All the latest blog posts from the most relevant cyber security companies in the business.

The Identity Theft Resource Center (ITRC) has published a research that shows nearly 40 percent of ITRC victims say their personal information was stolen, compromised or misused in the past year. The report goes beyond the known financial implications of identity crimes and explores the lost opportunities as well as the emotional, physical and psychological…

As part of such attacks, threat actors rely on publicly-available personally identifiable information (PII) and social engineering to impersonate victims and access payment information, healthcare portals, and more. “Recent reporting indicates cyber criminals will continue targeting healthcare payment processors through a variety of techniques, such as phishing campaigns and social engineering, to spoof support centers…

Leveraging threat intelligence to combat nation state espionage threats is a common practice for cybersecurity teams. However, outside of common types of fraud seen in darkweb or closed forums, the same threat intelligence often is not leveraged to combat enterprise fraud. If you are a target of APT threats by espionage actors, buying access to…

The company has informed customers that its Expressway series and TelePresence Video Communication Server software is affected by two high-severity vulnerabilities. One of them, tracked as CVE-2022-20814 and related to improper certificate validation, can allow a remote, unauthenticated attacker to access sensitive data through a man-in-the-middle attack. Successful exploitation of the flaw can result in…

The company says it has detected unusual activity and decided to ‘reset’ its network and systems as a precaution. It shut down all external connectivity, including its delegated authority platforms, in response to the incident. “Following the unusual activity detected on Lloyd’s network, our precautionary work to secure systems has been completed overnight,” a Lloyd’s…

The information was collected when CISA investigated the hacking of a defense industrial base organization’s enterprise network between November 2021 and January 2022. The investigation, conducted in collaboration with a third-party incident response firm, revealed that multiple threat groups had compromised the victim’s network and some of them had access for at least one year….

The man, Sebastien Vachon-Desjardins, 35, of Gatineau, Quebec, pleaded guilty in June 2022 to participating in the ransomware scheme. Initially spotted in 2019, NetWalker was being offered under the ransomware-as-a-service (RaaS) business model and has been used in attacks against tens of organizations worldwide, including private and public entities, hospitals and emergency services, law enforcement,…

Founded in 2017, the Pasadena, California-based firm provides organizations with privacy, cybersecurity, and optimization solutions for PC, Mac, and mobile devices. The firm offers software and services tailored for consumers and small businesses and has a global presence in 33 countries, claiming to have more than one million customers. Additionally, RealDefense offers an M&A playbook…

The flaws were discovered by researchers at industrial cybersecurity firm Claroty in Carlo Gavazzi’s CPY Car Park Server and UWP 3.0 monitoring gateway and controller products. The vendor released patches for the impacted products earlier this year. The Germany-based [email protected], which coordinates the disclosure of vulnerabilities impacting the industrial control system (ICS) and operational technology…

Founded in 2013, the cloud-based External Attack Surface Management (EASM) solutions provider scans web applications for thousands of known vulnerabilities and monitors subdomains for malicious takeover. The SaaS security company has over 140 employees, but also works with ethical hackers, delivering payload-based testing to customers. Detectify claims to have more than 1,900 customers, helping them…

Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying that, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” About…