For the past 13 years, Verizon’s “Data Breach Investigations Report” (DBIR) has been the industry’s definitive resource for documenting and benchmarking the global state of cybersecurity. As always, the Verizon DBIR team does an admirable job of sifting through an impressively large data set to tease out the underlying trends that are driving the market.
Traditionally, large companies have been the main targets of hackers, as they attract potentially high ransom money. It goes without saying, however, that it is precisely those companies with a lot of capital that strengthen their IT security structures due to this threat. But what does this mean for cyber criminals? They are looking for new victims, with defence systems that are easier to crack and grown IT infrastructures as well as municipal or state funds.
Non-compliant and compromised passwords represent some of the weakest links and greatest threats to online security for both individuals and organizations today. Hackers steal credentials for profit using various techniques ranging from online and offline brute force, dictionary, and keylogger attacks to scanning cloud resources for exposed and forgotten credentials left on publicly accessible servers.
In our recent blog, What is security testing and why is it important?, we talked about how security testing is one of the single most important jobs an effective security department can do. Without it, security leaders have no way to make informed and pragmatic decisions about the areas of investment they need to prioritize - and no basis on which to make the argument for a bigger security budget.
Spear phishing is a form of cyber attack targeted at a particular person or small set of individuals. In these scams, bad actors research their chosen targets and attempt to convince them to surrender sensitive data or financial information. Spear phishing attacks may also aim to infect user devices with malware, allowing attackers to steal the data they need to carry out further attacks on an organization.
Collaboration tools have provided companies with a lifeboat, allowing employees to work from home in the midst of a pandemic. They make communication, idea sharing and collaboration on documents possible from anywhere. However, it’s that same ease which also make it easy for data misuse or theft to occur due to negligence or malicious intent.
You've probably heard about Ripple20, but why is it so significant and how will you know if your environment is affected? Ripple20 is a series of recent vulnerabilities discovered by JSOF in devices that contain the Treck networking stack. The Treck stack has been in use in embedded devices for more than twenty years. Hundreds of millions of devices in the industrial controls, networking, transportation, retail, oil and gas, medical, and other fields that use the Treck software are now known to be vulnerable to exploits.
FedRAMP, the federal program created to assess the security of cloud service providers (CSPs), saves time and cuts costs for U.S. government agencies that would otherwise conduct their own assessments. CSPs are granted authorizations at three impact levels: low (includes low-baseline and low-impact SaaS “li-SaaS”), medium, and high, aligned to the impact levels based on NIST guidelines. While the high-impact level protects the most sensitive government data, the moderate-impact level meets the needs of many agencies.
Cloud service providers do a great job of delivering on the promise of being able to easily deploy and destroy instances according to need. But for security teams, the ephemeral nature of the cloud expands the attack surface, adds complexity, and has made it difficult to quickly direct resources to where they're needed most—until now.
100% of the phish seen by the Cofense Phishing Defense Center (PDC) have been found in environments protected by Secure Email Gateways (SEGs), were reported by humans, and automatically analyzed and dispositioned by Cofense Triage.Cofense solutions enable organizations to identify, analyze, and quarantine email threats in minutes.