When the news first broke about a potential data breach at Ticketmaster, the details were murky. The Department of Home Affairs confirmed a cyber incident affecting Ticketmaster customers, but the extent of the breach and the veracity of the claims made by the hacker group ShinyHunters were unclear. As the story unfolded, it became evident that the breach was indeed real, and the personal details of millions of customers had been compromised.

The vendor risk management lifecycle (VRM lifecycle) is an end-to-end system that categorizes critical VRM or third-party risk management processes into three phases: vendor onboarding, ongoing risk management, and continuous monitoring.

Here at Ignyte, we’ve talked a lot about FedRAMP, the Federal Risk and Authorization Management Program. As you likely well know, FedRAMP is the federal government’s unified security standard, derived from NIST standardization documents and transformed into a framework to provide a cohesive idea of security across disparate government organizations and contractors. You might wonder, how does this work with state-level agencies and departments?

As flexible working arrangements become increasingly common across every industry, companies need secure, dependable ways to grant remote employees online access to company data, services, and applications. Productivity in today’s highly digital business environment depends upon employees being able to access the systems and information they need for work when needed, from any location.

Imagine: You get an email from your bank alerting you to a suspicious login attempt. It looks identical to their usual security notices, down to the logo and phrasing. You click the link to review the activity, log into your account—and unwittingly hand your credentials over to a cybercriminal. This is the reality of clone phishing.

Summer 2024 is about to heat up, and you know what that means. Sun, sand, and surf? Don’t forget to pack your swimsuit and sunscreen! Snow cones, strawberries, and s’mores? Mmmm, yes, please! Sightseeing, stargazing, and … scams? Oh my! Oops. Sorry for ending on such a bummer. But summer isn’t all fun and games and, unfortunately, scamming is on the rise. In 2023 alone, scams cost people more than $10 billion.

The healthcare sector is a top target of cyber criminals eager to steal sensitive data and extort high ransoms. The key to thwarting costly attacks is to understand that identity is the new security perimeter. By implementing robust identity and access management (IAM), healthcare organizations can significantly enhance their security and cyber resilience. This article explains the role of IAM in healthcare and details the most pressing IAM gaps to address.

Open Access or unrestricted file share access is an inevitable condition that exists in most if not all, enterprise environments. Many organizations create ‘Open Shares’ to allow end-users an easy way to access resources.

Today, I’m delighted to announce the release of Jit’s Context Engine, which uses the runtime context of vulnerabilities to automatically prioritize the top security risks in our customers’ cloud applications. One of the defining challenges of product security is the overwhelming volume of alerts generated by code and cloud security scanners, which is especially painful when the majority of “issues” don’t pose any real security risk.

Welcome to this week’s Cyber Threat Intelligence Summary, where we bring you the latest updates and insights on significant cyber threats. This edition covers an alleged data breach at Ticketmaster, a cyberattack on Synnovis affecting London hospitals, and a data breach disclosed by the BBC. The full reports are available to CYMON users. Request access here.