The staggering sum of US $75 million has reportedly been paid to a ransomware gang in what is believed to be the largest known ransom payment made by a cyber attack victim since records began. Researchers at Zscaler claim in a new report that the record-breaking figure was paid by an undisclosed Fortune 50 company to the Dark Angels ransomware group.

The essentials of what you need to know about 10 common frameworks and how to benefit from these structured approaches for reducing cybersecurity risk.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! I wondered when I would hear knives being sharpened.

In the previous blog of this series, we unpacked the foundational concepts of encryption at rest and introduced you to Elastic Cloud’s “bring your own key” (BYOK) feature, which allows you to do encryption at rest with encryption keys managed by the KMS service of your cloud provider.

AI adoption continues to move at a breakneck speed for businesses across the globe, as shown in a Coatue report comparing AI adoption to early internet adoption and found that AI growth is happening at two times the speed of the former.

Recent critical vulnerabilities in ServiceNow, a widely used cloud platform, have put numerous organizations at risk of data breaches. Threat actors are exploiting these input validation flaws, enabling remote code execution and unauthorized access. Despite recent fixes, government agencies, data centers, and private firms remain targeted. This blog highlights how these flaws are exploited for data theft and outlines security measures to mitigate these risks.

A critical flaw in Hotjar that combines XSS with OAuth putting millions of websites at risk, exposing user data and risking account takeovers. Hotjar, a trusted product experience insights platform used by over a million websites, including global brands like Adobe and Microsoft, offers powerful behavior analytics and feedback tools. These include Heatmaps, Recordings, Surveys, and Feedback, which help product teams understand user behavior and improve user experience (UX).

The NIS2 Directive is the European Union’s flagship cybersecurity law, poised to significantly strengthen cyber defenses across the EU when it takes effect on 17 October 2024. This upgraded version of the 2016 NIS Directive (NIS1) not only introduces stricter rules but also broadens its reach, covering more sectors and businesses, ensuring comprehensive protection and a stronger security posture.

Read also: A Coinbase hacker jailed for a $900K crypto scam, a North Korean hacker indicted for ransomware attacks on hospitals, and more.

Malicious cyber activity is intensifying at an unprecedented rate. The infrastructure that offers the convenience of working from multiple workstations, mobile devices, and home computers is a double-edged sword, increasing the total attack surface and complexity of securing these environments.