Inon Shkedy, Head of Security Research for Traceable, who also serves as the API Security Project Lead at OWASP and has co-authored the OWASP API Top 10, talks to Security about API security risks.
ForgeRock announced findings from its 2021 Identity Breach Report, revealing an unprecedented 450% surge in breaches containing usernames and passwords globally.
In a breach notification letter filed with New Hampshire's Office of the Attorney General, Bose said that in early March 2021, the company "experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across" its "environment."
Rapid7 has disclosed that the attackers behind the Codecov breach had accessed some of the company's source code using a previously compromised Bash Uploader script from Codecov.
More than 60 experts from industry, government, law enforcement, civil society and international organizations have worked together to develop a comprehensive framework, breaking down siloed approaches and advocated for a unified, aggressive, comprehensive, public-private anti-ransomware campaign.
The 81-page report, "A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force," includes 48 recommendations that together form a comprehensive framework to address ransomware. The report was delivered to the Biden administration this week. Among those, these priority recommendations are the most foundational and urgent, and many of the other recommendations were developed to facilitate or strengthen these core actions.
Click Studios has advised customers to stay vigilant and ensure the validity of any email sent to them, as a bad actor has commenced a phishing attack with a "small number of customers having received emails requesting urgent action."
Supply Chain Risk is more pertinent now that digital transformation initiatives are the norm. In a recent Ponemon study, 82% of respondents believe their organization experienced at least one data breach due to digital transformation. At the same time, 55% said with certainty that at least one of the three breaches was caused by a third party. Reporting on SCRM and gaining visibility into the cyber risk across third parties is critical to the security of both small and large organizations, especially in the digital age we live in.
Comparitech researchers set up honeypots on the web to lure in attackers and record their actions. They recorded 73,000 attacks in 24 hours. The honeypots were left unsecured so that no authentication was required to access and attack it. Using this method, Comparitech researchers sought to find out which types of attacks would occur, at what frequency, and where they come from.
