries are paying close attention and such a high-profile event serves as an opportunity for bad actors to cash in on vulnerable organizations and users with poor cyber…

Read more →

According to a joint investigation by security analysts from SentinelOne and Recorded Future, a significant ransomware campaign targeted government and critical infrastructure between 2021 and 2023, with new details now coming to light. The attacks occurred in two distinct clusters.…

Read more →

Security researchers face significant challenges when hunting for vulnerabilities in Large Language Models (LLMs). However, Google’s Naptime Framework provides a breakthrough in AI-driven vulnerability research, automating variant analysis. Named for its concept of allowing researchers to “take a nap” amidst…

Read more →

With the rise of digital transformation and widespread adoption of cloud-based solutions, organizations are increasingly turning to these platforms to meet their evolving needs. However, the surge in data breaches within cloud data centers has sparked significant concern among security…

Read more →

Safeguarding oneself from sectortion attacks online is crucial in today’s digital age where cyber threats continue to evolve. Se*tortion, a form of blackmail where perpetrators threaten to release intimate images or videos unless demands are met, can have devastating consequences…

Read more →