McDonald's Corp. said hackers exposed U.S. business information and some customer data in South Korea and Taiwan. 

Fancy Lazarus, a well-known distributed denial of service (DDoS) extortionist, has resurfaced with a new campaign focused on organizations with unprotected assets across all sizes of companies in all industries, according to Radware.

ForgeRock announced findings from its 2021 Identity Breach Report, revealing an unprecedented 450% surge in breaches containing usernames and passwords globally.

The Colorado Privacy Act (CPA) passed yesterday in the state's senate and will go into effect in July 2023 – creating an additional  regulation that organizations must comply with or face hefty fines and eroding consumer trust. 

The past year’s COVID-19 pandemic marked an unparalleled turning point that has completely changed the world as we know it. When businesses and organizations from many industries rushed to establish business continuity from home, hackers took full advantage of the remote work conditions that provided easy targets in unsecure environments. Although people are returning to the office and getting “back to normal,” the idea of evaluating the organization’s cybersecurity posture is becoming more prevalent.

Devo Technology announced the results of a report assessing the current state and pace of change with regards to enterprise cloud transformation initiatives and the ramifications on teams running a Security Operations Center (SOC).

Among highly regulated, global organizations, Panaseer has determined that the top ten most frequently used security metrics are (in order of popularity): 

Nearly half (48%) of organizations do not have a user verification policy in place for password reset calls to IT service desks, according to a new Specops Software survey, which highlights social engineering vulnerabilities among IT service help desks.

In the spirit of building a solid foundation, Zero Trust security has once again come into the forefront. Whie the concept of Zero Trust is not new, the reality is that not enough organizations have adopted those in IT and security, the concept of identity-centric protection isn’t anything new.