Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Get your complimentary copy of Forrester's 'The State of Application Security, 2023'.

Milliman Solutions is a risk-assessment company that works with life insurance providers to explain to them the total risks involved with investing in any one individual. The company is headquartered in Seattle, Washington, and manages a huge amount of information for consumers on a daily basis. The organization employs over 3,000 individuals located in more than 59 separate offices.

Clickjacking, also known as a clickjacking attack or a clickjack, is a cyberattack in which hidden links trick users into completing an unintended action which results in the exposure of sensitive information and hacking. Keep reading to understand more about clickjacking and how it works.

Kroll has identified two different file exfiltration methodologies leveraged by threat actors, primarily CLOP, during recent engagements involving the exploitation of the MOVEit vulnerability (CVE-2023-34362) throughout May and June 2023. In the vast majority of Kroll’s global MOVEit investigations, the primary data exfiltration method consisted of utilizing the dropped web shell to inject a session or create a malicious account (named Method 1 for this piece).

On July 24, a group of researchers at Midnight Blue announced TETRA:BURST, a set of five new vulnerabilities affecting the TETRA standard for radio communication.

According to the latest cybersecurity report of CNIL, the French data protection supervisor, France has seen a record of personal data breaches in 2021 — a near 80% increase from 2020. The CNIL carried out strict regulatory measures on French businesses and organizations in 2021, sending 135 formal notices that resulted in €214 million in fines and 18 sanctions. Nine sanctions were for inefficient data security.

Vulnerability disclosure programs (VDPs) are structured frameworks or processes for organizations to document, submit, and report security vulnerabilities to all other relevant organizations. Being ready and able to address vulnerabilities before they become problems is an essential part of any cybersecurity strategy. While VDPs are not currently required by law, the U.S. government encourages vulnerability disclosure programs as a proactive approach to cybersecurity.

The US Federal Bureau of Investigation (FBI) has warned of an increase in tech support scams that attempt to trick users into sending cash via snail mail.

Recently, a team of experts from JumpSEC Labs discovered a vulnerability in Microsoft Teams that allows malicious actors to bypass policy controls and introduce malware through external communication channels. Leaving end-users susceptible to phishing attacks. Microsoft’s advice is to educate end-users to detect phishing attempts. One workaround would be to disable Microsoft Teams collaboration with external organizations.

SecurityScorecard recently joined the World Economic Forum’s Centre for Cybersecurity and UC Berkeley’s Center for Long-Term Cybersecurity (CLTC) for a private, invite-only workshop in Washington, DC alongside global leaders, CEOs, and CISOs to identify trends and insights that will most likely impact cybersecurity in the next decade of 2030 via future-focused scenarios with emerging cybersecurity challenges.