Latest news with #SSH
Yahoo
2 days ago
- Business
- Yahoo
Monumental fraud and attack risks exposed as study of 141 million leaked files reveals financial documents present in 93% of all data breaches
Lab 1 publishes the biggest ever content-level analysis of breached datasets, finding: Half of all data breaches contain U.S. Social Security Numbers Half of breaches leak bank statements, increasing fraud for employees and customers Customer and corporate PII exposed at concerningly high rates, with HR data and customer care data present in 82% and 67% of incidents The average attack blast radius has increased by 61% in three years LONDON, July 22, 2025 (GLOBE NEWSWIRE) -- Lab 1, the AI-powered Exposed Data Intelligence platform, today publishes the biggest ever content-level analysis of breached datasets to reveal the monumental risk of fraud to organizations, their employees and customers, with nearly all breached datasets including financial, HR and customer data. Lab 1 uses AI agents to scrape breached datasets and analyze every file exposed, including unstructured files, like PDFs, emails, spreadsheets, and code files. While typically overlooked in data breach analysis techniques, the information can be leveraged for sophisticated cyberattacks, social engineering attacks, and fraud against companies and their customers. Analyzing 141 million files leaked in the public domain from 1,297 data breach incidents, the first annual Anatomy of a Breach Report reveals: Financial documents are exposing companies and their customers to fraudFinancial documents appear in 93% of incidents and account for 41% of all exposed files. Financial sensitive information types were also highly prevalent and reveal how personal data, as well as commercial information, is being leaked into the public domain. Bank statements, which enable identity fraud, were present in 49% of incidents, and IBANs, which can be used for mandate scams and payment redirection, were included in 36% of breached data sets. Customer and corporate PII exposed in nearly all breachesHuman Resources data - often containing personally identifiable information (PII), payroll and resumes - appeared in 82% of breaches. Two-thirds (67%) involved communications and records concerning customer service interactions and support. Emails were leaked in 86% of all data breaches, the most prevalent exposed sensitive information type, but perhaps most concerningly, half of all incidents analyzed (51%) included U.S. Social Security Numbers. Exposure of PII can lead to targeted phishing, identity theft, and regulatory violations under laws like GDPR or the FTC Act, opening organisations up to the risk of substantial fines, legal action, and erosion of customer trust. Unstructured files are exposing new cyberattack avenuesWhile exposed in a smaller proportion of incidents, cryptographic keys (SSH and RSA Keys) that enable attackers to bypass authentication and access secure systems were present in 18% of all incidents. Cloud and Infrastructure indicators, such as AWS S3 paths and virtual hosts, featured in two-fifths of breaches (20% and 23% respectively), which can facilitate data exfiltration or the discovery of unsecured cloud storage endpoints. Code files, which were exposed in 87% of incidents and account for 17% of all exposed files, also introduce vulnerabilities to the Software Bill of Materials by undermining the integrity and trustworthiness of the software supply chain. Attack blast radius has increased by 61% in three yearsThe content-level analysis exposes the full blast radius of organizations implicated in these incidents, many of which may have nth-party relations to the breached company and be unaware of their potential exposure. The median exposure across all breaches analyzed was 482 organizations, an increase of 61% from a median of 257 in 2022 to 414.5 in 2025. Robin Brattel, Co-founder and CEO, Lab 1 said: 'Rather than focus on mega data dumps of structured and primarily credential-based information, we've focused on the huge risks associated with unstructured files that often hold high-value information, such as cryptographic keys, customer account data, or sensitive commercial contracts. 'With cybercriminals now behaving like data scientists to unearth these valuable insights to fuel cyberattacks and fraud, unstructured data cannot be ignored. We've refined a scientific approach to analyzing unstructured breach contents and today share our findings, which underline the need to move towards a content-aware approach to breach analysis. Ultimately, organizations must understand what information has been leaked, how it can be used, and who might be affected. And faster than it can be used against them.' Note for the editorThe dataset used in the Anatomy of a Breach Study comprises 141,168,340 individual file records sourced from 1,297 ransomware and data breach incidents, all of which are in the public domain and were reconstructed from forensic acquisitions of compromised systems. A methodology can be found within the full report, here. About Lab 1Lab 1 is the first platform to apply AI and data science at scale to identify and analyze exposure to data breaches. Its AI Intel Agent continuously scans breached datasets across the surface, deep, and dark web, extracting and categorizing exposed files. These are safely previewed within the Lab 1 Platform, eliminating the need to download potentially dangerous files for lengthy manual analysis. Organizations receive AI-generated alerts of exposure and summaries of the information revealed, enabling them to understand and act on their exposure quickly and securely. Backed by information security leaders from Goldman Sachs, Credit Suisse, UBS, and Revolut, Lab 1 has already analyzed over 160 million exposed files. For more information, visit CONTACT: Media Contact Gina Giachetti in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Techday NZ
18-07-2025
- Business
- Techday NZ
Only 6% of SSH servers ready for post-quantum encryption
Forescout has released new research indicating that just 6% of SSH servers currently support post-quantum encryption, exposing a significant proportion of vital data to the risk of being harvested now and decrypted once quantum computers become a practical threat. The findings highlight concerns for the long-term confidentiality of communications across public networks, Secure Access Service Edge tools, and critical data handled in sectors such as military, diplomatic, and proprietary corporate environments. Forescout has developed a patented technology that detects non-quantum-safe encryption across information technology (IT), operational technology (OT), and internet of things (IoT) systems, in an effort to support organisations confronting the quantum threat. Quantum computing threat Forescout's technology utilises continuous analysis of device encryption to identify vulnerabilities to quantum attacks. Developed in 2023 and patented in 2024, this approach forms the basis of Forescout's "Quantum-Safe Security Assurance" strategy. The strategy is designed to help organisations identify, assess, and close security gaps associated with post-quantum cryptography (PQC) across IT, OT, and IoT environments. The urgency around quantum security readiness is highlighted by a recent study from Omnia, which found that 40% of manufacturers expect to see customer use of quantum technologies by 2026. This timeline increases the risks posed by "harvest now, decrypt later" attacks, where adversaries store encrypted data today with the intention of decrypting it in future using quantum technology. "Quantum computing is no longer a far-off concept. It's a fast-approaching reality that will challenge the foundations of digital trust. Every organisation, public or private, needs to start thinking about post-quantum resilience across IT, OT, and IoT environments today. This is a rare opportunity to get ahead of a generational shift in cybersecurity before urgency overtakes strategy," said Barry Mainz, CEO of Forescout. Platform strategy Forescout's approach is anchored by its 4D Platform, which applies a four-part methodology: detection, enforcement, mitigation, and control. The technology evaluates the cryptographic ciphers supported by devices, assesses their compliance with post-quantum standards, and identifies encryption risks. Because it operates at the network layer, the solution is capable of uncovering risky encryption use, even where devices attempt to obscure their security posture. The four-pronged strategy delivered through the Forescout 4D Platform includes: detection of PQC-safe assets in real time for a full view over cryptographic postures; enforcement of segmentation to protect critical systems; mitigation through threat intelligence to match policy enforcement with real assets or misconfigurations; and control, which limits traffic from high-risk devices. "As organisations prepare for a post-quantum future, detecting systems using outdated encryption is critical. Forescout is already delivering on this with our patented technology - the only solution that identifies non-quantum-safe ciphers in real time. Whether it's PHI from medical devices or financial data crossing the web, this level of visibility empowers our customers to assess risk accurately and prioritise remediation where it matters most," said Robert McNutt, Chief Strategy Officer at Forescout Technologies, Inc. Slow adoption The research also notes a slow migration towards PQC across global networks. Of 186 million SSH servers exposed to the internet, just 6% support quantum-safe encryption methods. Fewer than 20% of global communications employ Transport Layer Security (TLS) version 1.3, presently the sole version offering support for post-quantum cryptography. Although use of NIST-standardised algorithms such as ML-KEM has increased more than fivefold over six months, it still accounts for under 0.1% of servers worldwide. Particularly in OT, IoT, and Internet of Medical Things (IoMT) environments, adoption of post-quantum encryption poses additional challenges, often necessitating upgrade or replacement of firmware or hardware. "We're seeing a clear drop-off in PQC migration once the early adopters are accounted for. The data shows that most systems aren't upgrading fast enough to keep pace with the advancing threat model," said Daniel dos Santos, Head of Research at Vedere Labs. Mitigation steps To address these threats, Forescout's research recommends several immediate measures for organisations. These include adopting PQC for devices reliant on third-party infrastructure, securing trusted network infrastructure from attackers, employing network tools capable of accessing SPAN ports, and avoiding use of ISPs and SASE tools for critical or highly protected systems. The report emphasises that preparing for quantum threats is increasingly necessary, rather than a speculative exercise, as standards and attacker capabilities advance. Forescout positions its technology and platform to help organisations maintain oversight and control of encryption risks and remediate them before quantum technology is widely available to adversaries.
Wales Online
13-07-2025
- Business
- Wales Online
Concerns over building firm hired to work on beloved Welsh attraction
Concerns over building firm hired to work on beloved Welsh attraction A whistleblower fears the project could 'turn into an absolute farce' Castell Coch in Tongwynlais, Cardiff (Image: Matthew Horwood/Getty ) Concerns have been raised over the choice of subcontractor for a key conservation project at a beloved Welsh tourist attraction. SSH Conservation Ltd – which last month changed its name to AAT (2025) Ltd – recently fell into administration owing more than £1.25m. A new company, led by one of the same directors, has taken on the SSH Conservation Ltd name and landed a major contract to work on Castell Coch, a 19th-century Gothic Revival castle in Tongwynlais, north Cardiff. The older firm's debts include £956,576 owed to the taxman but the Welsh Government says it has been assured "all necessary due diligence" was carried out in the tender. The Grade I-listed landmark is controlled by Cadw, the Welsh Government's historic environment service, which has contracted a £2.52m conservation job involving the castle's well and kitchen towers to John Weaver Contractors Ltd – which in turn has now subcontracted a portion of the upcoming work to SSH. A source close to the project claimed to WalesOnline that the value of the work contracted to SSH is around £500,000. Companies House paperwork lists the older company's debts as totalling £1,256,834 to some 86 creditors including various small businesses and HM Revenue & Customs (HMRC). "Employees" are listed as unsecured creditors owed £44,188. Article continues below "The company had 21 employees," the administrators wrote last month. "However as a result of the administration they have all been made redundant." The new SSH was registered on Companies House in January as 'Abacus Building Conservation' before adopting its current name last month. It has yet to file accounts. The sole director is 51-year-old Jacob Motley, who is one of the three directors of the older business. Our source voiced concern the project could "turn into an absolute farce" if the new firm encounters difficulties. A Welsh Government spokeswoman said: "Following a rigid procurement and appointment process Cadw contracted John Weavers Contractors (JWC) as the main contractors in 2024 to carry out conservation work to the well and kitchen towers of Castell Coch. "Subsequent tender processes for domestic subcontractors were managed internally by JWC and one of the appointed subcontractors is SSH Conservation, who this year will be undertaking repointing, masonry repairs, and dismantling and rebuilding chimneys on both towers and have the necessary skills to undertake this specialist work." She added: "JWC have provided full assurances to Cadw that all necessary due diligence had been carried out." In a statement last month AAT's administrators, FRP Advisory, wrote that they did not believe the company could be rescued as a "going concern" due to "the level of historic debt". They went on: "In this administration it is proposed that the administrators will take the necessary steps to dissolve the company as it is not anticipated there will be any funds available for distribution to unsecured creditors." Why did the firm fall into administration? In a summary of AAT's struggles its administrators wrote last month: "The company was acquired by the current director in 2022 by way of management buyout and shortly thereafter began experiencing financial difficulties when it fell into arrears with HMRC and entered into a time-to-pay arrangement. "Escalating costs together with losses on some projects caused the company to reach a point where it breached the arrangement. "Its financial statements show that in the year ended March 31, 2024, it had a turnover of some £7.2m but reported a loss of £466,000. The directors sought advice from insolvency practitioners at FRP Advisory but owing to its insurmountable liabilities the company was placed into administration on April 22, 2025." Sally Strachey Historic Conservation Ltd was formed in Somerset in 2010 and shortened its name to SSH Conservation last year before changing its name to AAT last month. The SSH website says: "We undertake the repair and conservation of historic fabric across a range of projects that incorporate architectural stonework, archaeological sites, museum pieces, church monuments, historic plaster and render, sculpture, polychrome, and decorative surfaces." The conservation project is anticipated to take two years from when it began in April 2024. "Very damp conditions" in the well tower had been "damaging the fabric of the building", says Cadw. SSH and JWC declined to respond to questions. Article continues below If you know of a story we should be investigating email us at
Yahoo
09-07-2025
- Business
- Yahoo
Italy's Leonardo to buy Sweden's Axiomatics, source says
ROME (Reuters) -Italy's Leonardo has agreed to buy Sweden's Axiomatics, a source told Reuters on Wednesday, marking a further step in the company's efforts to expand its cybersecurity business. The source, close to the matter, did not disclose the value of the deal, first reported in Italian financial newspaper MF. Axiomatics did not immediately reply to requests for comment. Founded in 2006 and based in Stockholm, the group specialises in so-called attribute-based access control authorisation systems. In past months Leonardo had been looking at many domestic and foreign companies for possible acquisitions in the cybersecurity sector, which it views as a critical area for future growth. The company anticipates double-digit expansion in the sector over the coming years. Last week the state-controlled group bought a 24.55% stake in SSH, in a deal making it the biggest single shareholder in the Finnish company. At the Paris airshow last month Leonardo's Chairman Stefano Pontecorvo told Reuters, "cybersecurity is an essential component in so-called multi-domain warfare, where everything is connected with everything". Sign in to access your portfolio
Yahoo
09-07-2025
- Business
- Yahoo
Italy's Leonardo to buy Sweden's Axiomatics, source says
ROME (Reuters) -Italy's Leonardo has agreed to buy Sweden's Axiomatics, a source told Reuters on Wednesday, marking a further step in the company's efforts to expand its cybersecurity business. The source, close to the matter, did not disclose the value of the deal, first reported in Italian financial newspaper MF. Axiomatics did not immediately reply to requests for comment. Founded in 2006 and based in Stockholm, the group specialises in so-called attribute-based access control authorisation systems. In past months Leonardo had been looking at many domestic and foreign companies for possible acquisitions in the cybersecurity sector, which it views as a critical area for future growth. The company anticipates double-digit expansion in the sector over the coming years. Last week the state-controlled group bought a 24.55% stake in SSH, in a deal making it the biggest single shareholder in the Finnish company. At the Paris airshow last month Leonardo's Chairman Stefano Pontecorvo told Reuters, "cybersecurity is an essential component in so-called multi-domain warfare, where everything is connected with everything". Sign in to access your portfolio
