August 9, 2024 at 02:12PM At Black Hat USA, a panel discussed hackers’ increasing attempts to manipulate media post-data breaches. Criminal groups aim to build credibility through media attention, using extortion and threats to push victims into paying. Journalists stress the importance of verifying hacker claims and providing accurate information, despite pressure from both hackers … Read more
July 24, 2024 at 05:58PM The global supply chain network has increased organizations’ interconnectedness, posing a higher risk of data breaches and security incidents involving third-party vendors. Research shows 98% of organizations have experienced third-party cybersecurity breaches in the past two years. Investments in third-party risk management programs are rising, with a focus on using … Read more
June 26, 2024 at 05:56PM Optiv’s 2024 Threat and Risk Management Report, based on a Ponemon Institute survey, highlights a 59% spike in cyber budgets. The report emphasizes the urgency for organizations to prioritize cybersecurity investments, as data breaches and security incidents continue to rise. Key findings include security tool overload, top investment areas, lack … Read more
May 2, 2024 at 10:03AM Verizon’s 2024 Data Breach Investigations Report reveals a doubling of security incidents and confirmed breaches compared to the previous year. The exploitation of vulnerability as an initial breach point has surged by 180%, partly due to MOVEit and zero-day attacks. Additionally, the report emphasizes the need for faster response to … Read more
March 11, 2024 at 06:51AM Permiso Security has released CloudGrappler, an open source tool to detect cloud environment intrusions by advanced persistent threat (APT) actors. CloudGrappler specializes in querying for activity by known threat actors and provides detailed reports in JSON format. The tool is available on GitHub for users to access and utilize. The … Read more
March 1, 2024 at 07:52AM The Information Commissioner’s Office reprimanded West Midlands Police for repeatedly mixing up two individuals’ personal data, breaching data protection law. The errors led to mistaken identity, inaccurate personal data processing, and inappropriate actions, impacting the individuals involved. The force compensated one individual, implemented a Data Quality Policy and a “Think … Read more
October 18, 2023 at 05:43PM CISOs face the challenge of deciding what details to report and omit under new SEC rules. The CISO, along with the security operations center, would prepare a memo with incident details to be reviewed by investor relations and legal for a filing to the SEC. CISOs must balance reporting as … Read more