Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Breach affecting mostly youngsters. To be honest, I think many teens would be more on the ball with phishing than adults from what I’ve seen!

If you manage customer information, financial records, or business intelligence, learning how to backup Postgres databases effectively is a must-have skill. This guide offers practical steps to secure your data, covering various backup types and strategies to keep your information safe and recoverable. We show you how to create a solid backup plan for your Postgres databases, reducing downtime risks and safeguarding your organization’s most valuable asset.

In 2024, the demand for ransomware payments reached new and extreme highs, with the average cost of an extortion payment from a ransomware attack reaching $5.2 million. While traditional backups provide good data security, they are still vulnerable to ransomware and other cyberattacks. Another, more secure option to prevent a breach in your personal or business storage is immutable backups.

We are excited to see the Cybersecurity Infrastructure Security Agency (CISA) and outgoing Director Jen Easterly strongly recommend PHISHING-RESISTANT multi-factor authentication (MFA). The majority of people, including the majority of cybersecurity practitioners, do not know that most MFA…especially the most popular types used today (e.g., one-time passwords, pushed-based, SMS-based, etc.), can be as easily phished or bypassed as the passwords they were intended to replace.

Three out of four Black Friday-themed spam emails are scams, according to researchers at Bitdefender. Most of these scams are targeting users in the US and Europe. “This year, 77% of all Black Friday-themed spam (by volume) analyzed by Bitdefender’s Antispam Lab team was classified as scams, while only 22% was identified as marketing lures—emails designed to drive traffic to legitimate but overly aggressive promotions,” the researchers write.

An attack surface is the sum total of all the various ways that a cyber threat actor could attack an organization. This includes everything from software vulnerabilities, like SQL injection, to lost and stolen devices to social engineering attacks against the organization’s employees or third-party partners. An organization’s overall attack surface can further be divided into its external and internal attack surfaces.

As DevOps adoption has grown, organizations are pushing code into production faster than ever. However, the fast pace of DevOps has led many developers to view security as a bottleneck or afterthought, which means security teams need a new approach to keep up.