Triodos hoeft een klant die het slachtoffer van bankhelpdeskfraude werd geen negenduizend euro te vergoeden, zo heeft de rechtbank Midden-Nederland geoordeeld.

De klant werd eind 2022 gebeld door een oplichter die zich voordeed als medewerker van Triodos. Door middel van telefoonspoofing kreeg de klant op haar telefoon het nummer van de bank te zien.

De oplichter vertelde dat er fraude met haar rekening werd gepleegd en verzocht de klant om het programma AnyDesk te installeren, waarmee haar computer op afstand kon worden overgenomen.

An alarming trend toward multiple, sometimes simultaneous cyber attacks forces business leaders to re-evaluate their cyber resilience strategies to address common points of failure, including inadequate identity system backup and recovery practices, according to Semperis.

Survey of nearly 1,000 IT and security professionals shows 83% of organizations were targeted by ransomware attacks in the past year with a high degree of success, sounding alarming trends in attack frequency, severity, and consequences.

Companies are suffering successful ransomware attacks multiple times within the same year — resulting in closures, layoffs, loss of revenue and customer trust, and cancelation of cyber insurance.

A security researcher says six companies were saved from having to pay potentially hefty ransom demands, in part thanks to rookie security flaws found in the web infrastructure used by the ransomware gangs themselves.

Two companies received the decryption keys to unscramble their data without having to pay the cybercriminals a ransom, and four hacked crypto companies were alerted before the ransomware gang could begin encrypting their files, marking rare wins for the targeted victim organizations.

Vangelis Stykas, a security researcher and chief technology officer at Atropos.ai, set out on a research project to identify the command and control servers behind over 100 ransomware and extortion-focused groups and their data leak sites.

A recent ransomware attack on OneBlood, a leading blood supplier in the southeastern United States, has severely impacted the blood supply chain in Florida.

This cyberattack has prompted urgent health warnings and a call for donations from Florida health officials, particularly in Orlando, as the state faces a potential public health crisis due to disrupted blood supplies.

OneBlood, a nonprofit organization responsible for supplying blood to over 350 hospitals across Florida, Georgia, Alabama, North Carolina, and South Carolina, was targeted in late July 2024 by a sophisticated ransomware attack.

Traditional cloud security issues often associated with cloud service providers (CSPs) are continuing to decrease in importance, according to the Top Threats to Cloud Computing 2024 report by the Cloud Security Alliance.

These findings continue the trajectory first seen in the 2022 report, along with the fact that threats such the persistent nature of misconfigurations, identity and access management (IAM) weaknesses, insecure application programming interfaces (APIs), and the lack of a comprehensive security strategy continue to rank high, highlighting their critical nature.

“It’s tempting to think that the reason the same issues have remained in the top spots since the report was last issued stems from a lack of progress in securing these features.

One of the US Cybersecurity and Infrastructure Security Agency's (CISA) flagship initiatives is Secure by Design, launched in 2023. Now, the agency is imploring software customers to take the approach of Secure by Demand.

This was the message given by CISA director Jen Easterly during the primary stage talk at Black Hat USA.

“You have to have both the supply side and demand inside. The truth is that organizations that procure and deploy software, which is virtually all organizations, can play a leading role in advancing secure by demand,” Easterly said.

Formal risk assessment methodologies can help take guesswork out of evaluating IT risks if applied appropriately. Here are six to consider.

Technology is one of the greatest assets companies have, essential to running or supporting many business processes. It’s also one of the biggest risks. That’s why IT risk assessment frameworks are vital.

IT risk assessments enable organizations to evaluate the risks their systems, devices, and data are facing, whether it’s cybersecurity threats, outages, or other events. They also allow them to assess the potential implications of these risks.

Last summer when I stood down as the UK’s first combined Biometrics and Surveillance Camera Commissioner the government was about to scrap what little legislation there was covering this important area for policing.

In any event the general election meant the bill was scrapped and, as it turns out, the government itself, so we are back to square one. And square one is not sustainable.

Facial recognition has already made it onto the Prime Minister’s agenda and the regulatory framework enabling its accountable use by the police remains incomplete, inconsistent and incoherent.

Scout Suite is an open-source, multi-cloud security auditing tool designed to assess the security posture of cloud environments.

By leveraging the APIs provided by cloud vendors, Scout Suite collects and organizes configuration data, making it easier to identify potential risks.

Instead of manually sifting through numerous pages on cloud web consoles, Scout Suite automatically generates a comprehensive and clear overview of the attack surface, streamlining the security assessment process.