Top attack techniques for breaching enterprise and cloud environments

In this video for Help Net Security, Zur Ulianitzky, Head of Research at XM Cyber, talks about the top attack techniques used by threat actors to compromise critical assets in enterprise and cloud environments. Based on a research of attack techniques … Continue reading Top attack techniques for breaching enterprise and cloud environments

The perils of SaaS misconfigurations

The Cloud Security Alliance (CSA) released the findings of an Adaptive Shield survey, offering insight into the industry’s knowledge, attitudes, and opinions regarding SaaS security and related misconfigurations. “Many recent breaches and data leaks ha… Continue reading The perils of SaaS misconfigurations

How to achieve better cybersecurity assurances and improve cyber hygiene

How can your business reduce the risk of a successful cyber attack and create a defendable network? It’s best to start with the three don’ts: Don’t believe that network engineers are immune to misconfiguring devices (including firewalls, switches… Continue reading How to achieve better cybersecurity assurances and improve cyber hygiene

Expanding threat landscape: Cybercriminals attacking from all sides

A research from Trend Micro warns of spiraling risk to digital infrastructure and remote workers as threat actors increase their rate of attack on organizations and individuals. “Attackers are always working to increase their victim count and pro… Continue reading Expanding threat landscape: Cybercriminals attacking from all sides

Exposed records exceeded 40 billion in 2021

According to a research by Tenable, at least 40,417,167,937 records were exposed worldwide in 2021, calculated by the analysis of 1,825 breach data incidents publicly disclosed between November 2020 and October 2021. This is a considerable increase on … Continue reading Exposed records exceeded 40 billion in 2021

How likely are mid-market organizations to experience a breach by the end of 2021?

Coro released an extensive cybersecurity research report revealing a true market failure: a severe lack of preparedness of the mid-market sector, which is comprised of companies with between 100 and 1,500 employees, to defend against an expanding array… Continue reading How likely are mid-market organizations to experience a breach by the end of 2021?

Lack of API visibility undermines basic principle of security

One of the oldest principles of security is that you cannot secure what you cannot see. Visibility has always been the starting place for monitoring and protecting attack surface and valuable resources. Various technical challenges have come to bear ov… Continue reading Lack of API visibility undermines basic principle of security

Hackers fire off hoax email messages from FBI account after exploiting misconfigured server

Hackers sent a barrage of fake emails over the weekend using an FBI email account, the agency acknowledged, to falsely warn recipients that an attacker stole their information. The nonprofit spam-tracking service Spamhaus Project estimated that the hoax email campaign comprised as many as 100,000 messages. The FBI said that the hackers temporarily broke in via a software misconfiguration for its Law Enforcement Enterprise Portal that the bureau uses to communicate with state and local law enforcement agencies. “While the illegitimate email originated from an FBI operated server, that server was dedicated to pushing notifications for LEEP and was not part of the FBI’s corporate email service,” the FBI said in a Sunday update. “No actor was able to access or compromise any data or PII on the FBI’s network.” The email campaign sought to smear Vinny Troia, a cybersecurity author and CEO of Night Lion Security, as the party […]

The post Hackers fire off hoax email messages from FBI account after exploiting misconfigured server appeared first on CyberScoop.

Continue reading Hackers fire off hoax email messages from FBI account after exploiting misconfigured server

Storage systems vulnerabilities: Act now to avoid disasters

Continuity issued a research report which provided an analysis of the vulnerabilities and misconfigurations of enterprise storage systems. The findings revealed that storage systems have a significantly weaker security posture than the other two layers… Continue reading Storage systems vulnerabilities: Act now to avoid disasters

Microsoft Power Apps data exposure: Prioritizing sensitive data with secure configuration settings

Security misconfigurations are one of the most common gaps hackers look to exploit. One bad configuration setting in a popular cloud platform can have far-reaching consequences, allowing threat actors to access an abundance of valuable, personal inform… Continue reading Microsoft Power Apps data exposure: Prioritizing sensitive data with secure configuration settings