Cyberattacks

UK Councils Under Cyber Attack: The Urgent Need for a Culture of Cybersecurity and Resilience

Apr 12, 2024 By Javvad Malik In KnowBe4

The very fabric that stitches our society together — our councils and local governing bodies — is under a silent siege from cyber attacks. The recent ransomware assault on Leicester Council is another real life cybercrime added to a growing list of attacks in the UK.

Read Post

KnowBe4

Read more about UK Councils Under Cyber Attack: The Urgent Need for a Culture of Cybersecurity and Resilience

Cyber Attacks Could Cause Global Bank Runs

Apr 12, 2024 By Stu Sjouwerman In KnowBe4

The International Monetary Fund (IMF) has warned that severe cyber attacks against financial institutions could lead to major bank runs and market selloffs. While this hasn’t happened yet, the IMF has observed these effects on a smaller scale after a cyber attack hits a bank.

Read Post

KnowBe4

Read more about Cyber Attacks Could Cause Global Bank Runs

Understanding APIs and How Attackers Abuse Them to Steal Data

Apr 12, 2024 By John Walsh In CyberArk

Simply put, APIs (short for application programming interface) are how machines, cloud workloads, automation and other non-human entities communicate with one another. They also represent an access point to highly sensitive company data and services. Almost every organization uses these machine interfaces, and their usage is only growing because they are essential to digital transformation and automation initiatives.

Read Post

CyberArk

Read more about Understanding APIs and How Attackers Abuse Them to Steal Data

Cyberattack at Sisense Puts Critical Infrastructure on Alert

Apr 11, 2024 By SecurityScorecard In SecurityScorecard

The cybersecurity community woke up on Thursday to news of a cyberattack on Sisense, a major business analytics software company. It’s thought that the breach may have exposed hundreds of Sisense’s customers to a supply chain attack and provided the attacker with a door into the company’s customer networks.

Read Post

SecurityScorecard

Read more about Cyberattack at Sisense Puts Critical Infrastructure on Alert

The Future of Cybersecurity: Leveraging Breach and Attack Simulation for Proactive Defense

Apr 10, 2024 By SecuritySenses In SecuritySenses

The digital landscape is no longer a frontier; it's a full-fledged battlefield. As organizations become increasingly reliant on interconnected technologies, their attack surface expands exponentially. Firewalls and antivirus software, the traditional defense lines, are akin to medieval fortifications in the face of modern artillery. To survive in this ever-evolving warzone, organizations need a proactive approach, a way to anticipate and counter threats before they inflict damage. Enter Breach and Attack Simulation (BAS), a transformative tool poised to revolutionize the future of cybersecurity.

Read Post

SecuritySenses

Read more about The Future of Cybersecurity: Leveraging Breach and Attack Simulation for Proactive Defense

Having Fun with SSRF HTML to PDF Exports: A Cybersecurity Exploration

Apr 10, 2024 By Komodo Research In Komodo Consulting

PDF Exports: Hidden SSRF Risk In the realm of cybersecurity, understanding vulnerabilities is paramount to safeguarding sensitive data and maintaining the integrity of systems. One such vulnerability that often lurks in the shadows is SSRF, or Server Side Request Forgery. While SSRF vulnerabilities have been extensively discussed in various contexts, today, we're going to delve into a unique perspective – exploring SSRF vulnerabilities through the lens of HTML to PDF exports.

Read Post

Komodo Consulting

Read more about Having Fun with SSRF HTML to PDF Exports: A Cybersecurity Exploration

CrowdStrike Extends Identity Security Capabilities to Stop Attacks in the Cloud

Apr 10, 2024 By Venu Shastri In CrowdStrike

Two recent Microsoft breaches underscore the growing problem of cloud identity attacks and why it’s critical to stop them. While Microsoft Active Directory (AD) remains a prime target for attackers, cloud identity stores such as Microsoft Entra ID are also a target of opportunity. The reason is simple: Threat actors increasingly seek to mimic legitimate users in the target system. They can just as easily abuse identities from cloud identity providers as they can in on-premises AD environments.

Read Post

CrowdStrike

Read more about CrowdStrike Extends Identity Security Capabilities to Stop Attacks in the Cloud

Change Healthcare Ransomware Attack Spotlights Single Point of Failure with Third-Party Vendor

Apr 10, 2024 By SecurityScorecard In SecurityScorecard

The ongoing cyberattack on Change Healthcare, a major player in medical claims processing in the United States, had profound repercussions across the healthcare sector. With the company forced to disconnect over 100 systems, medical claims processing ground to a halt. This disruption, termed by the president and chief executive of the American Hospital Association as “the most serious incident of its kind” in healthcare, brought many medical providers to the brink of closure.

Read Post

SecurityScorecard

Read more about Change Healthcare Ransomware Attack Spotlights Single Point of Failure with Third-Party Vendor

The Top 18 Healthcare Industry Cyber Attacks of the Past Decade

Apr 10, 2024 By Arctic Wolf In Arctic Wolf

10.93 million dollars USD. That’s the average cost of a healthcare breach in the U.S. It’s an alarming number that’s only continued to climb, increasing by over 53% in the past three years, according to IBM’s 2023 Cost of a Data Breach Report. In fact, the healthcare industry has had the highest average cost of a breach for 13 years running. It’s not just the costs that are climbing, either.

Read Post

Arctic Wolf

Read more about The Top 18 Healthcare Industry Cyber Attacks of the Past Decade

Cookies Beyond Browsers: How Session-Based Attacks Are Evolving

Apr 9, 2024 By Shay Nahari In CyberArk

In the past few years, we have witnessed a significant shift in the attack landscape, from stealing clear text credentials to targeting session-based authentication. This trend is driven by the proliferation of multi-factor authentication (MFA), which makes it harder for attackers to compromise accounts with just passwords.

Read Post