Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Inspect your credit card, and you’ll likely find interesting—and crucial—elements of the plastic rectangle. The front might display the provider’s name, a chip, some digits, or an entire card number; the back might hold much the same, along with a signature, when necessary, and a “valid thru ” date. All the information on a credit card is necessary to conceal, but when data breaches happen more often than ever, it’s a matter of time before every card is online.

In a startling revelation, a hacker known as "kiberphant0m" has claimed responsibility for breaching a major Asian telecom company with annual revenues exceeding $5 billion. This breach, described as one of the largest and most damaging in recent history, has exposed a wealth of sensitive data and granted unprecedented access to the company's internal network.

When someone is born on US soil, they are a national citizen; with this distinction, they obtain a list of entitlements and benefits, as well as societal obligations and predetermined consequences for bad behavior. Digital citizenship works like this, with unique freedoms, consequences, and obligations.

In 2020, the world moved online, and the pandemic kicked industry demand into overdrive. Seemingly overnight, entire organizations yielded to the mandates pushed by health professionals, encouraging anyone not already online to make an account or two. That year, transaction card fraud totaled around $149 million in losses in the US and has only increased since then, up to $48 billion globally.

More organizations than ever are moving to online processes, offering convenience and efficiency to their consumers and clients. However, the move to digital isn’t without its risks; security audits assess the current state of an organization’s IT and data environments and then offer recommendations to improve them. Security audits are an essential aspect of an organization’s approach to data defense, especially when threats are moving and growing daily.

As you may have seen in the news, a hacker stole 49 million customer records from Dell. The attack wasn’t novel or sophisticated. Instead, the attacker used a business logic flaw and an API to scrape 49 million records from Dell. How did they do it? Here is the attack flow. The attacker registered for an account within the Dell ecosystem to be a reseller/partner. They weren’t going to be. But Dell didn’t perform any checks, and within 48 hours, the attacker had a valid account.

Despite growing security investments in prevention, detection and response to threats, users are still making uninformed mistakes and causing breaches. One of the basic tenets of KnowBe4 is that your users provide the organization with an opportunity to have a material (and hopefully positive) impact on a cyber attack. They are the ones clicking malicious links, opening unknown attachments, providing company credentials on impersonated websites and falling for social engineering scams of all kinds.

New data shows that despite the massive evolution of the cybercrime economy, threat actors are sticking with the basics in social engineering attacks, with a goal at stealing data. I probably could have called this purely based on all the articles I’ve written (and all the articles I’ve read that never made it here). But when it comes to protecting your organization from social engineering, stick to the basics.

Dell Data Breach: What You Need to Know? Dell Technologies recently announced a data breach affecting a company portal, which compromised certain customer information linked to purchases. The breach exposed customer names, physical addresses, and detailed order information, such as service tags, item descriptions, order dates, and warranty details. Fortunately, Dell has assured that no financial data, email addresses, phone numbers, or other highly sensitive information were accessed during the incident.

How do you browse the Internet? Using a primary browser, you can turn on “incognito mode,” which increases your privacy on singular devices but is also less concealing than other privacy tools like virtual private networks (VPNs). The functionality of these modes differs between browsers. While the mode offers reliable personal security, it also lacks cybersecurity defenses and is often used by those with misconceptions about how the tool works. So, what is incognito mode?