Fintech firm Revolut has been hit by a cyberattack that resulted in personal data of tens of thousands of users being exposed.
Described as a "highly targeted" attack -- although it is not clear who was targeted or why -- the security incident took place on the night of September 11. The attack gave an unauthorized third-party access to a range of data including postal and email addresses, account information, and phone numbers.
Privacy and security are something that all browser manufacturers like to brag about in relation to their products, with Google and Microsoft being no different to others in this regard. But if you are making use of the Enhanced Spellcheck in Chrome or Microsoft Editor in Edge, some highly sensitive information can be sent to the two software giants.
LastPass reveals details of August hack that gave threat actor access to its development environment for four days
Last month, LastPass suffered a cyberattack and the company shared some details about what had happened shortly afterwards. Now, having conducted further investigations, more information has been revealed including the fact that the attacker had access to the LastPass development environment for four days.
The company concedes that it is not clear how the attacker was able to gain access but says: "the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication". LastPass has also revealed the impact of the four-day security incident in the name of providing "transparency and peace-of-mind to [its] consumer and business communities".
Three quarters of C-suite executives responding to a new survey say that compliance challenges and security challenges limit their company's ability to innovate.
The study from software delivery platform CloudBees also shows executives overwhelmingly favor a shift left approach, a strategy of moving software testing and evaluation to earlier in the development lifecycle, placing the burden of compliance on development teams.
Over three-quarters (76 percent) of respondents in a new survey have suffered an API security incident in the last 12 months, primarily caused by dormant/zombie APIs, authorization vulnerabilities, and web application firewalls.
The research from Noname Security also shows that 74 percent of cybersecurity professionals don’t have a complete API inventory or know which APIs return sensitive data.
Microsoft Teams for Windows, macOS and Linux insecurely stores authentication tokens in unprotected cleartext -- and a fix is NOT in the pipeline
Researchers from cybersecurity firm Vectra have issued a warning that Microsoft Teams stores authentication tokens in an unprotected form that could easily be abused by hackers.
The desktop apps for Windows, macOS and Linux all store authentication tokens in cleartext, and this can be used by an attacker to steal an identity and log into accounts. This is clearly worrying, but what is more concerning is Microsoft's reaction; the company says that the issue does not require "immediate servicing".
Uber suffers 'cybersecurity incident' with hackers gaining access to internal systems and vulnerability reports
Uber is working with law enforcement after it became the latest company to fall victim to a cyber attack. Hackers were able to breach its internal systems and gain access to a range of data including emails, vulnerability reports, its HackerOne bug bounty program and more.
The attackers were also able to access Uber's Slack server, going as far as posting messaging to it. At the moment, it is not clear whether customer data has been exposed in the attack which seems to have come as the result of extracting passwords from an employee via social engineering.
A new report from 1Password reveals that 43 percent of employees admit to risky online behaviors such as sharing logins, offloading tasks to others, or even abandoning certain tasks altogether to circumvent complicated login procedures.
Having to remember multiple logins heightens stress levels and strains mental health according to 41 percent of respondents. While 37 percent say that the onboarding process at their current job was time-consuming, confusing or challenging when it came to logging into work-related accounts.
The average US business faces around three successful cyberattacks each year, and while most agree that attacks are set to increase, 32 percent still lack a management platform for IT secrets, like API keys, database passwords and privileged credentials, posing a significant risk to organizational security.
A new US Cybersecurity Census Report from Keeper Security shows most organizations think they're prepared to fend off cyberattacks, with 64 percent of respondents rating their preparedness at least an eight on a 10-point scale and 28 percent rating themselves as a 10/10.
The McAfee name is one that has been somewhat tainted by the activities of John McAfee, but it is one that also remains firmly associated with security. The company has just announced a new product line called McAfee+, available in three tiers, that includes an unlimited VPN at all levels.
Currently only available to users in the US, McAfee+ has Premium, Advanced and Ultimate options, each of which have Individual and Family variants, with prices ranging from $49.99 to $219.99 per year.
We've all heard of the Great Resignation, a pandemic-driven shift in people's work preferences. But new research from Cyberhaven suggests that this has gone hand-in-hand with a huge stealing of data.
Based on anonymized details from over 1.4 million workers and spanning 360,000 data exfiltration incidents and a broad sample of companies, including 11 percent of the Fortune 100, it reveals data ranging from customer information to software source code being exfiltrated in large volumes.
According to 90 percent of IT security leaders their organizations are falling short in addressing cybersecurity risks.
Research from Foundry finds that this perception comes from a number of issues including convincing all or parts of their organization of the severity of risk (27 percent), and believing their organization isn’t investing enough resources to address risks (26 percent).
Organizations are losing thousands of hours in time and productivity dealing with a massive backlog of vulnerabilities that they have neither the time or resources to tackle effectively, according to a new report.
The State of Vulnerability Management in DevSecOps report from vulnerability management platform Rezilion and the Ponemon Institute, shows 47 percent of security leaders report that they have a backlog of applications that have been identified as vulnerable.
A new report from cyber risk insurance provider Coalition shows that while overall incidents are down, and ransomware attacks are declining as demands go unpaid, smaller businesses have become bigger targets.
In the first half of 2022, the average cost of a claim for a small business owner increased to $139,000, 58 percent higher than levels during the first half of 2021.
The public cloud has been widely adopted by organizations of all sizes, but a new report from Orca Security reveals some alarming shortcomings in security.
Among the key findings, 72 percent of organizations have at least one Amazon S3 bucket that allows public read access, and 70 percent have a Kubernetes API server that is publicly accessible.