In a recent cyber-attack, a prominent threat group identified as BianLian has reportedly compromised one of the most significant NGOs on the globe, making off with an alarming 7TB of data. This data encompasses a range of sensitive information, including financial records, medical details, HR files, and personal email communications. While the BianLian group did not openly identify the NGO in their claims, the descriptions provided align closely with the profile of Save the Children International. With a prominent presence in 116 countries, a staff of approximately 25,000, and annual revenue of $2.8 billion, Save the Children International has been…
ISBuzz Team
12th September 2023, London: Integrity360, Europe’s front-runner in cybersecurity insights, has unveiled research that every IT professional should heed. Amidst the myriad of cybersecurity threats that have emerged over the years, a new villain has stolen the spotlight – data theft. Key Takeaways: Shifting Threat Landscape: While ransomware has been a consistent concern, its notoriety is being overshadowed. 55% of surveyed IT decision-makers cited data theft as their paramount worry, relegating ransomware to third place, following phishing. C-Level Executives Share Concerns: For CIOs and CTOs, advanced persistent threats (APTs) and targeted attacks now rank higher on the worry scale than…
The front page news about generative artificial intelligence (GAI) taking over software development from poor human developers has waned a bit. But there is no doubt that the technology will continue to transform the software development space over time. With AI come challenges that human managers need to address; reminiscent of how the use of open source ate the software world, AI too, demands particular consideration in the software development and security spaces. As is always the case with history, there are lessons to be learned. The beginnings of open source Freely exchanged source code goes back to software’s earliest…
Proofpoint published its second annual Cybersecurity: The 2023 Board Perspective report and found that almost 75% of the board members believe that their organizations face a risk of a major cyberattack in the next 12 months, up from 65% the previous year and 53% of those board members believe their organization is not prepared, a slight increase over the prior year. Meanwhile, 61% of CISOs feel underprepared, up from 50% in 2020.
In a recent cybersecurity incident, Janssen Pharmaceutical’s CarePath application experienced a data breach, potentially exposing sensitive personal and medical information of its customers. The breach was linked to the application’s third-party technology service provider, IBM. CarePath, an application owned by Johnson and Johnson’s subsidiary, Janssen Pharmaceutical, is designed to assist patients in accessing Janssen medications, prescription discounts, insurance guidance, and other useful tools. IBM is responsible for managing the CarePath application and the database that supports its functions. The breach came to light when Janssen Pharmaceutical identified a vulnerability that could have allowed unauthorized individuals to access the CarePath database.…
In its 2023 State of API Security Report, security company Traceable reported a sharp increase in API-related data breaches. The report is based on feedback from 1629 cybersecurity experts in over six major industries across the United States, the United Kingdom and the European Union. Fully 58% of respondents either strongly agree or agree that APIs are expanding the attack surface across all layers of the technology stack, with fully 57% saying that traditional defensive measures are not capable of distinguishing “legitimate from fraudulent activity at the API layer.” “34% of organizations feel uncertain about the efficacy of their tools like WAF…
In a startling revelation, the UK’s Electoral Commission has admitted to failing a crucial cybersecurity test around the same time it fell victim to a significant cyber-attack. This breach potentially exposed the data of 40 million voters. Background of the Breach Last month, the Electoral Commission disclosed that “hostile actors” had infiltrated its systems, accessing its emails and potentially the data of millions of voters. The breach began in August 2021 and remained undetected until October 2022. The attackers had access to sensitive data, including the names and addresses of registered voters, many of whom had opted out of public…
In a recent revelation, a zero-day vulnerability in the Atlas VPN Linux client has been exposed, putting users at risk of having their real IP addresses leaked. The flaw was publicly disclosed on Reddit, where details of the vulnerability and its exploit code were shared by the individual who first discovered it. What is Atlas VPN? Atlas VPN is a popular VPN service that offers both free and premium solutions to users, allowing them to change their IP addresses and encrypt their online connections. The service is available across a range of platforms including Windows, macOS, Linux, Android, iOS, Android…
As the new academic year approaches, school leaders are being cautioned by the National Cyber Security Centre (NCSC) to prepare for potential cyberattacks. The Centre has emphasized the necessity of implementing “appropriate security measures” to safeguard against these threats and avoid disruptions. While there’s no current indication of an elevated threat level as schools resume, the timing could amplify the impact of any cyber incident. Don Smith, vice president of the counter-threat unit at Secureworks, explained to Sky News how the onset of a new school term, combined with activities like account creations and the use of portable devices, can…
The increasing adoption of large language models (LLMs) like ChatGPT and Google Bard has been accompanied by rising cybersecurity threats, particularly prompt injection and data poisoning attacks. The U.K.’s National Cyber Security Centre (NCSC) recently released guidance on addressing these challenges. Understanding Prompt Injection Attacks Similar to SQL injection threats, prompt injection attacks manipulate AI outputs to produce unintended behaviors. These can range from displaying unethical content or malware to compromising the AI’s inner workings. For instance, a vulnerability in the LangChain library exploited by attackers was highlighted by NVIDIA’s Rich Harang. Another case saw MathGPT, which converts user inputs…