In an after-action report on how the Lapsus$ crime group hacked "dozens of well-defended companies with low-complexity attacks," the U.S. Cyber Safety Review Board urges organizations to implement more robust two-factor authentication systems, plus regulations to combat SIM swapping.
As managed detection and response services have evolved from SIEMs, organizations have seen security gaps widen. Randy Watkins of Critical Start discusses how proactive prevention is key to overcoming the weaknesses in operationalizing threat intelligence.
Rapid7 will lay off close to 1 in 5 of its employees in cuts that amount to the second-largest round of layoffs of any pure-play cybersecurity company since worries about an economic downturn began percolating in spring 2022. The vendor will reduce its 2,623-person staff by 18%.
Real-time protection against API attacks is nonnegotiable for the protection of any web application or digital service that relies on application programming interfaces. Here are some of the most common types of API attacks and strategies for protecting against them in real time.
Application journeys are fluid in practice because applications can live anywhere. Complex deployments with too many tools to configure and manage and overwhelmed IT teams lead to mistakes, so organizations should take a cybersecurity mesh platform approach to securing their application journeys.
Is the Akira ransomware story coming to an end? Security researchers say the group was competing in a competition designed by Royal to give it a new cryptolocker - but lost. Even with a free decryptor now available for Akira victims, however, it's too soon to say if the group might be doomed.
A new IBM study of data breaches found that if an organization's internal team first detects a breach and the organization has well-practiced incident response plans, that organization will be able to more quickly detect and respond, which will lead to lower breach cleanup costs.
The Russian-language Clop crime group's mass exploitation of MOVEit file-transfer software demonstrates how criminals continue to seek fresh ways to maximize their illicit profits with minimal effort. Ransomware response firm Coveware says Clop may clear over $75 million from this campaign.
Despite the significant advances technology has made over the past few years, email remains one of the best tools for cybercriminals. Training is just one piece of the puzzle. The best defense against today's cybercrime landscape is a multilayered security strategy.
While self-proclaimed Russian hacktivist groups such as KillNet, Tesla Botnet and Anonymous Russia claim they're wreaking havoc on anti-Moscow targets, a fresh analysis of their attacks finds that despite rampant self-promotion, their real-world cybersecurity impact is typically negligible.
API security platforms have become an essential part of any organization's cybersecurity strategy, but with so many options available, it can be difficult to know how to choose the right one. In this article, we'll discuss how to evaluate API security platforms and what factors to consider.
Application security testing, or AST, and API security testing are important components of a comprehensive cybersecurity strategy. We'll discuss the application and API security best practices for each type of testing, the use cases, and how they protect your business from cyberattacks.
Are unsolicited smartwatches the new USB thumb drive? The U.S. Army warns that service members are being sent free wearables preloaded with malware designed to steal data from mobile devices as well as intercept voice communications and hijack cameras.
The first step in managing risk is recognizing it as a boardroom matter, and it demands that directors be prepared to understand and discuss the cyber issue and strategically guide C-level executives on this complex topic. It requires cyber competence in the boardroom, said CISO Marco Túlio Moraes.
The BlackCat ransomware group has claimed credit for a February phishing attack against Reddit. With no ransom being paid, the extortionists are now seeking to insert themselves into the standoff between Reddit's leadership and volunteer workforce over the introduction of paid access to APIs.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.