Data Breaches

ITRC's 2023 Data Breach Report Is a Mixed Bag

Apr 15, 2024 By Josh Breaker-Rolfe In Tripwire

In the first quarter of every year, organizations around the world release reports summing up data breach trends from the previous twelve months. And every year, these reports say broadly the same thing: data breach numbers have gone up again. This year is no different. Or is it?

Read Post

Tripwire

Read more about ITRC's 2023 Data Breach Report Is a Mixed Bag

Early Lessons from the Sisense Breach

Apr 15, 2024 By Thomas Segura In GitGuardian

Business intelligence company Sisense has seen secrets compromised in its GitLab repositories, leading to a siphoning of its customers' sensitive data.

Read Post

GitGuardian

Read more about Early Lessons from the Sisense Breach

Unveiling the KryptonZambie Leak of PureB2B.co.uk Database

Apr 12, 2024 By Foresiet In Foresiet

In the ever-evolving landscape of cybersecurity threats, staying ahead of potential risks is paramount. Today, we delve into a recent breach uncovered by the Foresiet Threat Intelligence Team. Our focus centers on the infiltration of PureB2B.co.uk's database by the threat actor known as KryptonZambie, shedding light on the implications and strategies for mitigation.

Read Post

Foresiet

Read more about Unveiling the KryptonZambie Leak of PureB2B.co.uk Database

Beyond Sisense: Navigating the Rising Tide of Supply Chain Attacks

Apr 12, 2024 By Dan Schiappa In Arctic Wolf

Threat actors looking to maximize the amount of money they can make and chaos they can cause have once again chosen the supply chain as their target of attack. On Thursday, April 11, the Cybersecurity & Infrastructure Agency (CISA) warned customers of Sisense, a company that provides data analytics services to thousands of international companies, that they should reset their credentials for Sisense services and look out for suspicious activity involving their services.

Read Post

Arctic Wolf

Read more about Beyond Sisense: Navigating the Rising Tide of Supply Chain Attacks

Sisense Customer Data Compromise

Apr 11, 2024 By Andres Ramos In Arctic Wolf

On April 11, 2024, CISA issued an cybersecurity advisory disclosing a compromise of customer data from Sisense. The previous day, cybersecurity journalist Brian Krebs had published an email sent to Sisense customers by the company’s CISO. The specific details of the compromise have not been made public at this time. Furthermore, Arctic Wolf has not observed any malicious activities conducted by threat actors using compromised credentials from Sisense.

Read Post

Arctic Wolf

Read more about Sisense Customer Data Compromise

The Future of Cybersecurity: Leveraging Breach and Attack Simulation for Proactive Defense

Apr 10, 2024 By SecuritySenses In SecuritySenses

The digital landscape is no longer a frontier; it's a full-fledged battlefield. As organizations become increasingly reliant on interconnected technologies, their attack surface expands exponentially. Firewalls and antivirus software, the traditional defense lines, are akin to medieval fortifications in the face of modern artillery. To survive in this ever-evolving warzone, organizations need a proactive approach, a way to anticipate and counter threats before they inflict damage. Enter Breach and Attack Simulation (BAS), a transformative tool poised to revolutionize the future of cybersecurity.

Read Post

SecuritySenses

Read more about The Future of Cybersecurity: Leveraging Breach and Attack Simulation for Proactive Defense

Personal vs Sensitive Personal Information (SPI): What's the Difference

Apr 10, 2024 By Steven In IDStrong

What is there to know about a person? Certainly, their name, but how about their affiliations, philosophical beliefs, or sexual orientation? The nuanced information about a person—including those elements listed above and more—falls into a data category called “personal information” or “personally identifying information” (PII).

Read Post

IDStrong

Read more about Personal vs Sensitive Personal Information (SPI): What's the Difference

What Is An On-Path Attack and How Does It Work?

Apr 5, 2024 By Steven In IDStrong

Suppose someone left their home, got in their car, and drove to the grocery store. Much like data packets that travel over Internet highways, the car will use various pathways to reach its destination; however, once the car gets to the store, a question remains: what happened between the generating point and the destination? If nothing happened, the driver (our data) traveled safely and without incident.

Read Post

IDStrong

Read more about What Is An On-Path Attack and How Does It Work?

What is Bait and Switch Scams: How it Works and How to Avoid It

Apr 5, 2024 By Steven In IDStrong

Ever follow an ad featuring limited-time products to a company’s web page only to find they’re selling something else entirely? Or have you added a product to a cart only to discover a laundry list of issues, from poor quality to endless fees? Bait and switch (also called “bait-and-switch” or “B&S”) is a classification of fraudulent activities that most recognize as false advertising.

Read Post

IDStrong

Read more about What is Bait and Switch Scams: How it Works and How to Avoid It

Uncovering identity threats: Lessons learned from a real-life data breach

Apr 4, 2024 By ADManager Plus In ManageEngine

Every IT admin, regardless of the company size or employee count, shares a common fear: data breaches. The horror of discovering their organization’s data exposed on the dark web, accessible to anyone, is definitely a nightmare. So, IT admins are on the constant lookout for leading solutions that protect access to organization data and manage employee identities effectively. But where does the real challenge lie? In managing the employee identities, or their access to data?

Read Post