GM, Zola customer accounts compromised through credential stuffing
Customers of automaker General Motors (GM) and wedding planning company Zola have had customer accounts compromised through credential stuffing, and the criminals have used …
Hijacking of popular ctx and phpass packages reveals open source security gaps
The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send …
Review: Hornetsecurity 365 Total Protection Enterprise Backup
Hornetsecurity 365 Total Protection Enterprise Backup is a cloud-based data protection and security solution that provides protection against spam, malware, and other advanced …
Why are current cybersecurity incident response efforts failing?
Business-critical applications, such as enterprise resource planning (ERP) systems provided by SAP and Oracle, are considered the crown jewels of the enterprise. These assets …
Most organizations do not follow data backup best practices
Apricorn announced new findings from a survey, which revealed that while the majority organizations have data backup plans in place, data for many are at risk. Nearly 400 …
How confident are companies in managing their current threat exposure?
Crossword Cybersecurity has released a report based on the findings of a survey of over 200 CISOs and senior UK cyber security professionals. The paper reveals companies are …
Verizon 2022 DBIR: External attacks and ransomware reign
There has been an alarming rise (13%) in ransomware breaches – a jump greater than the past 5 years combined, Verizon Business has revealed in its 2022 Data Breach …
Where is attack surface management headed?
Reactive cyber defense is a losing strategy. It’s something that’s been tolerated for many decades, but isn’t it more cost-effective, better for the brand, and more optimal to …
Elevation of Privilege is the #1 Microsoft vulnerability category
BeyondTrust announced the release of a report which includes the latest annual breakdown of Microsoft vulnerabilities by category and product, as well as a six-year trend …
Can we trust the cybersecurity of the energy sector?
A research published by DNV reveals that energy executives anticipate life, property, and environment-compromising cyberattacks on the sector within the next two years. The …
Keeping pace with emerging threats: The roundup
Egress issued its mid-year 2022 threat report offering details of emerging threats along with insights about protecting employees, customers, and businesses from these …
Account pre-hijacking attacks possible on many online services
Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on …