MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business.
| LATEST SECURITY NEWS & COMMENTARY | Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business. UnitedHealth Congressional Testimony Reveals Rampant Security Fails The breach was carried out with stolen Citrix credentials for an account that lacked multifactor authentication. Attackers went undetected for days, and Change Healthcare's backup strategy failed. Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft Weaponizing Microsoft's own services for command-and-control is simple and costless, and it helps attackers better avoid detection. R Programming Bug Exposes Orgs to Vast Supply Chain Risk The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files. Attackers Planted Millions of Imageless Repositories on Docker Hub The purported metadata for each these containers had embedded links to malicious files. Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity Pros Malaysia, Singapore, and Ghana are among the first countries to pass laws that require cybersecurity firms — and in some cases, individual consultants — to obtain licenses to do business, but concerns remain. Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software Attackers will likely use software bills-of-material (SBOMs) for searching for software potentially vulnerable to specific software flaws. CISO Corner: Evil SBOMs; Zero-Trust Pioneer Slams Cloud Security; MITRE's Ivanti Issue Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: security license mandates; a move to four-day remediation requirements; lessons on OWASP for LLMs. 'Muddling Meerkat' Poses Nation-State DNS Mystery Likely China-linked adversary has blanketed the Internet with DNS mail requests over the past five years via open resolvers, furthering Great Firewall of China ambitions. But the exact nature of its activity is unclear. Cisco Zero-Days Anchor 'ArcaneDoor' Cyber-Espionage Campaign Attacks by a previously unknown threat actor leveraged two bugs in firewall devices to install custom backdoors on several government networks globally. The 6 Data Security Sessions You Shouldn't Miss at RSAC 2024 Themed "The Art of Possible," this year's conference celebrates new challenges and opportunities in the age of AI. The Cybersecurity Checklist That Could Save Your M&A Deal With mergers and acquisitions making a comeback, organizations need to be sure they safeguard their digital assets before, during, and after. MORE NEWS / MORE COMMENTARY | | | PRODUCTS & RELEASES | ESET PROTECT Portfolio Now Includes New MDR Tiers and Features New Research Suggests Africa Is Being Used As a 'Testing Ground' for Nation State Cyber Warfare MITRE's Cyber Resiliency Engineering Framework Aligns With DoD Cyber Maturity Model Cert MORE PRODUCTS & RELEASES |
|
Dark Reading Weekly -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | We take your privacy very seriously. Please review our Privacy Statement. |
|
|