The scary fact is that human error is a contributing factor in more than 90% of breaches, and even the world’s most successful organizations have significant weaknesses in their cybersecurity defenses. With so many technical controls in place hackers are still getting through to your end users, making them your last...
Hackers have used a modular toolkit called "AlienFox" to compromise email and web hosting services at 18 companies. Distributed mainly by Telegram, the toolkit scripts are readily available in open sources such as GitHub, leading to constant adaptation and variation in the wild.
Recent high-profile breaches resulting from API attacks are "just the tip of the iceberg," said Gartner analyst Dionisio Zumerle. "What we have is a new way of exchanging information which is increasingly popular, and almost no organization has the recipe to secure that new way of communicating."
APIs are pivotal to digital business yet are inherently more difficult to secure as compared to legacy architectures with more predictable use cases, such as custom three-tier web stacks in the data center. APIs facilitate a decentralized and distributed architecture with endless opportunities for third-party...
In the 21-month stretch from October 2020 to June 2022, a whopping 48 cybersecurity startups received 10-figure valuations as investors evaluated prospects on potential rather than performance. Now that the financial boom has gone bust, what happens to these unicorns from a different economic era?
In the latest weekly update, John Kindervag, creator of zero trust and senior vice president of cybersecurity strategy at ON2IT, joins ISMG editors to discuss the top zero trust storylines of the year, the impact of ChatGPT on the cybersecurity industry and how to tackle MFA bypass attacks.
The adoption of new technologies, multi-cloud architectures and multiple data storage sites has resulted in data residing in more places than ever before. That's why enterprises need a single pane of glass to know who's touching their data and why, says Imperva CEO Pam Murphy.
Threats from API and application vulnerabilities increased in 2022, but ransomware, human error and hygiene continue to pose the greatest threats to organizations, according to findings from CyberTheory's 2022 Performance Study. CyberTheory's Steve King shares how education can make a difference.
Banking Trojans, ransomware, fake finance apps programmed to steal data - the cybercriminal cartels have become more punitive in 2023, escalating destructive attacks on financial institutions. This is just one key finding of the annual Cyber Bank Heists report by Contrast Security's Tom Kellermann.
Cybercriminals found a way to circumvent OpenAI's prohibition on using its natural language artificial intelligence model for malicious purposes, say researchers who already spotted low-level hackers using the firm's ChatGPT chatbot for a machine-learning assist in creating malicious scripts.
APIs represent the best and worst of times - "massive amounts of business value, but massive amounts of unmitigated risk," says Richard Bird, CSO, Traceable AI. In the past year, misconfigured or error-prone APIs resulted in high-profile breaches at Twitter and T-Mobile. He sees more on the horizon.
U.S. federal authorities are establishing a new office to tackle supply chain security issues and help industry partners put federal guidance and policies into practice. Former GSA administrator Shon Lyublanovits says she is spearheading the launch of the new organization.
T-Mobile disclosed Thursday that hackers had access for approximately six weeks to an application programming interface that exposed customer data including names, birthdates and email addresses. No payment information or passwords were part of the breach, the company said.
The growth in cyberattacks and data breaches has impacted both government agencies and enterprises across the globe — forcing the regulatory landscape to change. Compliance has become a top issue for organizations, yet most are not adequately addressing the need of API security. APIs are gaining traction both for...
Researchers have found that Kinsing malware gained access to Kubernetes servers by exploiting misconfigured and exposed PostgreSQL servers. The threat actors gained access by exploiting weakly configured PostgreSQL containers and vulnerable container images.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.