Sizable fines assessed for data breaches in recent years suggest that regulators are getting more serious about cracking down on organizations that don’t properly protect consumer data. Hit with a $ 1.3 billion fine for unlawfully transferring personal data from the European Union to the US, Meta tops the list of recent big-ticket sanctions, with one other ten figure fine being levied against the Chinese firm Didi Global for violating that nation’s data protection laws. The third largest penalty was the $877 million fine against Amazon in 2021 for running afoul of the General Data Protection ..read more

Because of its ubiquity as a network platform, Windows all too often gets blamed as the source of a host of network security vulnerabilities. But recent events have shown the truth — that all sorts of network components have flaws and that there are many nefarious means attackers can use to enter and take control. With every day that passes, security professionals have blindly relied on false concepts such as Apple’s ecosystem being closed (and therefore not as susceptible to attack) and the conceit that many eyeballs mean vulnerabilities will be found and neutralized. It’s naive at best and ..read more

As we near the halfway point of the year, organizations are under tremendous pressure to grow businesses across all industries. It’s no secret: bottom lines must rise and 2024 has been earmarked as a pivotal year to revert to growth mode. Many organizations will find an uphill battle here; the previous few years have taken a significant toll. From supply chain issues, layoffs, delayed pipelines, and stalled progress due to pulled focus, we are due for a burst of innovation. Of course, there are a multitude of paths businesses can take to achieve this, all afforded by an increased focus on ge ..read more

Salt Security has added a new OAuth security offering to its API protection platform to help organizations detect attempts to exploit OAuth and fix vulnerabilities associated with the protocol. OAuth is an open-standard authorization protocol or framework, that describes how unrelated servers and services can safely allow authenticated access to their assets without actually sharing the initial, related, single logon credential. “Our new OAuth protection package comes in two parts,” said Eric Schwake, director of cybersecurity strategy at Salt Security. “The first is to strengthen our indust ..read more

Cisco has urged its customers to upgrade their software after disclosing that state-sponsored hackers have compromised some of its security devices. In a blog post, the company said hackers exploited previously undetected vulnerabilities in its Adaptive Security Appliances, a product that combines multiple cybersecurity functions. The threat actor, termed UAT4356, deployed two backdoors, which were used to conduct malicious actions, including configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement.   “This actor utilized be ..read more

2023 was a big year for threat intelligence. The sheer volume of threats and attacks revealed through Microsoft’s analysis of 78 trillion daily security signals indicates a shift in how threat actors are scaling and leveraging nation-state support. We saw more attacks than ever before, with attack chains growing increasingly complex; dwell times becoming shorter; and tactics, techniques, and procedures (TTPs) evolving to become nimbler and more evasive. By looking back at the details of key security incidents in 2023, we can begin to isolate patterns and identify learnings for how we should ..read more

ToddyCat, a Chinese advanced persistent threat (APT) group that has been targeting Asian and European government and military organizations over the past four years, is using several different traffic tunneling tools to ensure persistent access to compromised networks, according to researchers at Kaspersky Lab. The group’s primary goal is the exfiltration of large volumes of sensitive information, which can take a long time and is prone to detection, researchers from the security firm said in a new report. “Having several tunnels to the infected infrastructure implemented with different tool ..read more

To help secure the operational technology (OT) systems within industrial organizations against growing targeted attacks, cybersecurity solutions provider Critical Start has launched a managed detection and response (MDR) offering dedicated to these environments. The offering, based on Critical Start’s managed cyber risk reduction (MCCR) principle, is designed to deliver combined threat, vulnerability, and risk monitoring and management for threats facing critical OT systems. “Critical Start MDR for OT is a comprehensive and flexible service that combines OT-specific threat detection capabili ..read more

Biometrics definition Biometrics are physical or behavioral human characteristics to that can be used to digitally identify a person to grant access to systems, devices, or data. Examples of these biometric identifiers are fingerprints, facial patterns, voice or typing cadence. Each of these identifiers is considered unique to the individual, and they may be used in combination to ensure greater accuracy of identification. Because biometrics can provide a reasonable level of confidence in authenticating a person with less friction for the user, it has the potential to dramatically improve ent ..read more

More CISOs are dissatisfied with the role today than ever before, with studies showing that a high number of security chiefs (75%) are interested in a job change. What gives? Researchers, advisors and CISOs themselves cite a litany of reasons for the current discontentment, ranging from a lack of executive support to the increased level of liability created by recently enacted security regulations like those implemented recently by the US Securities and Exchange Commission (SEC). It doesn’t help that in several recent incidents, CISOs have been held legally personally responsible for the han ..read more