It’s DBIR season! Put down your pens, stop watching “The Last Dance” and get to reading the key findings of the 13th edition of the annual Verizon Data Breach Investigations Report!

British low-cost airline group easyJet revealed that an hacking incident had exposed approximately nine million customers’ information.

In this final article of our trilogy, we investigate how a cyber threat intelligence (CTI) analyst and associated programmes provide insight about physical and cyber threats to your organisation. The value of these insights is reflected in the wins, which come as a result of context building, holistic understanding, and enhanced awareness in order to outmanoeuvre malicious actor(s).

The digital threat landscape is always changing. This year is an excellent (albeit extreme) example. With the help of Dimensional Research, Tripwire found out that 58% of IT security professionals were more concerned about the security of their employees’ home networks than they were before the outbreak of coronavirus 2019 (COVID-19).

Government officials said that a glitch in the State of Illinois’ Pandemic Unemployment Assistance (PUA) program exposed thousands of people’s Social Security Numbers (SSNs) and other private data. Jordan Abudayyeh, a spokesperson for Illinois Governor J. B. Pritzer, sent a statement to WBEZ on May 16. In it, she revealed that the Illinois Department of Employment Security (IDES) had learned of a security incident involving its PUA program. As quoted by WBEZ.

I usually spend my mornings doing some reading and enjoying my coffee. On this one particular morning, I noticed that I had received an email from a gaming company I had created an account with around 10 years ago for my kids. They had sent me a code to confirm a login that was being done from Thailand. I had forgotten that I had even created the account. The account used a set of my credentials that had been compromised many years ago in one of the many data breaches that occur on a continuous basis.

In this final part of the series, I discuss why everyone should consider reviewing their OPSEC (Operations Security), not just those with something to hide. If you haven’t read the previous articles then please check them out first (Part I & Part II), as they provide key background information about the techniques discussed in this post.

Newly-discovered zero-day vulnerabilities may generate the biggest headlines in the security press, but that doesn’t mean that they’re necessarily the thing that will get your company hacked. This week, US-CERT has published its list of what it describes as the “Top 10 Routinely Exploited Vulnerabilities” for the last three years.