36 matches found
On the Effectiveness of the UK NIS Regulations As a Mandatory Cybersecurity Reporting Regime
Existing cybersecurity literature lacks a source of empirical, representative data as to the true nature of cyberattacks on Critical National Infrastructure. We have obtained UK-wide data on incidents reported under the Network and Information Systems NIS Regulations in 2024 causing "a significan...
The Worst Hacks of 2025
From university breaches to cyberattacks that shut down whole supply chains, these were the worst cybersecurity incidents of the year...
CVE-2025-2767
creationtimestamp| type| source ---|---|--- 2025-03-25 04:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-181/ 2025-04-23 17:55:29+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114388561336931929 2025-04-23 19:48:34+00:00| seen|...
Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually
Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs Application Programming Interfaces and automated abuse by bots. That's according to The Economic Impact of API and Bot Attacks report from Imperva, a Thales company. The report highlights that these securi...
The Rising Cost of Vulnerable APIs and Bot Attacks – A $186 Billion Wake-Up Call for Businesses
How much do bot attacks and API insecurity cost organizations? To answer these questions, Imperva engaged the Marsh McLennan Cyber Risk Intelligence Center to analyze incident data related to vulnerable APIs and bot attacks. Imperva’s latest report, “The Economic Impact of API and Bot Attacks,"...
How to Use Tines's SOC Automation Capability Matrix
Created by John Tuckner and the team at automation and AI-powered workflow platform Tines, the SOC Automation Capability Matrix SOC ACM is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents. A...
A week in security (April 15 – April 21)
Last week on Malwarebytes Labs: Law enforcement reels in phishing-as-a-service whopper Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million Cannabis investment scam JuicyFields ends in 9 arrests Should you share your location with your partner? Giant Tiger...
Advice for manufacturers on the coming PSTI regulation
TL;DR PSTI: The UK Product Security and Telecommunications Infrastructure Product Security Act Regulations effective from 29 April 2024 Assess how, where, why, and when you may be affected Review supply chain and in-house teams for compliance readiness Specific obligations for manufacturers,...
New Microsoft Incident Response team guide shares best practices for security teams and leaders
As enterprise networks grow in both size and complexity, securing them from motivated cyberthreat actors becomes more challenging. The incident response process can be a maze that security professionals must quickly learn to navigate—which is no easy task. Surprisingly, many organizations still...
New Microsoft Incident Response team guide shares best practices for security teams and leaders
As enterprise networks grow in both size and complexity, securing them from motivated cyberthreat actors becomes more challenging. The incident response process can be a maze that security professionals must quickly learn to navigate—which is no easy task. Surprisingly, many organizations still...
Impact of the New SEC Cyber Incident Reporting Rules on the C-Suite and Beyond
We recently hosted a compact and very engaging panel discussion about the new SEC Cyber Incident Reporting Rules due to come into effect later this year. We were fortunate to be joined by two well-known experts: Sue Bergamo, a CISO, CIO, Board Member, Executive Advisor, and Investor with a track...
How the Microsoft Incident Response team helps customers remediate threats
Each year, organizations face tens of billions of malware, phishing, and credential threats—with real-world impacts. When an attack succeeds, it can result in grave impacts on any industry. For example, it could delay a police or fire department’s response to an emergency, prevent a hospital from...
How the Microsoft Incident Response team helps customers remediate threats
Each year, organizations face tens of billions of malware, phishing, and credential threats—with real-world impacts. When an attack succeeds, it can result in grave impacts on any industry. For example, it could delay a police or fire department’s response to an emergency, prevent a hospital from...
The Rising Threat of Secrets Sprawl and the Need for Action
The most precious asset in today's information age is the secret safeguarded under lock and key. Regrettably, maintaining secrets has become increasingly challenging, as highlighted by the 2023 State of Secrets Sprawl report, the largest analysis of public GitHub activity. The report shows a 67%...
SEC cyber risk management rule—a security and compliance opportunity
In my practice as a Microsoft Global Black Belt, I focus on the technical and business enablement aspects of protecting organizations from cyber threats with tools like Microsoft 365 Defender, Microsoft Purview and Microsoft Sentinel. In my role as a board member for another publicly traded...
Key takeaways from Malwarebytes 2023 State of Mobile Cybersecurity
The results of our latest survey on mobile cybersecurity in K-12 and hospitals are in--and its not all peaches and roses. When we talk about endpoint protection, its only natural to only think about the most commonly compromised endpoints like work laptops and servers--but your smartphone isnt of...
ICS cyberthreats in 2023 – what to expect
Cybersecurity incidents were plentiful in 2022, causing many problems for industrial infrastructure owners and operators. However, luckily, we did not see any sudden or catastrophic changes in the overall threat landscape – none that were difficult to handle, despite many colorful headlines in th...
A Quick Guide for Small Cybersecurity Teams Looking to Invest in Cyber Insurance
In the world of insurance providers and policies, cyber insurance is a fairly new field. And many security teams are trying to wrap their heads around it. What is it and do they need it? And with what time will they spend researching how to integrate cyber insurance into their strategy? For small...
Avoiding Smash and Grab Under the SEC’s Proposed Cyber Rule
The SEC recently proposed a regulation to require all public companies to report cybersecurity incidents within four days of determining that the incident is material. While Rapid7 generally supports the proposed rule, we are concerned that the rule requires companies to publicly disclose a cyber...
Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity
The European Parliament announced a "provisional agreement" aimed at improving cybersecurity and resilience of both public and private sector entities in the European Union. The revised directive, called "NIS2" short for network and information systems, is expected to replace the existing...