Connect with us

Technology

Critical Risk Severities Across Assets and Industries Are On the Rise According to New 2024 BreachLock Pentesting Intelligence Report

Published

on

NEW YORK, Aug. 1, 2024 /PRNewswire/ — The 2024 BreachLock Pentesting Intelligence Report is out – and there are many new insights that may surprise you. The report analyzed threat intelligence from over 4,000 penetration tests and vulnerability assessments conducted over the past 12 months. Findings were presented across affected assets, associated vulnerability types, prevalence, severity, and the most impacted industries around the globe.

“Today more than ever, CISOs are facing increasing cyber security challenges.  They are facing new and more stringent regulatory guidelines, SEC reporting rules, and an expanding landscape that seeks to hold enterprises more accountable. It leaves CISOs and practitioners unsure of what lies ahead,” states Seemant Sehgal, Founder & CEO of BreachLock. “Security teams are under more scrutiny to reassess risk and quantify the potential financial impact. They need to provide business-oriented programs that drive ROI and reduce risk, and BreachLock aims to provide the offensive security solutions to help enterprises do just this.”

This year’s report includes MITRE ATT&CK adversary tactics and techniques, as well as OWASP Top 10 to see how the report’s findings stack up against real-world observations. Here are some of the report’s top findings:

Industry Findings
The report comprises a healthy representation across enterprise size with small enterprises, or those with less than 50 employees, representing 40% of the report analysis, followed by 35% mid-enterprise (51 to 100 employees) and 25% of large enterprises, or those with 1001 to over 10,000 employees. These enterprises were located across North America, the UK, Europe, and Pan-Asian countries.

It has been a tough year so far in 2024 for the Computer Software & Technology industry, which has been besieged by an escalation in cyber incidents targeting technology infrastructure. Of the Top 5 industries with the highest number of findings, 48% of these were found in the technology sector. 

As researchers began to dig deeper into the data, some surprising industry insights were uncovered. The Banking and Financial Services Institutions (FSI) sector saw a 71.43% increase in Critical and High severities in 2024 in comparison to 2023. This included such vulnerabilities as security misconfiguration, cryptographic failures, and broken access controls, all aligning with OWASP TOP 10.

Healthcare also saw a significant rise in Critical and High severities, revealing an 85.71% increase versus 2023, according to reporting findings. In May 2024, there were 51 data breaches in the U.S. related to healthcare, most notably the United Health-owned Change Healthcare attack resulting in a $220 million paid ransom to a Russian cybercrime group.

Professional Services was a newcomer to the 2024 report. This sector includes such organizations as consumer services, human resources, law practices, legal services, and staffing and recruitment. Due to the sensitive data handled by these types of organizations, in addition to the complexity of attacks and growing regulatory demands, it is not surprising to see this sector in the Top 5 most impacted industries.

Findings Across Assets

Of the 4,000 pentests analyzed for the report, assets included are web applications (49%), external network (17%), internal network (15%), APIs (9%), Cloud (7%), and Mobile apps for both Android and iOS (3%).

The Top 5 most identified vulnerabilities by OWASP aligned with BreachLock’s top 5 findings as follows:

A05:2021 – Security MisconfigurationsA02:2021 – Cryptographic FailuresA01:2021 – Broken Access ControlA04:2021 – Insecure Design InjectionA06:2021 – Vulnerable and Outdated Components

These Top 5 categories, aggregated together, represent 88% of the findings and security weaknesses in the report’s full data set.

In addition, MITRE ATT&CK is another framework BreachLock uses and is also represented in the 2024 report findings. Aligning with MITRE ATT&CK techniques ensures that identified vulnerabilities correspond to real-world attack techniques, validating the relevance and severity of our threat findings. By identifying vulnerabilities associated with the most common and impactful attack techniques, organizations can prioritize their remediation efforts to address the most critical and probable threats first.

In addition, we saw Critical to High severity findings increase across almost every asset but here are a few of the most significant discoveries:

Web Applications: Critical severities are up 150% and High findings increased 60% in 2024 vs. 2023.

Network Infrastructure: Collectively, overall risk severities for both internal and external networks represented 32% of the complete data set with both Critical and High severities increasing 100% and 200%, respectively in 2024 from the previous year.

APIs: Representing almost 10% of the overall risk of all assets tested, the risk distribution shows a 400% increase in Critical severities and a staggering 700% increase in High vs. 2023.

Lastly, the BreachLock Pentesting Intelligence Report outlined some of the new and recent changes to cybersecurity regulations in 2024. Arguably the most impactful change has been the Securities and Exchange Commission (SEC) Disclosure Rules Act. Enacted in July 2023, it was in 2024 that we really began to see the effect that these rules had on major domestic and global companies that experienced significant breaches that were immediately disclosed to the SEC and made public.

In closing, the annual BreachLock Penetration Testing Intelligence Reports have become important to help enterprises and their security teams keep a pulse on the most prevalent vulnerabilities and potential changes to the threat landscape.  It also helps us as a security provider to better understand what is keeping our customers up at night, and to continue to develop innovative solutions to align with their needs and growing attack surface.

For more information, download the 2024 BreachLock Pentesting Intelligence Report or contact us to learn more.

About BreachLock

BreachLock is a global leader in Attack Surface Discovery and Penetration Testing. Continuously discover, prioritize, and mitigate exposures with evidence-backed Attack Surface Management, Penetration Testing, and Red Teaming.

Elevate your defense strategy with an attacker’s view that goes beyond common vulnerabilities and exposures. Each risk we uncover is backed by validated evidence. We test your entire attack surface and help you mitigate your next cyber breach before it occurs.

Know your risk. Contact BreachLock today!

Media Contact:

Megan Charrois

Senior Marketing Executive

Megan.c@breachlock.com

BreachLock.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/critical-risk-severities-across-assets-and-industries-are-on-the-rise-according-to-new-2024-breachlock-pentesting-intelligence-report-302212396.html

SOURCE BreachLock

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

As 2025 IRS Mileage Rate Hits 70 Cents, Expert Warns: Ditch Risky Apps for Secure Paper Tracking

Published

on

By

Gig economy expert Ed Ryder warns against the risks of mileage tracking apps, and advocates using paper-based tracking methods instead. He introduces The Big Mileage Form, a secure alternative developed over two years to meet the specific needs of food delivery gig workers. Ryder highlights recent tech failures, like the July 2024 global IT outage, to underscore the vulnerabilities of digital solutions. The press release also mentions Ryder’s significant mileage deduction using his form and directs readers to GigCoach.net for additional resources, including a consumer tutorial to drive better food delivery outcomes and a gig coach training program.

PHILADELPHIA, Dec. 22, 2024 /PRNewswire-PRWeb/ — As the IRS announces a standard mileage rate of 70 cents per mile for 2025, gig economy expert Ed Ryder, who has completed over 10,000 deliveries with his own car using major food delivery platforms, urges fellow gig workers to reconsider their mileage tracking methods. While acknowledging the convenience of digital solutions, Ryder advocates for a return to secure, paper-based tracking to protect valuable mileage deductions.

With the mileage rate at 70 cents, accurate tracking is crucial for gig workers and small business owners. Mileage apps seem convenient, but they risk data loss from outages, glitches, and cyber attacks. Many overlook these significant dangers.

“With the mileage rate increasing to 70 cents, accurate tracking is more crucial than ever for gig workers and small business owners,” says Ryder, creator of The Big Mileage Form. “While mileage tracking apps seem convenient, they come with significant risks that many overlook. Network outages, app glitches, and cyber attacks can jeopardize months of data.”

Ryder points to the July 2024 global IT outage as a prime example of technology’s vulnerabilities. “A faulty software update caused mass airline disruptions and impacted other industries, catching major corporations off guard. This incident highlights that even in our digital age, software isn’t infallible. For me, I simply won’t trust mileage tracking apps with my most important tax deduction.”

To address these concerns, Ryder developed a comprehensive, paper-based solution. “I spent two years perfecting The Big Mileage Form, tailoring it to the specific needs of food delivery gig workers,” he explains. “At 11×17 inches, it provides ample space for detailed record-keeping and, crucially, it’s immune to software glitches, data breaches, and ransomware attacks.”

Ryder’s meticulous paper-based record-keeping resulted in a mileage deduction exceeding $19,000 on his 2023 federal taxes. “All my business-related miles are thoroughly documented on paper. I’m fully prepared to defend this deduction in case of an audit. This level of confidence is what I aim to provide other gig workers.”

“In today’s digital age, sometimes the most secure solution is the simplest one,” Ryder concludes. “My form not only ensures data security but also prepares users for potential IRS audits. It’s time to reconsider the old-fashioned, but reliable pen-and-paper method.”

For those interested in learning more about effective mileage tracking and other aspects of gig work, Ryder offers valuable resources on GigCoach.net. These include a tutorial for consumers titled ‘Fair Deal Delivery,’ which provides insights on how to improve food delivery outcomes. Additionally, experienced food delivery couriers can explore Ryder’s gig coach training program. Visit GigCoach.net to access these resources and learn more about The Big Mileage Form.

Media Contact

Ed Ryder, Match Experiment LLC, 1 484-493-8740, hello@ideamaned.com, gigcoach.net

View original content to download multimedia:https://www.prweb.com/releases/as-2025-irs-mileage-rate-hits-70-cents-expert-warns-ditch-risky-apps-for-secure-paper-tracking-302337779.html

SOURCE Gig economy expert Ed Ryder

Continue Reading

Technology

DATA BREACH ALERT: Edelson Lechtzin LLP Is Investigating Claims On Behalf Of Ascension Health Customers Whose Data May Have Been Compromised

Published

on

By

NEWTOWN, Pa., Dec. 22, 2024 /PRNewswire/ — The law firm of Edelson Lechtzin LLP is investigating claims regarding data privacy violations by Ascension Health (“Ascension”). Ascension learned of suspicious activity on or about May 8, 2024. To join this case, go HERE.

About Ascension Health

Ascension is a prominent non-profit health system in the nation and operates under Catholic principles.

What happened?

On or about May 8, 2024, Ascension detected unauthorized activity in its computer systems. Ascension initiated an investigation, which included retaining consulting cybersecurity experts and notifying the FBI. The investigation determined that between May 7 and 8, 2024, a cybercriminal accessed files containing personal information about Ascension’s patients and employees. This information included names, medical records, payment details, insurance information, government identification numbers, and other personal data such as dates of birth and addresses. Approximately 6 million individuals have been affected by this data breach.

How can I protect my personal data?

If you receive a data breach notification, you must guard against possible misuse of your personal information, including identity theft and fraud, by regularly reviewing your account statements and monitoring your credit reports for suspicious or unauthorized activity. Additionally, you should consider legal options for mitigating such risks.

Edelson Lechtzin LLP is investigating a class action lawsuit to seek legal remedies for customers whose sensitive personal and patient data may have been compromised by the Ascension data breach.

For more information, please contact:

Marc H. Edelson, Esq.
EDELSON LECHTZIN LLP
411 S. State Street, Suite N-300
Newtown, PA 18940
Phone: 844-696-7492
Email: medelson@edelson-law.com
Web:  www.edelson-law.com 

About Edelson Lechtzin LLP
Edelson Lechtzin LLP is a national class action law firm with offices in Pennsylvania and California. In addition to cases involving data breaches, our lawyers focus on class and collective litigation in cases alleging securities and investment fraud, violations of the federal antitrust laws, employee benefit plans under ERISA, wage theft and unpaid overtime, consumer fraud, and catastrophic injuries.

This press release may be considered Attorney Advertising in some jurisdictions. No class has been certified in this case, so counsel does not represent you unless you retain one. You may select counsel of your choice. You may also remain an absent class member and do nothing now. Your ability to share in any potential future recovery does not depend on serving as lead plaintiff.

View original content to download multimedia:https://www.prnewswire.com/news-releases/data-breach-alert-edelson-lechtzin-llp-is-investigating-claims-on-behalf-of-ascension-health-customers-whose-data-may-have-been-compromised-302337976.html

SOURCE Edelson Lechtzin LLP

Continue Reading

Technology

Earth’s pulse monitored: a review highlights remote sensing time series progress

Published

on

By

As urbanization accelerates and environmental dynamics shift, the need for accurate and timely terrestrial monitoring has never been more urgent. A review has introduced a novel approach to remote sensing time series analysis, integrating multi-source data to enable near real-time monitoring. This innovative methodology promises to transform environmental conservation and urban planning by providing unprecedented insights into terrestrial changes and offering a more precise understanding of environmental dynamics.

GUANGZHOU, China, Dec. 22, 2024 /PRNewswire-PRWeb/ — An international team of researchers from South China Normal University, the University of Connecticut, and the Chinese Academy of Sciences has made a significant breakthrough in remote sensing. Their review, published (DOI: 10.34133/remotesensing.0285) in the Journal of Remote Sensing on December 11, 2024, addresses key challenges in remote sensing, such as incomplete data and noise interference. The team’s new time series analysis technique leverages advanced data reconstruction and fusion methods, significantly enhancing the precision and efficiency of remote sensing for monitoring environmental changes.

The research team has developed an advanced time series analysis technique that combines deep learning algorithms with traditional remote sensing methods to integrate data from various remote sensing sources. This innovative approach allows for the extraction of subtle patterns from large, complex datasets, which is crucial for monitoring critical environmental parameters such as land use and vegetation health. Unlike conventional techniques that struggle with incomplete or noisy data, this new methodology offers enhanced accuracy and more reliable insights into terrestrial dynamics, paving the way for more effective environmental monitoring.

Central to the study’s success is the integration of Long Short-Term Memory (LSTM) networks and Generative Adversarial Networks (GANs) to address the challenges posed by missing or noisy data. The LSTM networks capture temporal trends over time, while the GANs generate synthetic data that mimics real-world observations to fill gaps and correct for atmospheric distortions. This dual approach has resulted in a cleaner, more accurate time series dataset, which was validated against independent ground truth measurements. The researchers demonstrated significant improvements in key vegetation indices, such as the Normalized Difference Vegetation Index (NDVI), setting a new benchmark in the field of remote sensing.

Experts in the field have lauded the study’s potential to revolutionize remote sensing applications. They see the method as a transformative tool for enhancing high-resolution monitoring and extending its coverage, particularly in agricultural surveillance, urban planning, and environmental management. “This method represents a crucial advancement in our ability to monitor environmental changes,” says Professor Fu. “As it evolves, it could play a key role in addressing climate change and other global challenges.”

The methodology’s future applications are vast, especially in global environmental monitoring and supporting sustainable development goals. By integrating multi-temporal data from Landsat and Sentinel-2 satellites, the team has created a framework for accurate and continuous terrestrial analysis. As computational power advances and algorithms improve, this technology is expected to become a vital tool for natural resource management, disaster response, and climate change mitigation. In the years to come, it could provide critical data to help policymakers address pressing environmental issues on a global scale.

References

DOI

10.34133/remotesensing.0285

Oiginal Source URL

https://doi.org/10.34133/remotesensing.0285

Funding information

This work was supported by the National Nature Science Foundation of China (grant numbers 42425001 and 42071399).

About Journal of Remote Sensing

The Journal of Remote Sensing, an online-only Open Access journal published in association with AIR-CAS, promotes the theory, science, and technology of remote sensing, as well as interdisciplinary research within earth and information science.

Media Contact

George Hua, Chuanlink Innovations, 1 8656606278, TranSpread1@gmail.com, http://chuanlink-innovations.com/

View original content to download multimedia:https://www.prweb.com/releases/earths-pulse-monitored-a-review-highlights-remote-sensing-time-series-progress-302337250.html

SOURCE Journal of Remote Sensing

Continue Reading

Trending