As you may have seen in the news, a hacker stole 49 million customer records from Dell. The attack wasn’t novel or sophisticated. Instead, the attacker used a business logic flaw and an API to scrape 49 million records from Dell. How did they do it? Here is the attack flow. The attacker registered for an account within the Dell ecosystem to be a reseller/partner. They weren’t going to be. But Dell didn’t perform any checks, and within 48 hours, the attacker had a valid account.

Despite growing security investments in prevention, detection and response to threats, users are still making uninformed mistakes and causing breaches. One of the basic tenets of KnowBe4 is that your users provide the organization with an opportunity to have a material (and hopefully positive) impact on a cyber attack. They are the ones clicking malicious links, opening unknown attachments, providing company credentials on impersonated websites and falling for social engineering scams of all kinds.

New data shows that despite the massive evolution of the cybercrime economy, threat actors are sticking with the basics in social engineering attacks, with a goal at stealing data. I probably could have called this purely based on all the articles I’ve written (and all the articles I’ve read that never made it here). But when it comes to protecting your organization from social engineering, stick to the basics.

Dell Data Breach: What You Need to Know? Dell Technologies recently announced a data breach affecting a company portal, which compromised certain customer information linked to purchases. The breach exposed customer names, physical addresses, and detailed order information, such as service tags, item descriptions, order dates, and warranty details. Fortunately, Dell has assured that no financial data, email addresses, phone numbers, or other highly sensitive information were accessed during the incident.

The dark web can feel like a mysterious underworld, a hidden corner of the internet where there are no rules. It’s a place where stolen data gets traded, and cybercriminals plot their next attacks. Just because it’s dark, that doesn’t mean you have to be blind to the threats lurking there. That’s where ManageEngine Log360 comes in with a powerful new integration for Constella Intelligence.

Negligent or malicious behavior by those who have legitimate access to your systems can be more devastating to your company than the efforts of outside attackers. The 2023 Cost of Insider Risk Global Report by the Ponemon Institute shows that cybersecurity incidents caused by insiders through negligence, credential theft, and malicious intent had an average cost per incident of $505,113, $679,621, and $701,500, respectively.

In April 2024, a significant breach rattled the financial sector as HSBC and Barclays, two prominent banking institutions, fell victim to a data breach. The breach occurred within the infrastructure of a direct contractor working for both banks, sending shockwaves through the industry and raising concerns about the security of sensitive financial data.

On May 8, 2024, Ascension Healthcare notified business partners of suspicious activity detected within their systems. They have launched investigations and are actively working on remediation efforts. Consequently, some systems will experience interruptions during this process, such as clinical operations. Ascension is currently working with Mandiant to investigate the compromise and whether sensitive data was affected, if at all.

As with every year, the Verizon DBIR is released, with data involving more than 10,000 breaches that have been dissected and used to create the report’s baseline. Cyberint’s Research team inspected the document to understand where the cyber security realm is heading, the important trends in data breaches and incidents, and what we need to look for moving forward in 2024.

Data breaches are a constant threat these days. One click on a malicious link could send tons of customer information flying out the window. Even with all the strategies and tools to prevent them, unauthorized people keep gaining access to sensitive data. So, maybe it’s not a matter of whether your company will ever experience a data breach but about when. The million-dollar question is: will you be ready to respond effectively against hackers when the time comes?