‍ ‍ ‍Private equity (PE) firms are becoming increasingly attractive targets for cybercriminals. Malicious actors are keen to capitalize on the ecosystem's access to an incredibly extensive and diverse array of sensitive data, particularly susceptible during and after M&As, as well as the notoriously low cybersecurity measures in place among the smaller businesses that some PE firms chose to hold.

In a startling cybersecurity development, an anonymous threat actor has posted what they claim to be 270GB of source code stolen from the New York Times on a popular imageboard website. This incident, reported on Friday, suggests the leak contains "basically all source code" from the publisher.

Hackers recently claimed on a known cybercrime forum that they had stolen hundreds of millions of customer records from Santander Bank and Ticketmaster. It appears that hackers used credentials obtained through malware to target Snowflake accounts without MFA enabled. While it's easy to blame Snowflake for not enforcing MFA, Snowflake has a solid track record and features to protect customer data. However, errors and oversight can happen in any organization.

On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager (VBEM) web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating of 9.8 (critical). VBEM is a web-based platform that allows administrators to oversee Veeam Backup and Replication installations through a web interface console.

The response in September 2023 by the Australian government outlined reforms to the existing Privacy Act 1988 from the Office of the Australian Information Commissioner (OAIC). These reforms aim to bring Australian privacy laws up to date with the digital age and give citizens more control over their personal information which may affect your businesses starting in 2024.

It’s no easy feat for a company to maintain security and enforce standardized policies across a fleet of devices.

In a recent Fortune article, Amazon’s chief security officer, Steve Schmidt, suggests 6 questions every company's board should ask its CISOs to understand how robust their cybersecurity preparation is. One of the most challenging questions for CISOs was: “Who has access to what data? Why do they need it, and for how long?” This question is critical because cyberattacks often begin with weak, leaked, or stolen passwords.

On June 7, 2024, a new critical PHP vulnerability CVE-2024-4577 was revealed, mainly impacting XAMPP on Windows. It happens when PHP runs in CGI mode with specific language settings, like Chinese or Japanese. The problem comes from how PHP handles certain characters, allowing attackers to inject code through web requests and take control of servers. This vulnerability, if exploited, could lead to the execution of arbitrary code, a scenario with severe consequences for system integrity and data security.

Organisations require robust security measures that go beyond surface-level checks. Frankly, those days are gone now. White box penetration testing emerges as a powerful tool in this arsenal, offering a comprehensive security assessment by leveraging “insider” knowledge. Let’s delve into what white box penetration testing entails, its methodologies, and real-world examples illustrating its effectiveness.

API penetration testing, or API pentesting, is a specialised form of security testing focused on identifying and addressing security vulnerabilities within an API (Application Programming Interface). APIs are the backbone of modern web applications, enabling communication between different software systems.