Category: Cybersecurity Insiders

While athletes, visitors, and referees at the Paris 2024 Olympics have been voicing concerns about the event’s organization, a new issue has surfaced: a cyberattack on one of the venues. Reports circulating on X and Facebook suggest that the Grand…

Read more →

Volexity, a cutting-edge cybersecurity firm based in Virginia, has uncovered a Chinese hacking group known as StormBamboo, which is injecting malware into software updates distributed through an Internet Service Provider (ISP). The name of the ISP has been kept confidential.…

Read more →

According to a study made by Palo Alto Networks cyber threat arm ‘Unit 42’, a threat actor named APT28 aka BlueDelta or Fancy Bear, supposedly belonging to Russian Intelligence is seen luring diplomats with a car sales phishing link that…

Read more →

In today’s rapidly evolving tech landscape, containers have become a cornerstone of modern software development and deployment. Their efficiency, scalability, and flexibility offer significant advantages. However, with these benefits come new security challenges, particularly in safeguarding data within containerized environments.…

Read more →

Amid rising breaches including Snowflake, the platform helps security teams proactively detect and respond to identity-centric threats in business-critical SaaS applications Adaptive Shield, a leader in SaaS Security, today announced its breakthrough Identity Threat Detection & Response (ITDR) platform for…

Read more →

Customers increasingly rely on trusted vendors to protect their sensitive data, systems, and operations from sophisticated cyber threats in today’s dynamic threat landscape. Threats, ranging from ransomware to business email compromise (BEC), are constantly evolving. This demands a continuous, robust…

Read more →

In recent reports, our Cybersecurity Insiders have detailed how hackers have been generating revenue through cyberattacks such as ransomware. However, a new report reveals that ransom payments to those deploying file-encrypting malware surged to an eye-watering $500 million in 2023.…

Read more →

A recent study revealed that employees typically download around 30GB of data monthly from SaaS applications to their devices, including mobile phones, laptops, and desktops. This high volume illustrates the large amounts of unsecured data flowing across networks and devices,…

Read more →

For those contemplating launching cyber attacks on their customers, partners, or competitors, the dark web now offers botnets for as little as $99. This article aims to shed light on these alarming developments in the cybercrime world, without endorsing illegal…

Read more →

As artificial intelligence (AI) continues to advance, its impact on cybersecurity becomes increasingly profound. AI-generated cyber attacks are evolving rapidly, posing significant threats to organizations across various sectors. To effectively combat these sophisticated threats, a substantial increase in cybersecurity budgets…

Read more →

According to the United Nations, the world witnessed a significant rise in violent conflicts in 2023 that reached unprecedented levels not seen since World War II. This trend will likely continue into 2024 as technology will enable nation state-level cyber…

Read more →

Progress, a company known for their expertise in infrastructure management software, recently introduced a new tool called Progress® Chef® Courier™. This tool is a component of the latest cloud-native platform, Progress® Chef 360™, designed to simplify the management of intricate…

Read more →

A ransomware attack allegedly carried out by the RansomEXX Group has reportedly affected the IT services of over 300 small banks in India, disrupting digital transactions such as RTGS and NTFS for the past three days. The breach targeted C-Edge…

Read more →

A new type of malware, known as SMS Stealer, is making waves in the cybersecurity world. Designed to harvest one-time passwords (OTPs) and other sensitive information, this malware has already targeted over 600 global brands, according to experts from Zimperium.…

Read more →

All these days we have seen hackers targeting Windows and Linux machines. But now they seem to be after the encryption of mass virtual machines by exploiting a vulnerability in VMware ESXi software. Hackers are now exploiting this flaw to…

Read more →

In the escalating world of cybercrime, ransomware attacks have become a pervasive threat, affecting businesses of all sizes and industries. When faced with a ransomware attack, organizations are often confronted with a critical decision: to pay the ransom or not.…

Read more →

Microsoft has issued a statement apologizing for a recent IT outage, which they attribute to a DDoS (Distributed Denial of Service) cyber attack on the infrastructure managed by Microsoft Azure Cloud. Under the leadership of Satya Nadella, and amid a…

Read more →

While athletes worldwide descended on Paris for the 2024 Olympics, so did cyber threats. Franz Regul, Head of IT Security for Paris 2024, predicts at least eight to 12 times the number of attacks launched against the Tokyo Games in…

Read more →

Service Helps Organizations Better Prepare and Respond to Cyber Attacks Proficio®, a leading Managed Detection and Response (MDR) provider, today announced the roll out of its ProBAS Breach and Attack Simulation service. By rigorously testing an organization’s security defenses, ProBAS…

Read more →

The appetite for food delivery apps has grown exponentially—more than 2.85 billion people used them globally last year. In the United States alone, the $350 billion industry expanded by roughly 50% during the pandemic.  With rising popularity has come rising…

Read more →

Students Provided Training Opportunities and Help Meet Maryland’s Cybersecurity Talent Gap Allegany College of Maryland, Garrett College, and Hagerstown Community College have received a $617,400 grant from the Senator George C. Edwards Fund toward a $686,000 project to implement two…

Read more →

Global cybercrime costs are projected to soar from $9.22 trillion in 2024 to $13.82 trillion by 2028.1 In the United States alone, these costs are forecasted to exceed $452 billion in 2024.2 Alarmingly, in 2023, three in four companies in…

Read more →

The Australian government has long advised ransomware victims against paying ransoms, arguing that doing so does not guarantee receiving a decryption key and only encourages further criminal activity. However, recognizing that ransom payments might be unavoidable in some situations, Canberra…

Read more →

Crowdstrike have now published their preliminary post incident report (PIR) into the issue that brought 8.5m Windows hosts, and a lot of the world, to a halt. Their preliminary report is available in full on the CrowdStrike website (here: https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/)…

Read more →

Salvador Technologies has disclosed that the company is experiencing demand for its cyber-attack recovery platform from organizations in the maritime sector and shipping industry.  The company reports that an increasing number of port authorities, terminal operators and shipping companies are…

Read more →

X, the social media platform formerly known as Twitter, is introducing a new feature that allows users to opt out of its AI training program involving Grok. Grok is an AI assistant developed by xAI, a company owned by Elon…

Read more →

A recent study by ExtraHop reveals that ransomware attacks on the Paris 2024 Olympics are almost unavoidable. Over the past year, the IT infrastructure supporting the games has been a frequent target, with some incidents resulting in ransom payments totaling…

Read more →

On June 23, 2024, the LockBit cybercriminal group that offers ransomware as a service (RaaS) announced that it had infiltrated the systems of the Federal Reserve, compromising thirty-three terabytes of sensitive banking information. The notorious ransomware group gave the Federal…

Read more →

The primary cause of the majority of data breaches today is human error. Verizon’s 2024 Data Breach Investigations Report (DBIR) found that 68% of all breaches involved a non-malicious human element in 2023. This data highlights the critical need for…

Read more →

In the world of cybersecurity, software updates are a double-edged sword. On one hand, they are crucial for patching vulnerabilities, enhancing features, and improving overall system performance. On the other hand, if not managed properly, software updates can inadvertently create…

Read more →

A couple weeks ago, an IT outage hit Microsoft Windows 10 and 11 servers shortly after CrowdStrike released a Falcon Sensors software update. Rather than resolving, the update transformed into a software bug , affecting over 8.2 million PCs and…

Read more →

The threat actor known as USDoD, infamous for leaking sensitive information from major databases including those of Airbus, TransUnion, and the US Environmental Agency, has resurfaced in the news. On July 25, 2024, USDoD released a portion of a dataset…

Read more →

On June 3rd of this year, Synnovis, a provider of technology and pathology services, fell victim to a ransomware attack, causing significant disruptions to IT systems within Britain’s National Health Service (NHS). The British healthcare organization has issued a public…

Read more →

In an increasingly interconnected world where digital threats loom large, the integration of Defensive Artificial Intelligence (AI) emerges as a critical bulwark against cyberattacks. From sophisticated ransomware assaults on critical infrastructure to relentless phishing schemes targeting sensitive data, the need…

Read more →

APT45, a cyber threat group associated with North Korea’s Reconnaissance General Bureau, known by aliases such as Stonefly, Silent Colima, Nickey Hayatt, Andriel, and Onyx Sleet, has recently shifted its focus from cyber espionage to spreading ransomware. The group has…

Read more →

It’s deeply concerning to hear about the ransomware attack on Split Airport, affecting its operations and causing significant disruptions to flights and passenger services. Ransomware attacks targeting critical infrastructure such as transit systems can have severe consequences, not just for…

Read more →

In recent years, cybersecurity threats have often involved hackers stealing identities through various digital channels to gather sensitive information. However, a recent incident within the administrative environment of cybersecurity firm KnowBe4 has highlighted concerns about insider threats. According to a…

Read more →

A ransomware attack has crippled operations at the Superior Court of Los Angeles County, shutting down court services since last Friday morning. The incident affected all 36 courthouse locations across the county, prompting ongoing efforts to recover compromised systems. Initially,…

Read more →

Achieving cyber resilience in the digital era is crucial for businesses to safeguard their operations and data integrity. Here’s how businesses can attain cyber resilience: 1. Comprehensive Risk Assessment: Begin with a thorough assessment of potential cyber risks and vulnerabilities.…

Read more →

In June of this year, the SE#i Ransomware group, now rebranded as APT Inc, targeted VMware ESXi server environments, employing double extortion tactics to extort money from victims. Following this trend, the Play Ransomware group has also adopted similar strategies,…

Read more →

The security operations center faces significant challenges in the form of data overload and the resulting increases in ingestion costs. But companies looking to sufficiently protect their systems also face heavy pressure inside their own four walls. To overcome this…

Read more →

Service mesh is a tool for adding observability, security, and traffic management capabilities at the application layer. A service mesh is intended to help developers and site reliability engineers (SREs) with service-to-service communication within Kubernetes clusters. The challenges involved in…

Read more →

The 2024 Paris Olympic Games, set to begin later this week and extend through mid-August, are anticipated to face significant cybersecurity risks according to experts. Here are the primary concerns: 1. State-sponsored Hacking: French intelligence agency ANSSI has issued warnings…

Read more →

Indian Prime Minister Narendra Modi has offered a valuable tip to enhance cybersecurity for home PCs and laptops: consistently logging out of Microsoft Windows sessions. This advice applies universally across Windows 10 and Windows 11 operating systems. Highlighting this cybersecurity…

Read more →

The recent update to CrowdStrike Falcon sensor software has caused widespread issues, leading to the infamous BSOD “blue screen of death” on over 8.2 million Windows OS devices globally. Despite initial fears of a cyber attack, experts indicate this incident…

Read more →

In an increasingly digital world, ransomware attacks have become a prevalent threat to businesses and individuals alike. These malicious attacks involve cyber-criminals encrypting data or locking users out of their systems, demanding payment (often in cryptocurrency) to restore access. While…

Read more →

Identity security has become increasingly complex, presenting a formidable challenge for CISOs, security operations (SecOps), and identity and access management (IAM) teams worldwide. It’s not surprising then that a staggering 80% of today’s cyber attacks begin with compromised identities, making…

Read more →

Millions of PCs running Windows 10 and 11 Operating Systems have been experiencing a widespread issue identified as the Blue Screen of Death (BSOD) over the past few hours. This technical problem has resulted in significant global disruptions across various…

Read more →

Millions of PCs running Windows 10 and 11 Operating Systems have been experiencing a widespread issue identified as the Blue Screen of Death (BSOD) over the past few hours. This technical problem has resulted in significant disruptions across various sectors,…

Read more →

Data Pseudonymization and Data Anonymization are crucial techniques in data protection and privacy. They offer several benefits that are essential in today’s data-driven world. Here are the key benefits: 1. Enhanced Privacy Protection: Pseudonymization: This process replaces identifying information with…

Read more →

France Cybersecurity Agency, ANSSI, has issued a stark warning regarding the upcoming Paris Olympics 2024, cautioning that the event’s IT infrastructure will face relentless cyber attacks, potentially including sophisticated ransomware variants. ANSSI disclosed that French government security teams have been…

Read more →

Microsoft, the American technology giant, has issued a warning regarding a newly identified cybercrime group known as Octo Tempest. This group is reportedly spreading two new variants of ransomware named RansomHub and Qilin, which are causing significant cybersecurity threats. These…

Read more →

Recent cybersecurity incidents affecting auto dealerships nationwide have underscored the growing importance of strong security measures. United States government organizations have emphasized that entities handling sensitive customer financial information must establish data protection protocols. Given auto dealerships fall into this…

Read more →

Business Email Compromise (BEC) is a social engineering scam where attackers impersonate legitimate business emails to defraud employees, partners, and potentially even customers. While deceptively simple, these attacks can cause significant financial damage.  BEC scams, like most cyber-attacks, are global.…

Read more →

As the cyber workforce skills gap persists, companies that fail to upskill their IT teams with the knowledge to defend themselves in the ever-changing tech landscape are vulnerable to opportunistic attackers. In addition to prioritizing skills for emerging tech trends,…

Read more →

Recently, a notorious ransomware group previously known as SE#i Ransomware has rebranded itself as APT Inc., setting its sights on VMware ESXi servers worldwide, particularly in corporate environments. This campaign predominantly targets Linux-based systems using the Babuk Encryptor, while Windows…

Read more →

One of the most effective tools in our cybersecurity arsenal at Exabeam is the regular deployment of phishing simulations. These exercises are not just routine checks but essential components of our defense strategy, especially during significant organizational change and public…

Read more →

New independent research commissioned by Six Degrees has found that, over the last 12 months, 40% of IT decision-makers at SMEs felt rushed while undertaking public cloud migration projects.  Out of all the sectors covered in the report, those working…

Read more →

If you work in the security industry, you have likely heard about the polyfill.io incident that came into the public light a couple of weeks ago. We don’t know exactly how many websites were affected, but it seems we have…

Read more →

Phishing is an ever-growing concern in cybersecurity. It was the most common attack type in 2023, accounting for 43.3% of email-based threats – and its danger has been supercharged by the rise of generative AI. Businesses are right to be…

Read more →

In June of this year, the Kaspersky cybersecurity firm, led by Eugene Kaspersky, was banned by the Joe Biden administration, citing concerns over national security. Being of Russian origin, the company faced allegations of sharing intelligence with Kremlin entities. After…

Read more →

The Australian Signals Directorate has partnered with Amazon, the American technology giant, to establish a highly secure data center aimed at safeguarding military information from illicit access on the dark web. The project, estimated to cost over $2 billion under…

Read more →

As Paris gears up to host the 2024 Olympic Games, the city and its organizers face a monumental task not only in ensuring the safety and smooth operation of the physical events but also in safeguarding against potential cyber threats.…

Read more →

DragonForce Ransomware, like many other malicious groups, recently targeted the servers of 911 emergency services in California on June 16th of this year, an incident disclosed to the public earlier this week. According to reports from the South Bay Regional…

Read more →

A recent cybersecurity report from WithSecure ( previously known as F-Secure) highlights concerns over potential cyber-attacks targeting the upcoming Olympic Games in Paris. The report suggests that these attacks, possibly orchestrated by nation-state adversaries like Russia, could involve sophisticated tactics…

Read more →

Alphabet Inc., the parent company of Google, is set to acquire the cybersecurity startup Wiz for a substantial $23 billion in an all-cash deal expected to close by September this year. This move comes amidst heightened scrutiny by US regulators,…

Read more →

Over the past few days, AT&T, a major American telecom company, has made headlines due to a sophisticated cyber-attack that exposed the details of over 109 million mobile customers dating back to 2022. According to updates received by our Cybersecurity…

Read more →

In an increasingly interconnected world, where technology drives every facet of life, even the weather predictions we rely on may not be immune to cyber threats. The integration of advanced computer systems and data analytics has revolutionized meteorology, enabling more…

Read more →

On June 3, the public comment period closed for the U.S. Cybersecurity & Infrastructure Security Agency’s (CISA) Notice of Proposed Rule Making (Proposed Rule) under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). CISA now has until October 2025…

Read more →

The cybersecurity landscape is evolving at an unprecedented pace, driven by the rapid expansion of digital infrastructures, the adoption of cloud technologies, and the relentless advancement of threat capabilities, including new AI tools and techniques. This dynamic environment presents a…

Read more →

Cyberthreats never stay the same. Just as fast as cybersecurity providers shut down an attack vector or develop a fix for a particular form of attack, cybercriminals develop new exploits and tactics to burrow their way in. One major newer…

Read more →

mSpy, a popular cell phone tracking software utilized by millions, has recently made headlines due to a significant cyber attack that has compromised the data of countless customers. As reported by Cybersecurity Insiders, hackers successfully breached the Zendesk-powered customer support…

Read more →

APIs are at the core of modern technology stacks, and power organizations’ digital operations. Facilitating seamless connections between customers and vital data and services, it is no surprise that API usage has, and continues to, accelerate. Given the amount of…

Read more →

Sizable fines imposed for data breaches in recent years indicate that regulators are increasingly determined to crack down on organizations that fail to adequately protect consumer data. Meta, for example, was fined a record $1.3 billion in 2023 for violating…

Read more →

The face of cyber threats has transformed dramatically over the decades. At first, they emerged as hacks, viruses and denial of service attacks, often hatched by young computer whiz kids chasing thrills and bragging rights. Then, criminal organizations leveraged increasingly…

Read more →

The evolving technological landscape has been transformative across most industries, but it’s arguably in the world of finance where the largest strides have been taken. Digital calculators and qualifier tools have made it quick and easy for customers to apply…

Read more →

In today’s digital landscape, organizations face a myriad of security threats that evolve constantly. Among these threats, human risk remains one of the most significant and challenging to mitigate. Human Risk Management (HRM) is the next step for mature Security…

Read more →

As the internet becomes increasingly integral to daily life, it simultaneously exposes individuals to heightened risks of exploitation by hackers. While digital connectivity facilitates essential communications with loved ones, it also exposes users to potential cyber threats such as cyberstalking.…

Read more →

Artificial Intelligence (AI) has revolutionized numerous fields, including cybersecurity. However, its application in cyber-crime represents a dual-edge sword, offering both innovative tools for attackers and advanced defenses for cybersecurity professionals. AI-based cyber-crime refers to the utilization of artificial intelligence techniques…

Read more →

The Chief Executive of the National Cyber Security Centre (NCSC), Professor Ciaran Martin, has highlighted concerns regarding the outdated software and hardware in NHS IT systems. He attributes recent ransomware attacks on the NHS to vulnerabilities in these systems. Notably,…

Read more →

Apple Inc. has issued a global warning to its iPhone users regarding a significant cybersecurity threat known as the Mercenary Spyware Attack. The alert highlights the potential vulnerability of iPhone users to sophisticated espionage-related spyware, reminiscent of the Pegasus surveillance…

Read more →

Information security policies are a table-stakes requirement for any significantly sized organization today but too often they are a mess composed of checkbox lists describing off-the-peg policies. CISOs now recognize the importance of a security policy document not just as…

Read more →

The history of artificial intelligence (AI) is a fascinating journey of innovation and discovery that spans decades. From the early days of simple machine learning algorithms to today’s advanced neural networks, AI has become an integral part of our daily…

Read more →

Recent developments in the world of cybersecurity highlight significant incidents involving ransomware attacks across various sectors. One notable event involves Avast, a prominent antivirus software provider, stepping forward to offer free decryption keys to victims of the DoNex ransomware. Collaborating…

Read more →

Microsoft, the American technology giant, has issued an email request to all its employees in China to stop using Android phones for office communication and switch to iPhones loaded with genuine iOS. This initiative is believed to be part of…

Read more →

In today’s interconnected digital landscape, the threat posed by botnets continues to evolve, presenting significant challenges to corporate cybersecurity. Botnets, networks of compromised devices controlled by malicious actors, can be utilized for various malicious activities, including distributed denial-of-service (DDoS) attacks,…

Read more →

CISA’s recent guidance to shift from VPNs to SSE and SASE products strengthens data protections, but misses an opportunity to champion more robust, hardware-enforced, security controls to harden access points like web browsers. Acting in the wake of several major…

Read more →

Since the SEC’s updated Cybersecurity Disclosure rulings came into force in December, unsuspecting CISOs have seen a sudden shift in the pressures they are under. Not only are they under the burden of additional cybersecurity reporting, but sharing reports that…

Read more →

The human element is one of the biggest reasons why data breaches have risen in recent years. And even though most organizations have some level of security awareness training already in place, employees continue to fall prey to phishing attacks…

Read more →

In recent years, the landscape of remote work and cybersecurity has undergone significant changes, driving organizations to reevaluate their reliance on traditional Virtual Private Networks (VPNs). The 2024 VPN Risk Report, compiled by Cybersecurity Insiders in collaboration with HPE Aruba…

Read more →

The National Security Agency (NSA) of the United States, responsible for overseeing national security and defense matters, has recently made headlines due to a reported cyber attack resulting in a significant data breach. Approximately 1.4GB of data, including classified information…

Read more →

Configuration drift happens when the configurations of storage & backup systems and software deviate from a baseline or standard configuration over time. When this happens, it can inadvertently introduce vulnerabilities into the systems, paving the way for breaches.  Changes to…

Read more →

Symantec, a cybersecurity firm based in California, has issued a warning to all 1.5 billion Apple device users regarding a potential cyber-attack targeting their Apple IDs. Researchers have discovered that threat actors can send deceptive messages to users, luring them…

Read more →

Researchers from a security firm( name withheld) have uncovered a significant data breach involving Twitter user data, revealing a leaked dataset of approximately 9.86GB. This trove includes over 200 million user records linked to account profiles, names, email addresses, and…

Read more →

The 2024 Summer Olympic Games, also referred to as XXXIII Olympiad, are set to take place from July 26th to August 11th this year. However, amidst the excitement, there is a growing concern regarding cyber threats targeting attendees and team…

Read more →

Mobile Security is increasingly crucial in today’s digital landscape, where smartphones are integral to both personal and professional lives. Samsung Knox offered exclusively to Galaxy phone users stands out as a robust security platform designed to protect devices against a…

Read more →

Airtel, also known as Bharti Airtel, has denied reports of a data breach following speculation from various media outlets. The telecom giant stated that preliminary investigations have shown claims made by certain threat actors to be unfounded and baseless. Earlier,…

Read more →

Users of Twilio, the cloud-based communication service provider, are being alerted to a security breach affecting Authy, its platform for multi-factor authentication. It has been reported that a threat actor successfully accessed Authy’s end servers, potentially compromising user phone number…

Read more →

Software as a Service (SaaS) has revolutionized how businesses operate by offering convenient, scalable, and cost-effective solutions for various operational needs. However, the widespread adoption of SaaS also brings significant challenges and risks, particularly concerning data security. 1. Data Breaches…

Read more →

As cloud adoption continues to surge, so do concerns about data security. These concerns are amplified for businesses adopting hybrid cloud models, where sophisticated AI cyber attacks are increasingly targeting cloud service providers. To address these challenges, IBM and Microsoft…

Read more →