Cybersecurity practices in Australia’s financial sector have improved marginally but are still falling far short of expectations, according to the latest in a series of ASIC audits that is tracking the maturity of cybersecurity controls in the critical industry sector. Many companies had “overly ambitious targets” for improving their cybersecurity posture when ASIC conducted its last audit, the organisation concluded in its “Cyber Resilience of Firms...
Read More
An advanced persistent threat (APT) hacking group operating with motives that likely align with Palestine has embarked on a new campaign that leverages a previously undocumented implant called NimbleMamba. The intrusions leveraged a sophisticated attack chain targeting Middle Eastern governments, foreign policy think tanks, and a state-affiliated airline, enterprise security firm Proofpoint said in a report, attributing the covert operation to a threat actor tracked as...
Read More
With reports of a data breach coming nearly every day, and sometimes multiple times a day, it is getting difficult to keep track of all of them. There were 69% more data breaches in 2021 compared with 2020, according to the Identity Theft Resource Center (ITRC) in its annual report on data breaches. In the report, ITRC identified threee primary causes of a data breach: data...
Read More
In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems. Cybersecurity firm Sophos, which spotted the new behavior, said that the remote access implants are still being detected on targeted networks despite the campaign witnessing a decline in...
Read More
A decision by the UK Court of Appeal to allow a claim for contravention of the European Union’s General Data Protection Regulation (GDPR) to be served against U.S. defendants has raised questions over the territorial limits of the regulations. The case emphasizes the broad geographic applicability of both the EU GDPR and the UK GDPR and the interpretations that exist. The UK Court of Appeal...
Read More
Organizations dealing with insider threats spent $15.4 million on average during 2021, a 34% increase from 2020, and required 85 days to contain each incident, according to a survey of 1,000 information technology and security professionals released on Jan. 25. The survey, conducted by the Ponemon Institute and sponsored by enterprise security firm Proofpoint, documented 6,803 total insider incidents, including those caused by negligent employees, malicious...
Read More