October 22, 2024 at 04:23PM A report by Symantec reveals that numerous mobile apps for iOS and Android contain hardcoded, unencrypted cloud service credentials, risking user data exposure. This vulnerability, stemming from poor development practices, could allow unauthorized data access. Developers are urged to adopt best practices to safeguard sensitive information in apps. ### Meeting … Read more
September 29, 2024 at 11:13PM Cybersecurity expert Sam Curry discovered a vulnerability in Kia vehicles, allowing unauthorized access and the theft of personal details. Another critical vulnerability in Ivanti Traffic Manager was identified, and a UK citizen faces charges for hacking US companies. Additionally, Monaco-based Namebay experienced a ransomware attack, while a cyber attack on … Read more
August 28, 2024 at 03:02PM The PoorTry Windows driver has evolved into an EDR wiper, deleting crucial security files to hinder restoration efforts. Trend Micro first warned about this in May 2023, with Sophos confirming EDR wiping attacks. The tool, used by ransomware gangs like BlackCat and LockBit, employs various tactics to avoid detection and … Read more
July 10, 2024 at 12:54PM Israeli startup Cytactic secures $16 million in seed-stage funding led by Evolution Equity Partners for developing a “cyber crisis readiness and management” platform. The company aims to provide an automated, data-driven solution to enhance readiness, response, and recovery for businesses facing security crises like breaches and ransomware infections. Cytactic’s product … Read more
April 22, 2024 at 08:00AM A 2024 survey by Pentera revealed staggering results: 51% of organizations experienced a cyberattack in the past two years, despite investing in an average of 53 security solutions. Breaches led to significant damage, prompting heightened board involvement. The survey also highlighted the need for more frequent and continuous security testing … Read more
April 10, 2024 at 04:47AM Join Silobreaker’s webinar on April 18th to learn from CISO Andy Grayland about using threat intelligence to minimize third-party security risks. With 29% of incursions originating from third parties, the webinar will provide insights into identifying and mitigating these risks. Sign up and receive a reminder for the webinar. Sponsored … Read more
April 1, 2024 at 04:31PM The UK regulator reported that one of the world’s most toxic sites faced cybersecurity “offenses” from 2019 to 2023. Based on the meeting notes, it seems that the UK regulator mentioned that a particularly hazardous site had experienced cybersecurity “offenses” from 2019 to 2023. This suggests a serious breach of … Read more
March 6, 2024 at 05:31PM FILI notified 30,000 individuals of a third-party data breach, affecting names, Social Security numbers, bank account details, and more. This is the second breach involving IMS this year. Jeff Margolies points to increased third-party security breaches and the need for better third-party access management. Fidelity offers 24 months of credit … Read more
January 10, 2024 at 05:26PM Mandiant, a cybersecurity firm and Google subsidiary, had its Twitter account hijacked by a Drainer-as-a-Service gang. The attacker redirected over 123,000 followers to a phishing page to steal cryptocurrency, with an estimated minimum of $900,000 in assets stolen. Verified organizations like the U.S. Securities and Exchange Commission have also been … Read more
January 9, 2024 at 05:31PM The U.S. Securities and Exchange Commission’s account, X, was hacked to falsely announce the approval of Bitcoin ETFs. The tweet, promptly deleted, led to a temporary spike in Bitcoin prices. However, the SEC clarified that no such approval had been granted. This incident follows a string of account breaches targeting … Read more