Secure World News

Organizations increasingly rely on global talent outsourcing to bolster their cybersecurity capabilities. By tapping into a vast pool of skilled professionals worldwide, companies can address skill shortages, optimize costs, and gain access to specialized expertise.

Global cyber insurance premiums are declining despite an uptick in ransomware attacks, according to a recent report by insurance broker Howden. This trend reflects improved business security practices, evolving insurance industry dynamics, and changing attitudes toward cyber risk management. According to Reuters, the Howden report indicates that the cyber insurance market experienced double-digit price reductions in 2023/24, a stark contrast to the skyrocketing premiums seen in 2021 and 2022 during the COVID-19 pandemic. Sarah Neild, head of U.K. cyber retail at Howden, attributes this decline to enhanced cybersecurity measures implemented by businesses, such as multi-factor authentication (MFA) and increased investment in IT security and staff training. “MFA is the most basic thing you can do; it’s like locking the door when you leave the house,” Neild explained. “Cybersecurity is a many-layered beast.” Interestingly, this downward trend in premiums comes despite an 18% increase in recorded ransomware incidents during the first five months of 2024 compared to the previous year. The report suggests that businesses are becoming more adept at mitigating their losses from cyberattacks, particularly through improved backup systems and cloud services that help reduce business interruption costs. However, Dr. Ilia Kolochenko, Partner & Cybersecurity Practice Lead at Platt Law LLP and CEO at ImmuniWeb, offers additional insights into these trends. He points out that the falling premiums may also reflect changing attitudes among businesses towards cyber insurance: “Fewer companies are willing to invest a considerable amount of money in cyber insurance after having a pretty bad experience in the past, when insurance coverage was denied under a plethora of reasons and contractual clauses inconspicuously incorporated into the insurance agreement,” Dr. Kolochenko explains. “After burning their fingers with an insurance policy, some companies either entirely re-allocated insurance budget to improve their cybersecurity controls and hire more people, or procured the bare minimum of cyber insurance as it may be required by law or be a prerequisite of their external stakeholders.” Dr. Kolochenko also highlights the maturation of the cyber insurance industry, noting that insurers now have sufficient historical data to offer more accurate, data-driven premiums. This allows them to better quantify risks and offer more competitive conditions while maintaining profitability. The Howden report predicts that growth in the $15 billion global cyber insurance market is likely to be fastest in Europe in the coming years, given current lower market penetration levels. However, it also notes that smaller firms are less likely to purchase cyber insurance, partly due to a lack of awareness of cyber risks. As the cybersecurity landscape continues to evolve, organizations, insurers, and cybersecurity professionals will need to remain vigilant and adaptive. The falling premiums may offer an opportunity for more businesses to obtain cyber insurance coverage, but as both the Howden report and Dr. Kolochenko emphasize, robust internal security measures remain crucial in the ongoing battle against cyber threats. Read the full Howden report here. Follow SecureWorld News for more stories related to cybersecurity.

We are midway through 2024, and data privacy continues to dominate headlines and strategic business decisions across industries. Seventeen data privacy laws have been adopted across the U.S., and legislatures are continuing to consider, debate, and adopt new laws every month.

Browsing the web these days comes with a bombardment of targeted ads. They can leave you feeling like certain entities know way too much about you by eavesdropping on your conversations and stalking your movements behind the scenes. And to an extent, we have agreed to this status quo.

Luxury department store chain Neiman Marcus Group has become the latest victim in a series of cyberattacks targeting users of the Snowflake data warehousing platform. The breach affected nearly 65,000 shoppers and exposed sensitive personal information.

CDK Global, a leading provider of software-as-a-service (SaaS) solutions for the automotive industry, recently fell victim to a significant data breach. The incident is affecting thousands of car dealerships and potentially millions of consumers.

The U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has taken a significant step forward in bolstering the cybersecurity of America’s energy sector. CESER has developed a new framework of best practices aimed at securing clean energy cyber supply chains, with a particular focus on key technologies used in managing and operating electricity, oil, and natural gas systems.

The notorious LockBit ransomware group has made a startling claim: they  allegedly breached the systems of the U.S. Federal Reserve, exfiltrating 33 terabytes of sensitive data including “Americans’ banking secrets.” The group threatened to leak the stolen data on June 25, 2024, if their demands were unmet.

Data is mission critical in the modern digital era. The ability to gain proactive actionable insights from business data can help foster innovation, enhance operating efficiency, support proactive continuous improvement (e.g., predictive analytics), and deliver actionable insights to support business decision making.

A recently discovered high-severity vulnerability in Phoenix Technologies’ SecureCore UEFI firmware has raised concerns across the cybersecurity landscape. The vulnerability, tracked as CVE-2024-0762 and dubbed “UEFIcanhazbufferoverflow,” potentially affects hundreds of PC and server models that use Intel processors. Eclypsium, the cybersecurity firm that discovered the vulnerability, reports that it “allows a local attacker to escalate privileges and gain code execution within the UEFI firmware during runtime.” With a CVSS score of 7.5, this vulnerability poses a significant threat to affected systems. The vulnerability stems from an unsafe variable in the Trusted Platform Module (TPM) configuration. Eclypsium’s research explains: “There are two calls to GetVariable with the ‘TCG2_CONFIGURATION’ argument and the same DataSize, without adequate checks in between. If an attacker can modify the value of the ‘TCG2_CONFIGURATION’ UEFI variable at system run time, they can set it to a value long enough so that the first call to GetVariable returns EFI_BUFFER_TOO_SMALL, and the data_size is set to the length of the UEFI variable. The second call would succeed and overflow the buffer, leading to a stack buffer overflow.” Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, emphasizes the widespread impact, saying: “This includes devices from multiple OEMs using Intel Core processors such as AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake. Due to the broad use of Phoenix SecureCore UEFI firmware, the vulnerability’s reach is extensive, impacting potentially a significant number of products globally.” The vulnerability affects multiple versions of Phoenix SecureCore for various Intel platforms, ranging from Kaby Lake to Meteor Lake. For instance, Phoenix SecureCore for Intel Kaby Lake is affected from version 4.0.1.1 to 4.0.1.997, while for Intel Meteor Lake, versions 4.5.1.1 to 4.5.1.14 are vulnerable. John Gallagher, Vice President at Viakoo Labs, provides context on the vulnerability’s specificity, saying: “This vulnerability is specific to one BIOS provider, Phoenix (not AMI or Insyde, other major BIOS providers); however, it broadly impacts systems based on Intel CPUs.” He adds, “It is similar to LogoFail in how it attacks in the earliest stage of system bootup and provides access to all parts of the system, but different in the scale and maturity of the exploit.” The discovery of this vulnerability highlights the critical role of UEFI firmware in system security. Eclypsium’s report states: “This type of low-level exploitation is typical of firmware backdoors (e.g. BlackLotus) that are increasingly observed in the wild. Such implants give attackers ongoing persistence within a device and often, the ability to evade higher-level security measures running in the operating system and software layers.” To mitigate this vulnerability, affected users and organizations should apply firmware updates as they become available from their device manufacturers. Lenovo has already published relevant BIOS updates, and other vendors are expected to follow suit. The discovery of this vulnerability also underscores the growing role of AI and machine learning in cybersecurity. “AI excels at identifying new vulnerabilities by analyzing large volumes of binary data efficiently,” Guenther said. “For patching, AI can assist by recommending code changes and automating testing processes to ensure patches do not introduce new issues.” As the cybersecurity landscape continues to evolve, vulnerabilities like UEFIcanhazbufferoverflow serve as a reminder of the ongoing need for vigilance, advanced detection methods, and prompt patching in protecting our digital infrastructure. Follow SecureWorld News for more stories related to cybersecurity.

As defenders of digital assets, Chief Information Security Officers (CISOs) and cybersecurity professionals face immense pressure, often leading to burnout. This phenomenon is not just anecdotal; several studies have highlighted the alarming prevalence of burnout in the cybersecurity industry.

On June 19, 1865, Union soldiers arrived in Galveston, Texas, to announce that the Civil War had ended and that all enslaved people were now free—more than two years after the Emancipation Proclamation was issued. This momentous occasion is celebrated as Juneteenth, commemorating the end of slavery in the United States.

Globe Life Inc., a major life insurance provider, disclosed in a recent SEC filing that it is investigating a security breach involving unauthorized access to consumer and policyholder information through a company web portal.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding an ongoing phone-based impersonation fraud campaign where scammers are masquerading as CISA staff. In a brief notification, the agency stated it is “aware of recent impersonation scammers claiming to represent the agency.”

The healthcare industry has had a rough time when it comes to cybersecurity. Over the last few years, the number of data breaches in the healthcare industry has gradually increased. Clearly, there’s still a lot of work to be done to improve cybersecurity measures in healthcare.

The fourth annual SecureWorld Eastern virtual conference provided a glimpse into the rapidly evolving cyber threat landscape facing nations, businesses, and the very integrity of democratic elections worldwide. As cyberattacks and malicious campaigns grow increasingly sophisticated and pervasive, the event underscored the urgent need for robust defensive strategies across both the public and private sectors.

The prolific Black Basta ransomware operation is believed to have leveraged a recently patched Windows privilege escalation vulnerability as a Zero-Day exploit before a fix was made available, according to new research by cybersecurity firm Symantec.

In the SecureWorld Spotlight Series, we learn about the speakers and Advisory Council members that make our events a success. In Q&A format, they share about their professional journeys, unique experiences, and hopes for the future of cybersecurity—along with some personal anecdotes.

You probably already know that ransomware is a type of malicious software that encrypts a victim’s data, demanding a ransom to restore access. It’s a problem that’s getting worse all the time, and its impact on healthcare is particularly concerning.

Nvidia has released a major security update to address multiple high-severity vulnerabilities in its GPU drivers and virtual GPU (vGPU) software. The flaws, if left unpatched, could enable threat actors to execute arbitrary code, access sensitive data, escalate privileges, and cause denial-of-service conditions on affected systems.