Bright Security’s Enterprise Grade Dev-Centric DAST Integrates with

Microsoft Defender for Cloud →
Product
Product overview

See how dev-centric DAST for the enterprise secures your business.

Web attacks

Continuous security testing for web applications at high-scale.

API attacks

Safeguard your APIs no matter how often you deploy.

Business logic attacks

Future-proof your security testing with green-flow exploitation testing.

LLM attacks

Next-gen security testing for LLM & Gen AI powered applications and add-ons.

Interfaces & extensions

Security testing throughout the SDLC - in your team’s native stack.

Integrations

Connecting your security stack & resolution processes seamlessly.

Docs

Getting started with Bright and implementing it in your enterprise stack.

Book a demo

We’ll show you how Bright’s DAST can secure your security posture.

Resources
Blog

Check out or insights & deep dives into the world of security testing.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

Docs

Getting started with Bright and implementing it in your enterprise stack.

Case studies

Dive into DAST success stories from Bright customers.

Research

Download whitepapers & research on hot topics in the security field.

Company
About us

Who we are, where we came from, and our Bright vision for the future.

News

Bright news hot off the press.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

We're hiring

Want to join the Bright team? See our open possitions.

Bug bounty

Found a security issue or vulnerability we should hear about? Let us know!

Contact us

Need some help getting started? Looking to collaborate? Talk to us.

Resources > Blog >
Security Breaches: What We Learned in 2022

Security Breaches: What We Learned in 2022

With global events happening all around us, it’s time to reflect on how the year before us affected the cybersecurity world, and the lessons we learned during this period. It’s been a very turbulent time in cybersecurity, with the technology sector going through financial turmoil, which in turn caused some critical vulnerabilities to occur.

This is part of a series of articles about Data Breach.

The Biggest Breaches

Some of the biggest breaches involved some of the biggest tech companies! Twitter & WhatsApp are just top-of-the-shelf examples of how even the richest and most powerful organizations constantly have to keep up in order to keep their data safe. 

Optus Data Breach

It sounds bad when you first learn that a giant telecommunications company suffered a data breach. But it’s only when you learn that no less than 11 million people had their data leaked does it go to the next level. 

The hackers accessed all sorts of personal data after which they supposedly contacted all the users with a $1300 offer to keep their data private. Not only that, but those users started becoming a target of recurring phishing attacks. Some journalists reported that the hackers gained access to the data by accessing an unauthenticated API endpoint, although the details of the attack are yet to be published online.

Medibank Data Breach

Another company from The Land Down Under took over the unfortunate headlines in the twilight of this year as Medibank suffered a huge cybersecurity breach. To be more specific, an anonymous hacker collected  9.7 million records of Medibank’s customers. 

After the company refused to give in to hackers’ requests, the cybercriminals dumped more than 5GB of compressed data online. All the analysis indicates that the data dump, indeed, contains the Medibank customer information. 

DoorDash Data Breach

The summer of ‘22 won’t be remembered as a particularly happy one for DoorDash users. Perhaps the biggest food delivery company suffered an enormous leak where almost 5 million of their users had their data stolen. 

What’s really interesting is that the attack happened via a very sophisticated phishing campaign, ultimately causing big damage to DoorDash in terms of customer trust.

Luckily, hackers only accessed some credit card data from a smaller group of people, but even in those cases, it was mostly the last four digits of their card number – still a big risk, but not as threatening as some other data leaks out there.

Security Starts at Your Own Home

When talking about big security breaches, a lot of companies focus their defense mechanisms solely on technical details. They make sure that the system they’re using is impenetrable. However, there’s a big gap that often occurs, resulting in some of the biggest data leaks – and it’s human error.

Making sure that your employees are the first line of defense is crucial in maintaining safe environment, protected from outside breaches. This means constant education of your employees, enrolling and encouraging them to take up security courses, and raising the overall level of cybersecurity awareness in your company. 

Creating a safe environment isn’t, and never has been an individual effort of a few people specialized in cybersecurity. It’s always about the whole group that has to stay organized and aware of all the outside threats in order to make sure that costly slip-ups don’t happen. Ultimately, the chain is as strong as its weakest link, and that theory perfectly applies to cybersecurity.

From all the lessons we’ve learned in 2022, it’s time for all of us to take action, broaden our knowledge, and work on our cybersecurity awareness. These are the steps necessary in going to the next level and raising our security levels online.

Resources

Domain Hijacking: How It Works and 6 Ways to Prevent It

What Is Domain Hijacking?  Domain hijacking refers to the unauthorized acquisition of a domain name by a third party, effectively taking control away from the rightful owner. This form of cyber attack can lead to significant disruptions, including loss of website functionality, email services, and potentially damaging the brand’s reputation.  Domain hijackers often exploit security

Mastering Vulnerability Management: A Comprehensive Guide

Modern day organizations face a constant barrage of cyber threats, making it imperative to implement robust vulnerability management processes. Vulnerability management is a systematic approach to identifying, evaluating, treating, and reporting on security vulnerabilities in systems and their associated software. In this blog post, we’ll delve into the four crucial steps of vulnerability management process

Vulnerability Scanners: 4 Key Features, Types, and How to Choose

A vulnerability scanner is a specialized software tool designed to assess the security of computers, networks, or applications by automatically detecting and analyzing weaknesses. These scanners proactively search for security vulnerabilities, such as unpatched software, misconfigurations, and other security gaps that could be exploited by attackers. Some scanners can simulate the actions of an attacker to help identify exploitable vulnerabilities.

Get our newsletter