Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Oh look, wondered when this lot would end up in the news again …

Read Post

In today’s digital landscape, businesses face increasing pressure to protect personal data and ensure compliance with security and privacy mandates.

The United States, is a prime target for cyber attacks. The U.S. retail sector, which holds nearly one-third of the global market share, has seen a significant rise in ransomware incidents, accounting for 45% of global retail ransomware cases in the past three quarters—a 9% increase from 2023. New groups like Ransomhub and Hunters have emerged and supply chain threats have increased. Social engineering tactics are on the rise, with attackers impersonating IT personnel.

Small and medium-sized businesses (SMBs) face many of the same cybersecurity threats as large enterprises but often lack the resources to maintain robust security across all devices. As SMBs rely on a growing number of smartphones and tablets, they must defend against a range of mobile-focused cyberattacks. The need for comprehensive security has never been more urgent.

Black Friday may be the pinnacle of the holiday shopping season, a day when online retailers experience unprecedented traffic and revenue opportunities as consumers kick off the Christmas season. For many retailers, it’s a make-or-break event. Yet, with increased traffic comes increased risk, particularly as it relates to cybersecurity and keeping shoppers safe from fraud stemming from a cyberattack on their favorite digital store.

Anyone familiar with PowerShell knows that the output of PowerShell commands is displayed in the terminal by default. However, there may be situations where you would want to redirect or save output to a file. In short, redirecting or saving PowerShell output increases productivity, helps with debugging, provides useful logs, and facilitates automation, especially in complex workflows or when working with large datasets.

Braodo Stealer is one of the many active and evolving malware families designed to steal sensitive information, such as credentials, cookies, and system data, from compromised machines. Typically written in Python, this malware employs a variety of obfuscation techniques to conceal its true intentions, making it challenging for security solutions to identify.

Cybercriminals will often target an organization’s privileged accounts, which provide a pathway to highly valuable assets. If compromised, privileged accounts and sessions can be used for malicious activity, potentially causing cybersecurity incidents. These incidents may lead to operational disruptions, financial losses, compliance issues, and reputational damage.

Have you ever built software without encountering a single vulnerability? Unlikely. Vulnerabilities are an unavoidable fact of DevSecOps life, and the stakes are higher than before. Cybercrime expenditures are expected to exceed $9.5 trillion globally. Cyber risk quantification has become the need of the hour, not just for security teams and executives but also for developers.

DORA’s public consultation period is over. If your organisation deals with the finances of people or other entities based in the EU or provides services to a firm that does, you will want to know how its rule set has changed. We’ve read through the Digital Operational Resilience Act (DORA) documentation and kept up to speed with the latest EU FSI regulation memos. The bottom line is that DORA remains a very demanding regulation with a huge scope.