🚨 Cost per Breach Released by IBM, UK Electoral Breach, VMware ESXi Target to Ransomware, Apple Updates

CyberHub Podcast

1×

0:00

-17:59

🚨 Cost per Breach Released by IBM, UK Electoral Breach, VMware ESXi Target to Ransomware, Apple Updates

Today’s top cybersecurity news and the latest threats from Practicing CISO James Azar, tune in to hear how practitioner’s breakdown the latest to bolster their cybersecurity programs

James Azar

Jul 30, 2024

Transcript

Today's CyberHub Podcast covered several significant cybersecurity topics, including the rising cost of data breaches, recent high-profile vulnerabilities, and international cyber incidents.

Below is a detailed summary of each topic, along with actionable items for businesses and individuals.

Cost of Data Breaches

IBM's report revealed that the global average cost of a data breach has risen to $4.88 million, with healthcare being the most affected sector. The U.S. continues to lead in breach costs, primarily due to stringent data breach notification requirements.

Action Items:

Ensure cyber insurance coverage exceeds $10 million to mitigate out-of-pocket expenses.
Strengthen data security measures, particularly around customer personal data and intellectual property.

UK Electoral Commission Breach

The UK Electoral Commission was breached due to unpatched Microsoft Exchange vulnerabilities (ProxyShell). Sensitive voter data was exfiltrated.

VMware ESXi Vulnerability

Microsoft reported active exploitation of VMware ESXi vulnerabilities by ransomware groups.

Action Items:

Apply patches for ESXi 8.0 and Cloud Foundation 5.x immediately.
Monitor for signs of exploitation and review security configurations.

CrowdStrike Falcon Outage

Microsoft suggested that the impact of the CrowdStrike Falcon outage might have been underestimated, affecting more than the previously estimated 8.5 million machines.

Action Items:

Review dependencies on third-party security vendors and develop contingency plans for potential outages.

Olympics Cyber and Physical Security

Sabotage of French telecom networks and the doxxing of Israeli athletes’ data on Telegram highlight heightened cyber risks around the Olympics.

Apple Security Updates

Apple released updates for iOS and MacOS, addressing 35 security vulnerabilities, including those affecting authentication and data integrity.

Action Items:

Update all Apple devices to the latest software versions to protect against these vulnerabilities.

Proofpoint Misconfiguration Exploited

A misconfiguration in Proofpoint's email protection service was exploited to send phishing messages, leveraging the service's legitimacy.

Action Items:

Regularly review and audit security configurations and permissions.
Implement continuous improvement processes for security tools and practices.

Software Piracy Case Sentencing

Three individuals were sentenced for a massive software pirating operation involving Avaya licenses worth over $88 million.

TikTok Legal Battle

The U.S. DOJ is challenging ByteDance, TikTok's parent company, to divest U.S. assets by January 19, 2025, or face a ban.

Conclusion

Today's podcast emphasized the growing complexities and costs of cybersecurity incidents. Businesses and individuals alike must prioritize security measures, stay updated on vulnerabilities, and advocate for stronger regulatory frameworks.

Stay tuned for more updates and subscribe to our podcast for the latest cybersecurity news.

For more information, please visit our website:

https://www.cyberhubpodcast.com/

Discussion about this podcast

CyberHub Podcast

Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines and how these stories help keep practitioners sharp and ready.

Listen on