Data breach attacks are serious problems for companies, organizations and institutions all over the world. For example, in the US one data breach costs on average 9.4 Million USD, which is the highest worldwide. To handle—or ideally, prevent—these attacks, we need to understand first the “why” and “how” of an attack. With this objective in mind, Bitsight analyzed more than 17,000 data breach events from the last seven years affecting 23 sectors in the US.

A record 2,322 scams in Japan to steal internet banking IDs and passwords have resulted in unauthorized money transfers totaling a record of around 3 billion yen ($21 million) in the first half of this year, a report by the National Police Agency showed Tuesday. The number of cases mainly involving phishing this year has already surpassed the annual total of any previous year, with the financial loss approaching the record high of 3.07 billion yen set in 2015, according to the agency.

The SafeBreach Labs team is committed to conducting original research to uncover new threats and ensure our Hacker’s Playbook provides the most comprehensive collection of attacks. As part of our recent research efforts, we discovered a vulnerability in the Windows Defender update process that could effectively allow an unprivileged user to take full control of the Windows Defender tool and leverage it for future malicious activities.

In a world where cybersecurity threats are increasingly prevalent, the U.S. Securities and Exchange Commission (SEC) has taken a significant step towards ensuring transparency and accountability in how companies manage these risks. The SEC has adopted new rules requiring companies to disclose material cybersecurity incidents and provide annual updates on their cybersecurity risk management, strategy, and governance.

Scammers are taking advantage of Twitter’s rebranding to “X,” according to Stephanie Adlam at Gridinsoft. A phishing campaign is targeting Twitter Blue users by telling them they need to transfer their subscription to X.

The state of cybersecurity is in constant flux — meaning we must constantly iterate and revisit our systems to protect ourselves. With security logging and monitoring failures moving up to number 9 of the OWASP Top 10, organizations everywhere are revisiting their stance on network and application monitoring. This is great for getting a pulse check on security posture and is certainly key in any good strategy, but we might be forgetting something — IoT devices.