A survey by Egress has found that 94% of organizations were hit by phishing attacks in 2023, Infosecurity Magazine reports. Additionally, 91% of firms experienced data loss and exfiltration. The three most common causes of data loss were reckless behavior, human error and malicious exfiltration.
Rather than stick to traditional ransomware extortion methods that revolve around the attack itself, a new form of extortion known as Swatting puts the focus on the victim organization’s customers. A somewhat unexpected mode of extortion appears to be popping up in attacks targeting medical institutions. According to Dark Reading, cybercriminals are making repeat prank calls to police about individuals that are patients impacted by a data breach of a medical facility they are a customer of.
A new analysis of data breaches in the United Kingdom's legal sector shows that organizations need to be looking inward more and look for ways to elevate the security awareness of employees. There’s so much focus on external cybercriminal activity, we often forget about the actions of internal employees that often facilitate a data breach.
Some particularly cold-hearted scammers are targeting users of lost pet forums with phony ransom demands, the BBC reports. “A BBC North West investigation found scammers have targeted scores of dog and cat lovers with threatening calls,” the BBC says. “They prey on owners by claiming to have their lost pets before demanding cash.
The number of tools organizations use is growing everyday. According to Zylo 2023 SaaS Management Index Report, the average organization has 291 SaaS applications in their tech stack — a number which only increases as your organization grows. The more tools that are added to your tech stack, the more third-party risk your business incurs. These risks could result in threats like data theft, service outages, or loss of revenue and customer trust.
If, as the saying goes, two’s company and three’s a crowd, then, as of today, consider our Disaster Recovery trophy case standing room only. The unfortunate reality of today’s cybersecurity landscape is this: It’s not a matter of when, but if, your organization’s defenses will be tested. Success in these tense moments, when your adrenaline is pumping and time and attention are at a premium, requires more than just the right technology.
On January 11th, 2024, a significant security vulnerability was disclosed in Jinja2, a widely used Python templating library. Identified as CVE-2024-22195, this cross-site scripting (XSS) vulnerability has raised concerns due to its impact on numerous projects. Jinja2 boasts over 33 million weekly downloads, nearly 10,000 GitHub stars, and over 90,000 dependent projects. The vulnerability affects all versions prior to 3.1.3, with the patched version 3.1.3 being the only safe option.
Transforming what we learned in 2023 to new learning in 2024 will be an exciting and fulfilling journey. In 2023, we saw a huge surge in the use of AI, including cyberattacks utilizing AI and machine learning. We are also seeing an increased awareness in the need for application security posture management (ASPM). Snyk has also launched its own ASPM solution — Snyk AppRisk — designed to help AppSec teams implement, manage, and scale their security programs.
Account takeover (ATO) is a form of identity theft that happens when cybercriminals get their hands on a victim's login details. Once a fraudster has unlawful access to users' email accounts, they can impersonate their victims and trick employees into sending sensitive business data or large sums of money. In our recently published Email Security Risk Report, 58% of the 500 companies surveyed had experienced account takeover.
