Security best practice guidelines always call for changing default passwords as any password left on the factory preset is considered low hanging fruit, essentially just waiting to be abused by attackers to gain unauthorized access. Frameworks such as Cyber Essentials, PCI DSS, and UK Gov ITHC enforce this practice as one of their test requirements during an audit. The scenario below shows why it is part of a best practice to change default passwords as it could lead to a more severe issue.

Communications company AT&T offers email services to many of its customers. Those emails have recently been compromised by way of an interesting exploit that is costing customers millions of dollars in stolen cryptocurrency. AT&T customers are having their email accounts attacked, and those exploited email accounts are being used to steal additional data and to access cryptocurrency exchange accounts, which is a very serious issue for the impacted users.

A few very personal and private specialized dating sites were recently hit by data attacks that have led to users being exposed and potentially released onto the internet. Sites CityJerks and TruckerSuckers both experienced data breaches from the same individual who is attempting to sell the stolen data. The information taken from these accounts is highly private and personal, and anyone involved in this breach is likely to be unhappy about having their data exposed.

Being a cybersecurity professional is a heavy responsibility and requires an exceptional amount of ethics and integrity. So, when cybersecurity software company Bitdefender released the results of their 2023 Cybersecurity Assessment, the results shocked me (more than they probably should have). The statistics on data breach cover-ups were alarming. 1.

Albertsons is a major grocery chain in the United States. The company is based in Boise, Idaho, and oversees a huge range of different grocery stores throughout the country. Stores like Star Market, Tom Thumb, Acme, Safeway, Vons, Balduccis, Food Lover's Market, Shaw's, Albertsons, and more.

The Cyber Kill Chain is a significant piece of work from Lockheed Martin in 2011. The Chain outlines seven essential points at which an IT team can intercept a cyberattack. Numerous experts took the process a bit further to eight steps: “reconnaissance, weaponization, delivery, exploitation, installation, command and control, actions on the objective, and monetization.”

Kimco Realty is a major real estate investment company based in Jericho, NY. The company specializes in developing shopping centers and helps businesses obtain the commercial real estate they need for grocery stores and other plazas. The company focuses on metropolitan locations primarily and maintains a staff of about 630 employees while generating more than $1.7 billion in annual revenue.

New data shows how poorly organizations are at identifying – let alone removing – an attacker's foothold, putting themselves at continued risk of further attacks and data breaches. We’d like to think our security stance includes some really great abilities to detect, investigate, detect, and remediate an attack.

Point32Health is a health company based in Canton, Massachusetts. This company oversees a variety of different health plans and is responsible for maintaining health care for some key universities. For example, the company manages Tufts Health Plan, Harvard Pilgrim Health, and Integra Partners, to name a few. The business employs more than 1,100 people and generates over $9.4 billion in revenue annually.

The American Bar Association is the largest global organization of legal professionals in the world and has more than 166,000 members currently. The organization maintains data for a huge number of lawyers and other legal professionals, and this large-scale organization suffered from a recent data breach. The breach released information for over 1.4 million past members of the organization, putting countless users at risk in the process.