Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

knowbe4

8 out of 10 Organizations Experience a Cyber Attack and Attribute Users as the Problem

May 17, 2024 By Stu Sjouwerman In KnowBe4
Regardless of whether your environment is on-premises, in the cloud or hybrid, new data makes it clear that users are the top cybersecurity concern, and we cover what you can do about it. According to Netwrix’s 2024 Hybrid Security Trends Report, 79% of organizations experience one or more security incidents in the last 12 months. This is a 16% increase from the previous year, demonstrating that attacks are not subsiding one bit and that they are increasingly successful.
Read Post

How to Protect Your Cloud Assets from Being Cryptojacked

May 17, 2024 By Panoptica In Panoptica
Cryptojacking attacks have become the most prevalent type of attack on cloud native infrastructures. For example, in 2022, there were 139M cryptojacking attacks, but the following year there were over 1 billion! That translates to nearly 3M cryptojacking attacks every day, on average in 2023.
View Video
bitsight

Analyzing Utilities Sector Cybersecurity Performance

May 16, 2024 By Alex Campanelli In BitSight
With economic sanctions being levied by the US against Iran and a trade war heating up with China, some security experts are cautioning that attacks targeting US critical infrastructure may be inevitable. Are electric utilities prepared to defend themselves and their facilities against these attacks?
Read Post
cyberark

The Growing Threat of Identity-Related Cyberattacks: Insights Into the Threat Landscape

May 16, 2024 By Brandon Traffanstedt In CyberArk
The last 12 months have witnessed a rapid-fire round of innovation and adoption of new technologies. Powerful new identities, environments and attack methods are shaping the quickly changing cybersecurity threat landscape, rendering it more complex and causing the diffusion of risk reduction focus. New CyberArk research indicates that the rise of machine identities and the increasing reliance on third- and fourth-party providers are deepening the existing threats and creating novel vulnerabilities.
Read Post

User Training vs. Security Controls: Who's to Blame for Phishing Attacks?

May 16, 2024 By Razorthorn In Razorthorn
In this thought-provoking clip, the hosts debate whether security awareness training is enough to prevent users from falling for phishing scams or if stronger controls are necessary. Drawing on insights from a recent NCSC blog, they explore the ethical dilemma of assigning blame when users, despite training, click on malicious email attachments. Should the onus be on the end user, or is it a failure of security controls? Tune in to understand the complexities of balancing trust and control in cybersecurity.
View Video
bitsight

How Cybersecurity Financial Quantification Helps CISOs Make Their Case to the Board

May 15, 2024 By Joe Lyons In BitSight
More enterprise business leaders are beginning to understand that cybersecurity risk equates to business risk—and getting a clearer sense of the impact that cyber exposures can have on the bottom line. Consider the MGM Resorts and Clorox Company cybersecurity incidents that occurred last year. Both suffered considerable attacks, reportedly led by the Scattered Spider cybercriminal group, causing widespread business disruption and substantial financial losses.
Read Post
knowbe4

Attackers Leveraging XSS To Make Phishing Emails Increasingly Evasive

May 14, 2024 By Stu Sjouwerman In KnowBe4
Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links in phishing emails that will redirect users to malicious sites. Vipre also found that attackers are increasingly using links instead of malicious attachments in their phishing emails. “Three years ago, it was a 50/50 split between phishing emails utilizing links versus attachments,” the researchers write.
Read Post
knowbe4

"Unknown" Initial Attack Vectors Continue to Grow and Plague Ransomware Attacks

May 14, 2024 By Stu Sjouwerman In KnowBe4
Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of "unknown" initial attack vectors, and I think I might understand why. There are two reports that you should be keeping an eye on—the updated Verizon Data Breach Report and ransomware response vendor Coveware’s Quarterly Ransomware Reports. In their latest report covering Q1 of this year, we see a continuing upward trend in “unknown” as the top initial attack vector.
Read Post
Trustwave

Trustwave SpiderLabs Unveils the 2024 Public Sector Threat Landscape Report

May 14, 2024 By Trustwave In Trustwave
Trustwave SpiderLabs’ latest report, the 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies details the security issues facing public sector security teams as they try to strike a balance between supplying needed services and deploying the cybersecurity necessary to protect data placed in their charge. The need for the highest level of security has never been greater.
Read Post
indusface

11 Best Practices for Preventing Credential Stuffing Attacks

May 14, 2024 By Vinugayathri Chinnasamy In Indusface
Data breaches and their immediate impact on the organization are widely publicized. But what happens after the breach, especially with the breached credentials such as usernames and passwords? The breached credentials are often sold in the black market or leveraged by the attacker to attack the same or other organizations. This leads to credential stuffing attacks, where the stolen credentials are reused on different websites.
Read Post
Subscribe to Cyberattacks

Copyright © 2024 OpsMatters™. All rights reserved.