Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mass assignment is a vulnerability that allows attackers to exploit predictable record patterns and invoke illegal actions. Mass assignment usually occurs when properties are not filtered when binding client-provided data-to-data models. Vulnerabilities of this type allow an attacker to create additional objects in POST request payloads, allowing them to modify properties that should be immutable.

Hacks and data leaks have affected many major players in recent years, including AT&T Vendor(9 Million accounts), T-Mobile (37 Million accounts), JD Sports(10 Million), MyDeal (2.2Million), Dropbox (nearly 69 million accounts), Flagstar bank (1.5 Million) and eBay (145 million). Those were bad. But not the worst. What are the most notorious hacks in history? They’re subject to debate, but these 27 attacks categorized under OWASP Top 10 would be strong candidates for the title.

According to IBM’s “Securing the C-suite” report, most C-suite executives are confident in their cybersecurity plans. However, the truth is that only 17% exhibit the highest level of security. 60% of CFOs, CHROs, and CMOs feel the least engaged regarding cybersecurity threat management, despite often handling the most critical data of their respective companies.

The last decade has seen a notable step in the evolution of network security and operations as companies move to a Software Defined Network (SDN) model, centralising control of switches, routers, VPN concentrators, load balancers and SD-WAN devices. This simplifies the management and operation of the network, driving down operational costs and reducing risk through better patch and update management.

Proctor and Gamble is a massive production company that produces home goods under many different brands and sells them around the world. Major brands like Febreze, Olay, Pantene, Pampers, Gillette, Crest, Dawn, and so many others belong to the organization. Proctor and Gamble recently admitted that it also suffered from data losses linked to attacks on the GoAnywhere file transfer service.

We’ve already had the first major API-related cybersecurity incidents for 2023. The T-Mobile API breach exposed the personally identifiable information (PII) of 37 million customers. The API attack had been going on since November but was not discovered and disclosed until January 19, illustrating the threat of the “low and slow” approach of API attacks, which are increasing at a steady pace.

SecurityScorecard is a customer-obsessed organization, which is why we asked ourselves: How can we provide more value to the thousands of CISOs who rely on our security ratings to make smarter, faster business decisions? We now make this guarantee: Qualified customers who maintain an A grade within the SecurityScorecard security ratings platform and still suffer an incident are eligible for complimentary Digital Forensics and Incident Response services.

When it comes to law enforcement crime investigations, there is a maxim of, “follow the money”. This broadly means that if you can follow the money trail, it will eventually lead you to the perpetrator of the crime. In today’s modern society, money has now become a series of binary ones and zeros that are transferred between bank accounts without any real effort on either party, and cybercriminals are fully aware of how easy, and fragile, this process is.