Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Data breach attacks are serious problems for companies, organizations and institutions all over the world. For example, in the US one data breach costs on average 9.4 Million USD, which is the highest worldwide. To handle—or ideally, prevent—these attacks, we need to understand first the “why” and “how” of an attack. With this objective in mind, Bitsight analyzed more than 17,000 data breach events from the last seven years affecting 23 sectors in the US.

A record 2,322 scams in Japan to steal internet banking IDs and passwords have resulted in unauthorized money transfers totaling a record of around 3 billion yen ($21 million) in the first half of this year, a report by the National Police Agency showed Tuesday. The number of cases mainly involving phishing this year has already surpassed the annual total of any previous year, with the financial loss approaching the record high of 3.07 billion yen set in 2015, according to the agency.

Scammers are taking advantage of Twitter’s rebranding to “X,” according to Stephanie Adlam at Gridinsoft. A phishing campaign is targeting Twitter Blue users by telling them they need to transfer their subscription to X.

As the retirement countdown for the current version of PCI is now less than six months, a new standard for password length, complexity, and change frequency may create some risk. Valid credentials have become a very hot item, as threat actors realize the low risk and high value of simply becoming an Initial Access Broker (rather than performing an entire cyber attack themselves).

With its wide use and trusted state among Wordpress developers and website admins, a new campaign impersonating the website security brand could put hundreds of millions of websites at risk. Today, it's estimated there are over 810 million websites that run on Wordpress. One of Wordpress’ most used plugins is Wordfence – a security platform made specifically for the website platform.

AI is fundamentally transforming how we write, test and deploy code. However, AI is not a new phenomenon, as the term was first coined in the 1950s. With the more recent release of ChatGPT, generative AI has taken a huge step forward in delivering this technology to the masses. Especially for development teams, this has enormous potential. Today, AI represents the biggest change since the adoption of cloud computing. However, using it to create code comes with its own risks.

Calico has recently introduced a powerful new policy recommendation engine that enables DevOps, SREs, and Kubernetes operators to automatically generate Calico policies to implement namespace isolation and improve the security posture of their clusters.

The Fireblocks cryptography research team has uncovered BitForge – a series of zero-day vulnerabilities in some of the most widely adopted implementations of multi-party computation (MPC) protocols, including GG-18, GG-20, and Lindell17.

This vulnerability allows an attacker to extract a full private key from a wallet implementing Lindell17 2PC protocol, by extracting a single bit in every signature attempt (256 in total). Coinbase WaaS, Zengo and other libraries have been patched.

This newfound vulnerability allows an attacker to extract a full private key from any wallet using the GG18 and GG20 protocols. More than 10 wallets and libraries have been found vulnerable, including Binance custody.