Accidental Insider Leaks Prove Major Source of Risk

Accidental Insider Leaks Prove Major Source of Risk Research reports highlight growing concerns around insider negligence that leads to data breaches. While malicious insiders often make headlines, most enterprise data leaks are accidental — caused by end users who fail to follow corporate security policy or try to work around it. The "2020 Cost of … Continue reading Accidental Insider Leaks Prove Major Source of Risk

Announcing SecureX Academy

SecureX has changed the way our customers do the work of securing their environments. We have been able to bring together the Cisco Secure portfolio, 3rd party tools and data sources, and a robust platform architecture into which these technologies can be plugged, in a way that saves organizations time and money and increases their … Continue reading Announcing SecureX Academy

Expert found multiple flaws in Cisco Small Business 220 series

A researcher discovered multiple vulnerabilities in smart switches of Cisco’s Small Business 220 series, including some issues rated as high severity. Security researcher Jasper Lievisse Adriaanse has discovered multiple vulnerabilities Cisco’s Small Business 220 series smart switches. The vulnerabilities impact devices running firmware versions prior 1.2.0.6 and which have the web-based management interface enabled. The … Continue reading Expert found multiple flaws in Cisco Small Business 220 series

US supermarket chain Wegmans notifies customers of data breach

Wegmans Food Markets notified customers that some of their information was exposed after the company became aware that two of its databases were publicly accessible on the Internet because of a configuration issue. Wegmans is a 106-store major regional supermarket chain with stores in the mid-Atlantic and Northeastern regions (i.e., New York, Pennsylvania, New Jersey, … Continue reading US supermarket chain Wegmans notifies customers of data breach

Manage the Cloud Permissions Gap to Achieve Zero Trust

The Cloud Permissions Gap exposes organizations to highly exploitable risk combined with the inability to implement and manage Zero Trust policies. By Raj Mallempati, CloudKnox Security COO In 2020, when organizations were prioritizing digital transformation so they could pivot to remote work on an unprecedented scale, Gartner added a new category to its 2020 Hype … Continue reading Manage the Cloud Permissions Gap to Achieve Zero Trust

First American Financial Pays Farcical $500K Fine

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [NYSE:FAF] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the … Continue reading First American Financial Pays Farcical $500K Fine

Fake DarkSide gang targets energy, food industry in extortion emails

Threat actors impersonate the now-defunct DarkSide Ransomware operation in fake extortion emails sent to companies in the energy and food sectors. The Darkside ransomware operation launched in August 2020, targeting corporate networks and demanding millions of dollars for a decryptor and a promise not to release stolen data. After hitting Colonial Pipeline, the largest fuel … Continue reading Fake DarkSide gang targets energy, food industry in extortion emails

Insider Versus Outsider: Navigating Top Data Loss Threats

It’s no surprise that cloud adoption has increased considerably in the last year, as organizations sought to adapt to the rapid transition to remote work amid the pandemic. However, what’s shocking is that despite the many advantages cloud and software-as-a-service (SaaS) applications provide organizations, they frequently fall short when it comes to averting data loss. … Continue reading Insider Versus Outsider: Navigating Top Data Loss Threats

Attackers Find New Way to Exploit Google Docs for Phishing

Attackers Find New Way to Exploit Google Docs for Phishing Tactic continues recent trend by attackers to use trusted cloud services to send and host malicious content. Researchers spotted what they describe as a new method that attackers appear to be using to lure victims to malicious phishing websites via Google Docs. The attack chain … Continue reading Attackers Find New Way to Exploit Google Docs for Phishing

Poland blames Russia for breach, theft of Polish officials emails

Poland's deputy prime minister Jarosław Kaczyński says last week's breach of multiple Polish officials' private email accounts was carried out from servers within the Russian Federation. "After reading the information provided to me by the Internal Security Agency and the Military Counterintelligence Service, I inform you that the most important Polish officials, ministers, and deputies … Continue reading Poland blames Russia for breach, theft of Polish officials emails