Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week we explore multi-factor authentication (MFA) fatigue attacks, what needs to be addressed to combat them and secure user data, and the roadmap to a positive identity and access management. The attack sprees never end, do they? Protecting user accounts from being compromised by hackers has always been a priority.

Organizations must always be aware of the constantly changing compliance landscape to protect their sensitive assets and avoid paying millions in fines. The rapid development of cyber threats fueled by the global pandemic and cyberwarfare have forced the European Union (EU) to update its NIS Directive. We understand the pain of having to read hundreds of requirements and legislation documents, so we’ve done it for you.

How many of us use ChatGPT? And how many of us use SaaS applications as part of our daily workflows? Whether you know it or not, if you use either of these tools, your data has likely traveled beyond the boundaries of your “fort.” What do I mean by “fort,” exactly? For this guide, consider your “fort” to be somewhere where you can monitor and secure your data. When data leaks outside your “fort,” it presents a myriad of possible risks.

Storing large amounts of sensitive data and allocating minimal resources to cybersecurity makes the education sector attractive to cybercriminals. Education organizations are also a prime target for cybercrime, given their historic reliance on large distributed networks, the rise of remote learning, and their need for relevant cyber hygiene training.

The healthcare industry stores an abundance of sensitive information and relies on third-party vendors for critical business services, two factors that make the sector a prime target for cyber attacks. In 2022, 707 data breaches compromised 500 or more patient accounts, according to report records from the Department of Health and Human Services’ Office For Civil Rights (OCR).

Severe cyber threats often threaten the technology sector because of the level of sensitive data companies and their third-party vendors process and store. Developing a comprehensive awareness of cybersecurity trends is one of the easiest ways for tech companies to protect themselves from cybercriminals, scams, and other cybersecurity threats.

Many applications rely on user data to deliver useful features. For instance, browser telemetry can identify network errors or buggy websites by collecting and aggregating data from individuals. However, browsing history can be sensitive, and sharing this information opens the door to privacy risks. Interestingly, these applications are often not interested in individual data points (e.g.

Trustwave SpiderLabs tested a couple of Android OS-based mobile devices to conduct the research on privilege escalation scenarios. Specifically, we wanted to show a straightforward process attackers may use to exploit vulnerabilities in an Android device’s system services and systems. The testing revealed that, in some cases, exploiting the issues we found were very easy.

GitGuardian Honeytokens bring peace of mind that you are safe from leaks and attacks while tackling secrets sprawl, no matter how many repos or developers you have.