Pretexting incidents, a social engineering technique that manipulates victims into divulging information, have nearly doubled, representing 50% of all social engineering attacks, according to Verizon's 2023 Data Breach Investigations Report, which analyzed more than 16,312 security incidents.
Criminals are continuing to wield stolen credentials, compromise attacks, ransomware and social engineering to earn an illicit payday, according to Verizon's latest annual analysis of data breaches and how they happened, which finds that post-ransomware cleanup costs are rising.
Microsoft will pay $20 million to settle a U.S. federal investigation into whether the computing giant violated children's privacy protections during the Xbox Live registration process. The Federal Trade Commission accused the company of a slew of infractions.
Federal regulators have once again smacked a healthcare provider with a HIPAA settlement involving patient protected health information that was disclosed in response to a negative online review. Manasa Health Center will pay $30,000 and implement a corrective action plan, HHS said.
The Iowa Department of Health and Human Services has reported to federal regulators its third major health data breach involving a vendor since April. This time, Iowa HHS/Medicaid says the data of nearly 234,000 individuals was compromised in a mega hack recently reported by MCNA Insurance Co.
Microsoft says an affiliate of the Russian-speaking Clop ransomware gang is behind a rash of attacks exploiting a recently patched vulnerability in Progress Software's MOVEit application. Known victims include British payroll provider Zellis, which says eight corporate customers were affected.
Flipkart embraced a comprehensive security maturity program that incorporated defense-in-depth, automation, zero trust and secure SDLC/security-by-design principles across its four subsidiaries. Flipkart's Raakesh Thayyil discussed the importance of a cohesive strategy.
OJK, the financial regulator in Indonesia, in December 2022 introduced regulations to ensure better cyber resilience for the financial industry. Wahyu Agung Prasetyo, IT and cyber risk management head at Bank Mega, shared how his bank is preparing to meet the regulations and the challenges ahead.
Microsoft is warning investors it may receive a fine from European privacy regulators adding up to at least hundreds of millions of dollars over targeted advertising on its LinkedIn social network. European authorities have shown increased willingness to use the GDPR to limit targeted advertising.
Adversaries have taken advantage of a zero-day vulnerability in Progress Software's managed file transfer product to deploy web shells and steal data, Mandiant found. An unknown threat actor began exploiting the critical SQL injection vulnerability in MOVEit Transfer on May 27.
A Chinese espionage threat group is using a novel backdoor to bypass popular Indonesian antivirus tool Smadav. Targets include European embassies in Southeast and East Asia. Smadav treats processes with no windows as suspect. The APT gets around that by opening a window not visible to users.
A federal judge declared a mistrial in the criminal HIPAA conspiracy case against a married couple, both doctors, after the jury deadlocked on whether the two had been entrapped by the U.S. government into providing patient records to a supposed Russian operative. Prosecutors will seek a retrial.
Enterprise cybersecurity is no longer just about a siloed team of professionals securing the firm's systems and servers. Security has evolved into a key business consideration with people at its core, according to Suraj Jayaraman, Microsoft's director of cloud security architecture.
The U.S. Department of Defense says it will pay for Starlink satellite broadband access for Ukraine as it battles Russia's all-out invasion. Military experts say Starlink remains essential for supporting Ukraine's battlefield communications, including drone reconnaissance.
Flipkart Group companies achieved a uniform SOC implementation by adopting a single data ingestion point. This simplifies integration, log parsing and normalization challenges with two SaaS-based SIEM tools, minimizing device and data source modifications.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.