‘Data breach costs are rising’
Data breaches have increasingly high costs, according to IBM Security experts in an annual study. Organizations often pass on costs to customers.
Big Blue's 2022 Cost of a Data Breach Report states that 83 percent of respondents experienced one or more data breaches in the past year. Affected c... Read more
AWS anchors security even more firmly in cloud infrastructure
New services such as Amazon Detective for EKS and AWS GuardDuty for Malware Protection should make the AWS cloud environment much safer.
This week AWS updates the world and us on the developments in the field of cloud security and related topics. It does this at the annual re:Inforce conference.... Read more
Spot Security tries to simplify cloud security
Spot Security is generally available. The solution maps a cloud environment, recognizes misconfigurations and lists the most important vulnerabilities.
Public clouds are growing. According to a recent Forrester report, nine out of ten European companies use multiple public cloud environments. V... Read more
Snyk goes all out on cloud security with Snyk Cloud
Snyk launches Snyk Cloud. The solution automatically adjusts container and infrastructure configurations to comply with security frameworks and policies.
Snyk is no stranger to cloud security. Its current offering consists of Snyk Infrastructure as Code (IaS) and Snyk Container. Snyk IaS advises... Read more
LockBit claims ransomware attack on Italian tax authority
Ransomware group LockBit claims to hold 78GB of private information on Italian companies. According to the cybercriminals, the data was stolen in a cyberattack on the Italian tax authority.
The IT partner of the tax authority investigated the claim. On Monday 25 July, a spokesperson told Bloombe... Read more
New macOS malware uses public cloud storage as control server
Security researchers warn macOS users of a newly discovered malware variant that steals sensitive data from vulnerable Macs via an undocumented backdoor.
The malware uses public cloud storage like Yandex Disk and Dropbox as its command and control (C2) channel to steal data such as keystrokes an... Read more
JavaScript apps are vulnerable to ‘prototype pollution’
Common code constructs in JavaScript may be exploitable to achieve remote code execution
This week The Register reported on new findings by a group of researchers that found a critical command injection vulnerability in Parse Server, an open-source backend for Node.js environments.
Rated 10 o... Read more
Hackers exploit vulnerability that threatens 300,000 PrestaShop users
Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers' payment information.
The PrestaShop team issued an urgent warning last Friday, urging the admins of 300,000 shops using its... Read more
Cybercriminals use Windows calculator as malware dropper
Cybercriminals abuse the Windows 7 calculator to quietly execute malware dropper Qbot.
Security researcher ProxyLife discovered the method during an analysis of QBot, a malware dropper. Droppers open the door for ransomware attacks. Cybercriminals need a silent way to exchange data with a targe... Read more
Atlassian Confluence’s default password circulates on Twitter
The default password of Atlassian Confluence accounts circulates on Twitter. The password makes it possible to access the internal data of Confluence users.
Atlassian Confluence is a content management solution. Organizations use the software to write and share internal project information in a ... Read more