The total amount of ransom payments being sent by victims to ransomware groups appears to have taken a big dip, declining by 40% from $766 million in 2021 to $457 million in 2022 due to victims simply being unwilling to pay, blockchain intelligence firm Chainalysis reports.
Essential reading for network defenders: CircleCI's report into its recent breach, which began when malware infected an engineer's laptop. After stealing "a valid, 2FA-backed" single sign-on session cookie, attackers stole customers' secrets and gained unauthorized access to third-party systems.
Sophos will execute the second-largest round of layoffs of any security company in the current economic downturn, axing 450 workers amid a shift to MDR services. Sophos plans to reduce its staff by 10% in a move to balance growth and profitability in a challenging and uncertain economic environment.
Attackers have caught up with legacy multifactor authentication tools that use push technology or one-time passcodes, boosting the need for phishing-resistant MFA, says Jeremy Grant. In response, government officials such as CISA Director Jen Easterly have championed FIDO since it's mature and open.
Moving from certificate-based to FIDO authentication reduces overhead and complications for enterprises looking to move away from passwords, says Microsoft's Libby Brown. FIDO allows organizations to go passwordless by simply buying a FIDO key and turning it on in their Azure Active Directory.
Cybereason has gone all-in on helping customers mitigate threats beyond the endpoint to minimize the impact of ongoing SOC staffing challenges, CEO Lior Div says. The company's focus on tracking and following malicious operations sets Cybereason's approach to XDR apart from rivals.
The IntSights deal has allowed Rapid7 to offer more visibility into the threat landscape and target the phishing infrastructure used by hackers. The deal has helped Rapid7 determine the spoofed domains and the employees and social media accounts that adversaries have targeted, CEO Corey Thomas says.
Gen Digital, owner of the Norton LifeLock brand, is notifying more than 6,000 U.S. individuals that hackers might have the valid credentials for logging onto their Norton Password Manager after the company detected a credential stuffing attack in December.
Passwordless authentication will gain traction once it addresses edge cases such as logging into Netflix using a remote control, says Hypr CEO Bojan Simic. He shares how a QR code and a biometric identifier on a smartphone can transform the way someone accesses the Wi-Fi at a friend's house.
The FIDO2 standard has driven the adoption of multifactor authentication as well as the embrace of passkeys and conditional UI, says Superlunar's Nick Steele. FIDO2 will help users adopt passwordless flows while protecting websites with public key credentials in a way that hadn't been possible.
Pity the overworked ransomware gang - say, LockBit - that just "discovered" one of its affiliates hit Britain's postal service. But until Western governments find a way to truly disrupt the ransomware business model, operators remain free to keep spouting half-truths and lies at victims' expense.
Sift has landed top Ping Identity lieutenant Kris Nagel as its new CEO and tasked him with driving more account takeover and bot detection engagements. The San Francisco-based digital trust and safety vendor has directed Nagel to build out more technology partnerships in the fraud community.
In 2023, we'll see ransomware groups exploring new methods to get money from the same victims and entering the "the fifth generation of ransomware." Cybereason field CISO Greg Day shares his predictions for cybersecurity trends this year, from cloud security to deepfake scams.
Organizations must grapple with software development happening at a faster pace than ever as well as an exponential increase in attacks on the software layer. Contrast Security has therefore developed new technology to secure code that's deployed quickly to the cloud, CEO Alan Naumann says.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.