API attacks have dominated the cybersecurity news cycle lately. In early 2023, T-Mobile made news for an API-based breach of 37 million PII records of its past and present customers. And last year, Optus, a major telecommunications company in Australia, experienced an API security incident that exposed around 10 million customer records. And API attacks that aren't quite as ”newsworthy” happen every single day.

More and more, people are completing the entire real estate transaction process online. From searching for properties to signing documents, online convenience can make the process easier and more efficient. However, with all of this activity taking place on the internet, it is important to be aware of the potential security risks that come along with it.

On February 27, 2023, LastPass updated their security incident notice to include additional details around the data breach they began investigating in November 2022. According to their notice, the threat actor used information obtained in an earlier, August 2022, data breach to target an employee and obtain credentials and keys used to decrypt storage volumes within their cloud-based storage service.

A recent LastPass breach has once again raised concerns about password managers’ security, especially commercial password managers with cloud infrastructure. The breach led to hackers gaining access to both code and data. This time on Dark Reading, I describe how I became a proponent of secret managers and LastPass, my chosen password manager, and how I helped my family and colleagues to do the same.

JD Sports Sportswear Retailer have suffered a cyber attack that exposed the data of 10 million customers accessed by backers in the attack. The personal data which was exposed includes customer’s names, email addresses, contact details and passwords.

The findings from a recent Gartner Peer Insights survey- Cybersecurity in the Healthcare Industry- show that nearly half of participating healthcare organizations have experienced a data breach in the past two years. As the number of connected and unmanaged devices increases, threats targeting IoT, IoMT and OT devices can undermine patients' confidence in the ability of healthcare organizations, and the industry as a whole, to deliver high-quality care and protect their safety.

T-Mobile has once again fallen victim to a massive new cybersecurity breach, discovered on Jan. 5. The company has a history of hacks from recent years, for which it was fined hundreds of millions of dollars. Using weak API security, the attack caused the exposure of the personal data of more than 37 million customer accounts, which was apparently first accessed on or around Nov. 25. The stolen records include addresses, phone numbers and dates of birth.

It's a good question, and if you're curious about whether any of your email addresses or passwords were included in a data breach, you can easily find out at HaveIBeenPwned.com. This entirely free service, managed by Microsoft Regional Director & MVP Troy Hunt, lets you enter an email address or password to see how many breaches it has been included in.

A data breach occurs when sensitive information is exposed to the public without authorization. These events are growing in popularity, costing businesses an average of US$4.35 million per event. Unfortunately, many companies are unknowingly still repeating the same mistakes causing some of the biggest breaches in history. To prevent your business from becoming another breach static, adjust your cybersecurity program to the proven breach prevention strategy outlined in this post.