Tag: Cybersecurity Insiders

Business Email Compromise (BEC) is a social engineering scam where attackers impersonate legitimate business emails to defraud employees, partners, and potentially even customers. While deceptively simple, these attacks can cause significant financial damage.  BEC scams, like most cyber-attacks, are global.…

Read more →

As the cyber workforce skills gap persists, companies that fail to upskill their IT teams with the knowledge to defend themselves in the ever-changing tech landscape are vulnerable to opportunistic attackers. In addition to prioritizing skills for emerging tech trends,…

Read more →

Recently, a notorious ransomware group previously known as SE#i Ransomware has rebranded itself as APT Inc., setting its sights on VMware ESXi servers worldwide, particularly in corporate environments. This campaign predominantly targets Linux-based systems using the Babuk Encryptor, while Windows…

Read more →

One of the most effective tools in our cybersecurity arsenal at Exabeam is the regular deployment of phishing simulations. These exercises are not just routine checks but essential components of our defense strategy, especially during significant organizational change and public…

Read more →

New independent research commissioned by Six Degrees has found that, over the last 12 months, 40% of IT decision-makers at SMEs felt rushed while undertaking public cloud migration projects.  Out of all the sectors covered in the report, those working…

Read more →

If you work in the security industry, you have likely heard about the polyfill.io incident that came into the public light a couple of weeks ago. We don’t know exactly how many websites were affected, but it seems we have…

Read more →

Phishing is an ever-growing concern in cybersecurity. It was the most common attack type in 2023, accounting for 43.3% of email-based threats – and its danger has been supercharged by the rise of generative AI. Businesses are right to be…

Read more →

In June of this year, the Kaspersky cybersecurity firm, led by Eugene Kaspersky, was banned by the Joe Biden administration, citing concerns over national security. Being of Russian origin, the company faced allegations of sharing intelligence with Kremlin entities. After…

Read more →

The Australian Signals Directorate has partnered with Amazon, the American technology giant, to establish a highly secure data center aimed at safeguarding military information from illicit access on the dark web. The project, estimated to cost over $2 billion under…

Read more →

As Paris gears up to host the 2024 Olympic Games, the city and its organizers face a monumental task not only in ensuring the safety and smooth operation of the physical events but also in safeguarding against potential cyber threats.…

Read more →

DragonForce Ransomware, like many other malicious groups, recently targeted the servers of 911 emergency services in California on June 16th of this year, an incident disclosed to the public earlier this week. According to reports from the South Bay Regional…

Read more →

A recent cybersecurity report from WithSecure ( previously known as F-Secure) highlights concerns over potential cyber-attacks targeting the upcoming Olympic Games in Paris. The report suggests that these attacks, possibly orchestrated by nation-state adversaries like Russia, could involve sophisticated tactics…

Read more →

Alphabet Inc., the parent company of Google, is set to acquire the cybersecurity startup Wiz for a substantial $23 billion in an all-cash deal expected to close by September this year. This move comes amidst heightened scrutiny by US regulators,…

Read more →

Over the past few days, AT&T, a major American telecom company, has made headlines due to a sophisticated cyber-attack that exposed the details of over 109 million mobile customers dating back to 2022. According to updates received by our Cybersecurity…

Read more →

In an increasingly interconnected world, where technology drives every facet of life, even the weather predictions we rely on may not be immune to cyber threats. The integration of advanced computer systems and data analytics has revolutionized meteorology, enabling more…

Read more →

On June 3, the public comment period closed for the U.S. Cybersecurity & Infrastructure Security Agency’s (CISA) Notice of Proposed Rule Making (Proposed Rule) under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). CISA now has until October 2025…

Read more →

The cybersecurity landscape is evolving at an unprecedented pace, driven by the rapid expansion of digital infrastructures, the adoption of cloud technologies, and the relentless advancement of threat capabilities, including new AI tools and techniques. This dynamic environment presents a…

Read more →

Cyberthreats never stay the same. Just as fast as cybersecurity providers shut down an attack vector or develop a fix for a particular form of attack, cybercriminals develop new exploits and tactics to burrow their way in. One major newer…

Read more →

mSpy, a popular cell phone tracking software utilized by millions, has recently made headlines due to a significant cyber attack that has compromised the data of countless customers. As reported by Cybersecurity Insiders, hackers successfully breached the Zendesk-powered customer support…

Read more →

APIs are at the core of modern technology stacks, and power organizations’ digital operations. Facilitating seamless connections between customers and vital data and services, it is no surprise that API usage has, and continues to, accelerate. Given the amount of…

Read more →

Sizable fines imposed for data breaches in recent years indicate that regulators are increasingly determined to crack down on organizations that fail to adequately protect consumer data. Meta, for example, was fined a record $1.3 billion in 2023 for violating…

Read more →

The face of cyber threats has transformed dramatically over the decades. At first, they emerged as hacks, viruses and denial of service attacks, often hatched by young computer whiz kids chasing thrills and bragging rights. Then, criminal organizations leveraged increasingly…

Read more →

The evolving technological landscape has been transformative across most industries, but it’s arguably in the world of finance where the largest strides have been taken. Digital calculators and qualifier tools have made it quick and easy for customers to apply…

Read more →

In today’s digital landscape, organizations face a myriad of security threats that evolve constantly. Among these threats, human risk remains one of the most significant and challenging to mitigate. Human Risk Management (HRM) is the next step for mature Security…

Read more →

As the internet becomes increasingly integral to daily life, it simultaneously exposes individuals to heightened risks of exploitation by hackers. While digital connectivity facilitates essential communications with loved ones, it also exposes users to potential cyber threats such as cyberstalking.…

Read more →

Artificial Intelligence (AI) has revolutionized numerous fields, including cybersecurity. However, its application in cyber-crime represents a dual-edge sword, offering both innovative tools for attackers and advanced defenses for cybersecurity professionals. AI-based cyber-crime refers to the utilization of artificial intelligence techniques…

Read more →

The Chief Executive of the National Cyber Security Centre (NCSC), Professor Ciaran Martin, has highlighted concerns regarding the outdated software and hardware in NHS IT systems. He attributes recent ransomware attacks on the NHS to vulnerabilities in these systems. Notably,…

Read more →

Apple Inc. has issued a global warning to its iPhone users regarding a significant cybersecurity threat known as the Mercenary Spyware Attack. The alert highlights the potential vulnerability of iPhone users to sophisticated espionage-related spyware, reminiscent of the Pegasus surveillance…

Read more →

Information security policies are a table-stakes requirement for any significantly sized organization today but too often they are a mess composed of checkbox lists describing off-the-peg policies. CISOs now recognize the importance of a security policy document not just as…

Read more →

The history of artificial intelligence (AI) is a fascinating journey of innovation and discovery that spans decades. From the early days of simple machine learning algorithms to today’s advanced neural networks, AI has become an integral part of our daily…

Read more →

Recent developments in the world of cybersecurity highlight significant incidents involving ransomware attacks across various sectors. One notable event involves Avast, a prominent antivirus software provider, stepping forward to offer free decryption keys to victims of the DoNex ransomware. Collaborating…

Read more →

Microsoft, the American technology giant, has issued an email request to all its employees in China to stop using Android phones for office communication and switch to iPhones loaded with genuine iOS. This initiative is believed to be part of…

Read more →

In today’s interconnected digital landscape, the threat posed by botnets continues to evolve, presenting significant challenges to corporate cybersecurity. Botnets, networks of compromised devices controlled by malicious actors, can be utilized for various malicious activities, including distributed denial-of-service (DDoS) attacks,…

Read more →

CISA’s recent guidance to shift from VPNs to SSE and SASE products strengthens data protections, but misses an opportunity to champion more robust, hardware-enforced, security controls to harden access points like web browsers. Acting in the wake of several major…

Read more →

Since the SEC’s updated Cybersecurity Disclosure rulings came into force in December, unsuspecting CISOs have seen a sudden shift in the pressures they are under. Not only are they under the burden of additional cybersecurity reporting, but sharing reports that…

Read more →

The human element is one of the biggest reasons why data breaches have risen in recent years. And even though most organizations have some level of security awareness training already in place, employees continue to fall prey to phishing attacks…

Read more →

In recent years, the landscape of remote work and cybersecurity has undergone significant changes, driving organizations to reevaluate their reliance on traditional Virtual Private Networks (VPNs). The 2024 VPN Risk Report, compiled by Cybersecurity Insiders in collaboration with HPE Aruba…

Read more →

The National Security Agency (NSA) of the United States, responsible for overseeing national security and defense matters, has recently made headlines due to a reported cyber attack resulting in a significant data breach. Approximately 1.4GB of data, including classified information…

Read more →

Configuration drift happens when the configurations of storage & backup systems and software deviate from a baseline or standard configuration over time. When this happens, it can inadvertently introduce vulnerabilities into the systems, paving the way for breaches.  Changes to…

Read more →

Symantec, a cybersecurity firm based in California, has issued a warning to all 1.5 billion Apple device users regarding a potential cyber-attack targeting their Apple IDs. Researchers have discovered that threat actors can send deceptive messages to users, luring them…

Read more →

Researchers from a security firm( name withheld) have uncovered a significant data breach involving Twitter user data, revealing a leaked dataset of approximately 9.86GB. This trove includes over 200 million user records linked to account profiles, names, email addresses, and…

Read more →

The 2024 Summer Olympic Games, also referred to as XXXIII Olympiad, are set to take place from July 26th to August 11th this year. However, amidst the excitement, there is a growing concern regarding cyber threats targeting attendees and team…

Read more →

Mobile Security is increasingly crucial in today’s digital landscape, where smartphones are integral to both personal and professional lives. Samsung Knox offered exclusively to Galaxy phone users stands out as a robust security platform designed to protect devices against a…

Read more →

Airtel, also known as Bharti Airtel, has denied reports of a data breach following speculation from various media outlets. The telecom giant stated that preliminary investigations have shown claims made by certain threat actors to be unfounded and baseless. Earlier,…

Read more →

Users of Twilio, the cloud-based communication service provider, are being alerted to a security breach affecting Authy, its platform for multi-factor authentication. It has been reported that a threat actor successfully accessed Authy’s end servers, potentially compromising user phone number…

Read more →

Software as a Service (SaaS) has revolutionized how businesses operate by offering convenient, scalable, and cost-effective solutions for various operational needs. However, the widespread adoption of SaaS also brings significant challenges and risks, particularly concerning data security. 1. Data Breaches…

Read more →

As cloud adoption continues to surge, so do concerns about data security. These concerns are amplified for businesses adopting hybrid cloud models, where sophisticated AI cyber attacks are increasingly targeting cloud service providers. To address these challenges, IBM and Microsoft…

Read more →

As the world eagerly anticipates the Paris 2024 Olympic Games, a less visible but equally crucial competition is underway: the race to protect the vast amounts of sensitive information collected during this global spectacle. With an estimated 3 million spectators…

Read more →

FireTail announces a free version of its enterprise-level API security tools, making them accessible to developers and organizations of all sizes. FireTail’s unique combination of open-source code libraries, inline API call evaluation, security posture management, and centralized audit trails helps…

Read more →

Recent cyber attacks involving ransomware have garnered significant attention in recent days, with two notable incidents making headlines: Patelco Credit Union, a prominent non-profit organization in the San Francisco Bay Area, confirmed it fell victim to a ransomware attack affecting…

Read more →

Last year was a brutal year in the cybersecurity field. Technologies like generative AI introduced new attack vectors to already outsized attack surfaces, and security teams were overwhelmed with sheer amounts of data while dealing with outdated legacy systems. Top…

Read more →

With data breaches making the headlines more often, companies are well aware that keeping data safe and meeting compliance standards like SOC 2 is more important than ever. But navigating the complexities of SOC 2 compliance can be overwhelming. That’s…

Read more →

According to the Office of the Comptroller of the Currency, “Financial crime threatens the safety and soundness of financial systems worldwide. In some cases, these crimes threaten the security and safety of the nation. These crimes range from fairly simple…

Read more →

In a disturbing evolution of ransomware tactics, a new group known as Volcano Demon has emerged, diverging from the usual approach of encrypting databases for ransom. Unlike traditional ransomware operations, Volcano Demon threatens victims directly via phone calls, promising to…

Read more →

UK-based law firm Barings has brought to light a concerning incident involving alleged cyber espionage targeting British armed personnel. According to Barings Law, state-funded actors from China infiltrated systems and illicitly obtained names and banking details of more than 5,000…

Read more →

In today’s interconnected digital landscape, ransomware has emerged as one of the most pervasive and damaging cyber threats. These malicious attacks target organizations of all sizes, encrypting critical data and demanding hefty ransom payments in exchange for decryption keys. As…

Read more →

The FBI has issued a Private Industry Notification (PIN) warning of vulnerabilities in the US Renewable Energy Sector to cyber-attacks. These attacks, aimed at stealing intellectual property, disrupting operations, ransomware extortion, or gaining political advantage, pose significant risks. Specifically, the…

Read more →

Australia’s leading financial institutions are bracing for what could be the most significant cyber attack in the history of the banking sector, with warnings issued by the top four banks. Over the past three years, these institutions have faced relentless…

Read more →

HubSpot, a prominent American CRM and marketing software company, has initiated an investigation following a cyber attack that potentially compromised data from a limited number of customer accounts. The incident, which occurred on June 22, prompted immediate action from the…

Read more →

Protecting data both at rest and in transit is crucial for maintaining the confidentiality, integrity, and availability of sensitive information. Here’s a comprehensive guide on how to safeguard data in these two states: Protecting Data at Rest Data at rest…

Read more →

Businesses are increasingly recognizing the critical need to enhance their cybersecurity defenses amid today’s evolving cyber landscape. Consequently, they are strategically investing in fortifying their existing infrastructure. This proactive approach has led to a notable decline in the demand for…

Read more →

In 2024, we’ve seen several high-profile data breaches that have caused tangible and widespread damage to companies and their customers. One of the hardest-hit industries also includes one of our most critical: healthcare. The UnitedHealth data breach has had ripple…

Read more →

Asymmetric and symmetric encryptions are the modes of encryption typically used in cryptography. There is a single key involved with symmetric encryption used both for encryption and decryption. The key needs to be shared among the parties who are involved…

Read more →

The financial services industry has been at the forefront of the digital transformation age for some time. Agility and convenience are mandatory in this sector, and customers have expected reliable access to financial services at a moment’s notice. Everything from…

Read more →

TeamViewer, a remote monitoring and management tool based in Germany, has reported a security breach within its internal corporate IT environment. The incident occurred on June 26, 2024, prompting immediate remedial actions to prevent any potential data compromise. The company,…

Read more →

Recently, commuters in California, Paris, Singapore, Queensland, and London have been encountering Apple Inc.’s Safari Browser ads on billboards and public buildings. These ads cleverly promote Safari as the browser of choice for iPhone users while taking a swipe at…

Read more →

In recent years, the threat posed by state-sponsored ransomware actors has become increasingly pronounced, with malicious cyber activities orchestrated by governments or their proxies posing significant risks to global cybersecurity. As these actors continue to exploit vulnerabilities in critical infrastructure…

Read more →

Evolve Bank, based in Arkansas, is currently investigating a potential cyber-attack on the servers of the Federal Reserve System, which may have exposed customer data. Reports indicate that a collection of records has surfaced on the dark web, linked to…

Read more →

Woven into the fabric of everyday life, the Internet of Things (IoT) is ever-expanding, from smart home devices to industrial sensors. But an ecosystem on the edge of innovation comes hand-in-hand with a growing attack surface, creating a permeable landscape…

Read more →

Addressing the Current Cybersecurity Climate and Disaster Recovery Shortfalls In the current digital era, characterized by increasingly complex and sophisticated cyber threats, the role of IT security leaders in safeguarding organizational assets has never been more challenging. The inadequacy of…

Read more →

It’s no secret that the Olympics is one of the most highly attended events in the world. This year, it is expected that the Olympics will bring over 15 million visitors to Paris. With such a heavy influx of people,…

Read more →

Partnership with BCR Cyber Will Provide Jobs and Access to Advanced Experiential Training at Maryland Community Colleges Baltimore, MD (6/25/24) – The Maryland Association of Community Colleges (MACC), in partnership with Baltimore Cyber Range dba BCR Cyber, has been awarded…

Read more →

The 2024 Paris Olympics is set to begin on July 26, global adversaries are paying close attention and such a high-profile event serves as an opportunity for bad actors to cash in on vulnerable organizations and users with poor cyber…

Read more →

According to a joint investigation by security analysts from SentinelOne and Recorded Future, a significant ransomware campaign targeted government and critical infrastructure between 2021 and 2023, with new details now coming to light. The attacks occurred in two distinct clusters.…

Read more →

Security researchers face significant challenges when hunting for vulnerabilities in Large Language Models (LLMs). However, Google’s Naptime Framework provides a breakthrough in AI-driven vulnerability research, automating variant analysis. Named for its concept of allowing researchers to “take a nap” amidst…

Read more →

With the rise of digital transformation and widespread adoption of cloud-based solutions, organizations are increasingly turning to these platforms to meet their evolving needs. However, the surge in data breaches within cloud data centers has sparked significant concern among security…

Read more →

Safeguarding oneself from sectortion attacks online is crucial in today’s digital age where cyber threats continue to evolve. Se*tortion, a form of blackmail where perpetrators threaten to release intimate images or videos unless demands are met, can have devastating consequences…

Read more →

CDK Global, a prominent provider of software solutions for automotive sales and services across 15,000 dealerships, recently faced significant disruptions due to alleged ransomware attacks. Reports indicate that the attacks, attributed to the Black Suit file encrypting malware group, initially…

Read more →

Attention Android users still on versions 11 or earlier: A critical security update demands your immediate attention. Multiple hacking groups are targeting outdated Android devices with open-source mobile ransomware variants, prompting urgent warnings from cybersecurity experts. Recently, Check Point issued…

Read more →

The task of managing and interpreting vast amounts of data is akin to finding a needle in a haystack. Cyber threats are growing in complexity and frequency, demanding sophisticated solutions that not only detect but also prevent malicious activities effectively.…

Read more →

In recent days, Indonesia has been grappling with significant disruptions to airport services and banking operations following a ransomware attack attributed to a variant known as Brian Cipher, a spinoff of the notorious LockBit ransomware. This incident has resulted in…

Read more →

The Qilin ransomware group, responsible for the recent attack on NHS, resulting in the cancellation of nearly 1200 operations and crucial blood tests, has urged against blaming them for the hardships faced by Britain’s healthcare system. Instead, they pointed fingers…

Read more →

Cybersecurity threats continue to pose significant challenges across various industries, with certain sectors bearing the brunt of frequent and severe cyber attacks. Here’s a closer look at the top 10 industries most vulnerable to cyber attacks: 1. Healthcare: The healthcare…

Read more →

How organizations can both leverage and defend against artificial intelligence (AI) in security operations.  While AI has been around for many years and isn’t a new concept, the emergence of generative AI (GenAI) boosted by large language models (LLMs) has…

Read more →

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to all chemical facilities operating in the United States regarding a potential data breach that may have exposed sensitive information to hackers. This includes details such as business…

Read more →

In today’s digital age, where email communication is integral to business operations, the threat of Business Email Compromise (BEC) looms large. BEC attacks are sophisticated schemes where cybercriminals manipulate email communication to deceive employees into transferring money or sensitive information.…

Read more →

Normal 0 false false false EN-US /* Style Definitions */ table.MsoNormalTable {mso-style-name:”Table Normal”; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:””; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-pagination:widow-orphan; mso-hyphenate:none; font-size:10.0pt; mso-bidi-font-size:11.0pt; font-family:”Calibri”,sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:Calibri; mso-bidi-theme-font:minor-bidi; mso-font-kerning:1.0pt; mso-ligatures:standardcontextual;} The United States government…

Read more →

Have you ever heard of a Doctrine meant to formulate cyber space operations? Well, here’s a news piece that might interest you a bit. The Indian Armed Forces have recently adopted a groundbreaking Doctrine specifically aimed at conducting operations in…

Read more →

Internet Computer Protocol (ICP), a decentralized blockchain network that extends the functionality of Web3 by overcoming the limitations of traditional blockchains and smart contracts, has introduced Verified Credentials (VCs), a walletless solution that enables efficient and trustworthy and sharing of…

Read more →

In early May, the internet was rocked by news of Google supposedly deleting a pension fund account worth $125 billion. Users of the Australia-based UniSuper pension fund’s systems suddenly had issues accessing their accounts for around a week. More than…

Read more →

The rise in online shopping brings more than just the ease of overnight shipping and competitive pricing – it also gives hackers more opportunities to take advantage of financial and personal information.  According to Veriff, there was a 40% increase…

Read more →

The question is not ‘if’ your organization will face a cybersecurity threat but ‘when.’ The bad news gets worse: suffering one attack does not immunize you against future breaches. Therefore, your approach to improving your organization’s cybersecurity resilience should not…

Read more →

The recent cyberattacks affecting water treatment plants and systems across the nation shed light on the need for cybersecurity measures that safeguard these essential services. In fact, the Environmental Protection Agency found that about 70% of utilities inspected by federal…

Read more →

1.) Recently, the Qilin ransomware group, believed to originate from Russia, targeted three hospitals and a network, severely disrupting emergency services for patients. The attack, which occurred on June 4, 2024, via Synnovis Software, has led the gang to demand…

Read more →

Generative AI has the potential to make social engineering attacks much more sophisticated and personalised. The technology can rapidly mine sites for information on a company, individuals, their responsibilities and specific habits to create multi-level campaigns. Through automated gethering of…

Read more →

Recently, many Android phone users may have received emails about the activation and use of the ‘Find My Device’ feature. For those unfamiliar with this development, here’s a summary to safeguard the information stored on your phone in case it…

Read more →

Software is the heart of our connected world, but as its importance grows, so do cyber threats. According to the Department of Homeland Security, 90% of security incidents come from defects in software design or code. Yet, many developers aren’t…

Read more →

Small and Medium Size Enterprises (SMEs) are a major driver of the U.S. economy, representing as much as one-third of the private sector GDP. However, from a cybersecurity perspective, these organizations are at a disadvantage. Cybersecurity is typically handled by…

Read more →

Threat actors don’t just seek out security weaknesses. They look for situational vulnerabilities. Every holiday season, for instance, they come out of the woodwork to capitalize on the seasonal surge of retail transactions. Just as malicious actors use peak retail…

Read more →

Outside-In Approach to Partners Key to Firm’s Continued Growth Welcome to the new SonicWall!  2024 marks a high note in the transformation of SonicWall, which was founded in 1991 as Sonic Systems, shipping Ethernet cards for NuBus and SE expansion…

Read more →