IBM released its annual Cost of a Data Breach Report, showing the global average cost of a data breach reached $4.45 million in 2023 – an all-time high for the report and a 15% increase over the last 3 years. (Help Net Security)
| "The escalation in the cost of a data breach is further exacerbated by a cyber insurance market that is delivering increased premiums, denials of coverage, an ever-increasing list of exceptions, and denied payouts. As a combined result, cyber hygiene and the preventative, detective, and recovery capabilities of your organization have never been more critical to prevent and limit the cost of an average data breach.” – Stephen Gutleber, Senior Cybersecurity Consultant at Ingalls Information Security |
Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory (Azure AD) tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account (MSA) consumer signing key to breach two dozen organizations. (The Hacker News)
Mozilla has released security updates to address vulnerabilities for Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14. An attacker could exploit some of these vulnerabilities to take control of an affected system. (CISA)
The Hidden Virtual Network Computing (hVNC) malware infests Macs and silently executes complete takeovers, with no user permission needed. It also sports persistence through reboots. (DarkReading)
Researchers warn about a spike in attacks against poorly secured Microsoft SQL (MSSQL) Servers by a dual-ransomware gang known as Mallox. Security firm Palo Alto Networks reports a 174% increase in the number of Mallox attacks this year compared to the last half of 2022. (CSO)