Network Security News | Ingalls Information Security

Articles of interest from the week of July 31, 2023

Written by John Frasier | Jul 31, 2023 4:00:00 AM

Average Cost of a Data Breach Reaches $4.45 Million in 2023

IBM released its annual Cost of a Data Breach Report, showing the global average cost of a data breach reached $4.45 million in 2023 – an all-time high for the report and a 15% increase over the last 3 years. (Help Net Security)

 

"The escalation in the cost of a data breach is further exacerbated by a cyber insurance market that is delivering increased premiums, denials of coverage, an ever-increasing list of exceptions, and denied payouts. As a combined result, cyber hygiene and the preventative, detective, and recovery capabilities of your organization have never been more critical to prevent and limit the cost of an average data breach.”

Stephen Gutleber, Senior Cybersecurity Consultant at Ingalls Information Security

 

 

New SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within Four Days

Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory (Azure AD) tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account (MSA) consumer signing key to breach two dozen organizations. (The Hacker News)

 

Mozilla Releases Security Updates for Multiple Products

Mozilla has released security updates to address vulnerabilities for Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14. An attacker could exploit some of these vulnerabilities to take control of an affected system. (CISA)

 

Apple Users Open to Remote Control via Tricky macOS Malware

The Hidden Virtual Network Computing (hVNC) malware infests Macs and silently executes complete takeovers, with no user permission needed. It also sports persistence through reboots. (DarkReading)

 

Ransomware Gang Increases Attacks on Insecure MSSQL Servers

Researchers warn about a spike in attacks against poorly secured Microsoft SQL (MSSQL) Servers by a dual-ransomware gang known as Mallox. Security firm Palo Alto Networks reports a 174% increase in the number of Mallox attacks this year compared to the last half of 2022. (CSO)