A significant ransomware attack on Infosys McCamish Systems, an outsourcing service provider for financial and insurance companies, has impacted over six million customers. The breach, which took place in late 2023, was only recently disclosed in a filing with the Maine Office of the Attorney General (OAG). This incident underscores the importance of robust cybersecurity measures such as stolen credentials detection, darknet monitoring services, and digital footprint analysis.

On June 24, 2024, cybersecurity company Sansec published a security advisory detailing how an associated Polyfill domain (cdn.polyfillio) was being used to insert malicious code in scripts served to mobile end users in a web supply chain attack. Polyfill is a popular open-source JavaScript library embedded in more than 100,000 websites to provide polyfills, a small piece of code (usually JavaScript) that helps provide modern functionality on older browsers.

Since its mainstream emergence in 2022, generative AI has triggered a seismic shift in data management and security. It is estimated that one in four employees now uses genAI apps daily, often unbeknownst to their employer and IT team. This raises concerns, as genAI is designed with a voracious appetite for consuming both mundane and sensitive data. Effectively securing your data as genAI becomes prevalent is a strategic imperative.

What likely started as a quick ransomware “smash and grab” has turned into a headline case resulting in responses from both U.K. and U.S. law enforcement. Earlier this month, several larger London hospitals suddenly had no access to lab results. It turned out to be the result of a ransomware attack on laboratory partner Synnovis that crippled hospitals and health services that rely on Synnovis.

On June 26, 2024, TeamViewer published a statement disclosing they detected an irregularity in TeamViewer’s internal corporate IT environment. TeamViewer is an organization that provides remote access software for devices and is extensively utilized by businesses and individuals globally. Upon detecting the incident on June 26th, TeamViewer immediately activated their response team and procedures and started investigations while implementing necessary remediation measures.

On June 28, 2024, Juniper released fixes for a critical authentication bypass vulnerability discovered during internal testing, CVE-2024-3937. Juniper has stated that this vulnerability affects only Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products running in high-availability redundant configurations.

Some examples of social engineering attacks include phishing, pretexting, scareware, baiting, vishing, smishing and CEO fraud. If you are unsure what qualifies as social engineering, imagine how many ways someone can manipulate you to reveal private information. Threat actors use these psychological techniques, both in person and online, to gain access to your personal or organizational information. These bad actors can install malware on your device, steal your information and even take your identity.

Vulnerability management is the continuous process of identifying and addressing vulnerabilities in an organization’s IT infrastructure, while patch management is the process of accessing, testing, and installing patches that fix bugs or address known security vulnerabilities in software applications. Vulnerability management and patch management are crucial SecOps processes that protect IT assets against cyber threats and prevent unauthorized access to secure systems.