Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches

MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business. [TechWeb]( Follow Dark Reading: [RSS]( May 01, 2024 LATEST SECURITY NEWS & COMMENTARY [Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches]( MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business. [Attackers Planted Millions of Imageless Repositories on Docker Hub]( The purported metadata for each these containers had embedded links to malicious files. [To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware]( USBs have something the newest, hottest attack techniques lack: the ability to bridge air gaps. [The 6 Data Security Sessions You Shouldn't Miss at RSAC 2024]( Themed "The Art of Possible," this year's conference celebrates new challenges and opportunities in the age of AI. [Canadian Drug Chain in Temporary Lockdown Mode After Cyber Incident]( London Drugs offered no details about the nature of the incident, nor when its pharmacies would be functioning normally again. [Wireless Carriers Face $200M FCC Fine As Data Privacy Waters Roil]( Verizon, AT&T, and T-Mobile USA are being fined for sharing location data. They plan to appeal the decision, which is the culmination of a four-year investigation into how carriers sold customer data to third parties. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Okta: Credential-Stuffing Attacks Spike via Proxy Networks]( Okta warns users that the attack requests are made through an anonymizing service like Tor or various commercial proxy networks. [Cybersecurity Is Becoming More Diverse … Except by Gender]( While other professions are making up ground, cybersecurity still lags behind in female representation, thanks to a lack of respect and inclusion. [Addressing Risk Caused by Innovation]( By embracing a proactive approach to cyber-risk management, companies can better detect, prevent, and mitigate cyber threats while integrating the latest state-of-the-art technology. [13.4M Kaiser Insurance Members Affected by Data Leak to Online Advertisers]( Tracking code used for keeping tabs on how members navigated through the healthcare giant's online and mobile sites was oversharing a concerning amount of information. [MORE]( PRODUCTS & RELEASES [MITRE's Cyber Resiliency Engineering Framework Aligns With DoD Cyber Maturity Model Cert]( [ESET PROTECT Portfolio Now Includes New MDR Tiers and Features]( [New Research Suggests Africa Is Being Used As a 'Testing Ground' for Nation State Cyber Warfare]( [Jason Haddix Joins Flare As Field CISO]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [R Programming Bug Exposes Orgs to Vast Supply Chain Risk]( The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files. LATEST FROM THE EDGE [Facebook at 20: Contemplating the Cost of Privacy]( As the social media giant celebrates its two-decade anniversary, privacy experts reflect on how it changed the way the world shares information. LATEST FROM DR TECHNOLOGY [Fortify AI Training Datasets From Malicious Poisoning]( Just like you should check the quality of the ingredients before you make a meal, it's critical to ensure the integrity of AI training data. LATEST FROM DR GLOBAL ['Muddling Meerkat' Poses Nation-State DNS Mystery]( Likely China-linked adversary has blanketed the Internet with DNS mail requests over the past five years via open resolvers, furthering Great Firewall of China ambitions. But the exact nature of its activity is unclear. WEBINARS - [Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks]( - [Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [A Short Primer on Container Scanning]( - [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [A Short Primer on Container Scanning]( - [Application Security's New Mandate in a DevOps World]( - [Understanding Today's Threat Actors]( - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123196&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_04.30.24&sp_cid=53279&utm_content=DR_NL_Dark%20Reading%20Daily_04.30.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#ec If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)