In recent years, cyber attacks have been on the rise around the globe. In 2022, the median initial ransom amount rose to $500,000 as more public sectors fell victim to malicious attacks. In Australia, climbing cyber attacks have damaged the country’s vital infrastructure, with lasting and costly consequences. Major industries in Australia — including manufacturing, finance, foreign communications, and the healthcare sector — have been targets of cyber attacks.

Network vulnerabilities can leave an organization’s entire IT environment compromised. Sensitive data can be lost or (even worse) stolen by cybercriminals. A data breach can severely harm your company’s reputation and bring substantial financial losses. Worse, these vulnerabilities are constantly evolving. Hackers have proven methods to infiltrate a seemingly secure network, and they employ various tricks, devices, and information to get the job done.

On June 15, 2023, the residents of Spring Valley, IL woke up to the sobering news that St. Margareth’s Health hospital, one of only a few hospitals in the region, would be closing. The cause of the closure? A devastating cyberattack. After falling prey to cybercriminals, the hospital’s personnel were unable to submit claims to insurers, Medicare or Medicaid for months, which ultimately spelled its financial doom. The St. Margareth’s incident is not an outlier.

Modern enterprises are fraught with dangers and vulnerabilities that were rare even a decade ago. Cyber threats are becoming more frequent and sophisticated, and even the most secure organizations are falling victim to their attacks. In this landscape, a proactive security stance is crucial. That is where the 3Rs of enterprise security — Rotate, Repave, and Repair — offer your organization a critical advantage.

The National Student Clearinghouse is a verification tool used by educational establishments around the country to verify students are who they say they are. More than 3,600 colleges rely on the services of the organization founded in 1993. A huge number of students rely on the organization to process their information, and some of that data was taken in a recent breach.

Microsoft have renamed its cloud-based identity provider from Azure Active Directory to Microsoft Entra ID. Alongside this announcement, Microsoft also introduced Entra Internet Access and Entra Private Access services, which are currently available for public preview. The purpose of this rebranding effort by the tech giant is to streamline the product names and create a cohesive product family.

In today’s digital landscape, the need for real-time communication has never been greater. For engineers in IT teams and service desk analysts, the ability to exchange information swiftly and effortlessly can make all the difference in resolving critical issues, brainstorming solutions, and fostering a productive work environment.

Ransomware impersonates Sophos, FIN8 group uses modified backdoor to deliver BlackCat ransomware, and Chinese espionage actors continue to evolve.

While perhaps new to AI researchers, supply chain attacks are nothing new to the world of cybersecurity. For those in the know, it has been best practice to verify the source and authenticity of downloads, package repositories, and containers. But human nature usually wins. As developers, our desire to move quickly to improve ease of use for users and customers can cause us to delay efforts to validate the software supply chain until we are forced to by our peers in compliance or security organizations.

IBM Security has released its annual Cost of a Data Breach Report, revealing that the global average cost of a data breach reached $4.45 million in 2023. This marks a significant increase of 15% over the past 3 years, making it the highest recorded cost in the history of the report. Notably, detection and escalation costs have seen a substantial rise of 42% during the same period, indicating a shift towards more complex breach investigations.

When working with security teams and application security analysts, the new world of low-code/no-code development presents new questions that invariably begin with ‘where do we start?’ With so many new applications, automations, and more that are introduced to the corporate environment, it can seem like an endless pit of concerns about data flows, user permissions and potential security risks introducing my organization that need to be analyzed and brought under management.