Data Breach Today

FEBRUARY 2, 2024

While Average Falls Below 30%, We're Still Far From Seeing Criminal Profits Dry Up The number of victims who opt to pay a ransom appears to have declined to a record low. During the last three months of 2023, an average of 29% of organizations hit by ransomware paid a ransom - a notable shift from what ransomware watchers saw in recent years.

Ransomware 284

Ransomware 284

Data Breach Today

FEBRUARY 2, 2024

Credit Union Lender Discusses Expanding Role of Credit Repair Companies in Fraud Detecting first-party fraud poses unique challenges. Data plays a critical role in spotting fraud by pointing out patterns such as high charge-off balances that hint at premeditated fraud, said Matt Beardsley, senior manager of consumer lending at PenFed Credit Union.

255

255

Data Breach Today

JANUARY 24, 2024

McKinsey Predicts up to 15% Profit Increase, Gen AI Use in All Areas of Banking Bloomberg, JPMC, European Central Bank, Morgan Stanley, NASDAQ, HDFC ERGO and Commonwealth Bank Australia are harnessing gen AI to enhance productivity and customer experience. Gen AI has the potential to reshape job roles, redefine customer interactions and create new business models.

Customer Experience 265

Customer Experience 265

Data Breach Today

JANUARY 5, 2024

Authorities in 15 Countries Helped Dismantle Operations Following 2019 Takedown The U.S. Department of Justice announced Friday that it has wrapped up its investigation of the xDedic dark web marketplace and successfully dismantled the multinational criminal organizations, leading to charges against 19 individuals, including administrators, developers and customer service reps.

Marketing 298

Marketing IT 298

Data Breach Today

JANUARY 5, 2024

Data-Poisoning Attacks Are Critical Threat to Machine Learning Security, NIST Warns Machine learning systems are vulnerable to cyberattacks that could allow hackers to evade security and prompt data leaks, scientists at the National Institute of Standards and Technology warned. There is "no foolproof defense" against some of these attacks, researchers said.

Security 311

Security 311

Data Breach Today

JANUARY 5, 2024

Reports Say Attempts to Delete Data in the Attacks Were Unsuccessful Iranian hackers targeted the Albanian Parliament using the No-Justice Wiper and other commonly used tools. The attack came months after Albania had severed diplomatic ties with Iran following a July cyberattack that disrupted the country's online governmental services portal.

285

285

Data Breach Today

JANUARY 5, 2024

Company Plans to Enhance Digital Workplace Protection With Behavioral Analytics Mimecast announced the acquisition of human risk management solutions specialist Elevate Security as part of its initiative to enhance digital workplace protection. The move aims to address evolving cyberthreats by offering insights into human behaviors and risks and empowering customers.

Risk 289

Risk Analytics Security IT 289

Data Breach Today

JANUARY 5, 2024

Also: Cyber Resilience in Israel; Human Risk Management in the Era of Remote Work In the latest weekly update, four ISMG editors discussed the number of ransomware victims who are paying a ransom to cybercriminals, the need for greater cyber resilience during wartime, and the critical role of human risk management in organizational cybersecurity in the era of remote work.

Ransomware 304

Ransomware Risk Cybersecurity 304

Data Breach Today

DECEMBER 27, 2023

Cyber Israel Warns of a Wave of Phishing Attempts Cyberspace aggression against Israel has intensified since the onset of war in the Gaza Strip, changing from online vandalism to attacks aimed at disruption and sowing fear, says Israel's cybersecurity agency. A prominent attack vector is phishing emails.

Phishing 306

Phishing Cybersecurity 306

Data Breach Today

DECEMBER 27, 2023

NIST Fails to Provide Information on Award Process for AI Research, Lawmakers Say The National Institute of Standards and Technology is failing to provide adequate information about how it plans to award funding opportunities to research institutions and private organizations through a newly established Artificial Intelligence Safety Institute, according to a group of lawmakers.

Artificial Intelligence 273

Artificial Intelligence IT 273

Data Breach Today

DECEMBER 27, 2023

Strengthening OT Security with HCLTech and Microsoft In an age reliant on operational technology, ensuring robust security for diverse industries is crucial. Join us as we discuss operational challenges, highlighting specific threats faced by businesses today. Explore how the powerful alliance between HCLTech and Microsoft empowers organizations to safeguard critical assets and enhance resilience against evolving threats.

Security 283

Security Cybersecurity 283

Data Breach Today

DECEMBER 27, 2023

Attacks Exposed Millions of Records, Severely Disrupted Care and More Hacks on healthcare sector entities reached record levels in 2023 in terms of data breaches. But the impact of hacks on hospital chains, doctors' offices and other medical providers - or their critical vendors - goes much deeper than the exposure of millions of health records.

Data breaches 300

Data breaches 300

Data Breach Today

DECEMBER 27, 2023

Wave of Attacks Affects ShellBot, Tsunami, ChinaZ DDoS Bot and XMRig CoinMiner Hackers are targeting Linux Secure Shell servers to install tools for port scanning and dictionary attacks to compromise other vulnerable servers, forming a network for cryptocurrency mining and distributed denial-of-service attacks, say researchers at AhnLab Security Emergency Response Center.

Mining 283

Mining Security 283

Data Breach Today

DECEMBER 18, 2023

What Should the US Government Do to Impove Medical Cybersecurity? Lobbyists for U.S. hospitals oppose a Biden administration proposal for mandatory cybersecurity requirements and possible financial disincentives for organizations that fail to meet those expectations. Industry experts contend that some type of government actions are needed.

Cybersecurity 268

Cybersecurity Government 268

Data Breach Today

DECEMBER 18, 2023

Financial Stability Oversight Council Expects AI Use to Increase U.S. regulators for the first time detailed the risks artificial intelligence poses to the financial system and classified the technology as an "emerging vulnerability." The Financial Stability Oversight Council in its annual report flagged AI's ability to introduce "certain risks.

Risk 298

Risk Artificial Intelligence IT 298

Data Breach Today

NOVEMBER 21, 2023

LockBit and Nation-State Groups Using Session Tokens to Access Patched Devices With experts warning that NetScaler ADC and Gateway devices are being exploited by nation-state and cybercrime groups, the manufacturer has again urged all users to "patch immediately as well as terminate active sessions, which attackers can otherwise use to access devices even post-patch.

Manufacturing 292

Manufacturing Access 292

Data Breach Today

OCTOBER 30, 2023

Reviewpad Will Help Developers Secure Pull Requests, Vet Code Generated by AI Tools Snyk purchased a Portuguese startup founded by SonarSource and European Parliament veterans to help developers contribute to code bases more quickly. The Boston-based developer security vendor said its buy of Porto-based Reviewpad will help developers secure pull requests.

Security 263

Security IT 263

Data Breach Today

OCTOBER 30, 2023

Experts Praise Executive Order For Focusing on Security Risks Associated With AI U.S. President Joe Biden called on Congress to pass comprehensive legislation on artificial intelligence after invoking Cold War-era executive powers over private industry in a sweeping executive order that aims to set new standards and regulations for AI systems.

Artificial Intelligence 263

Artificial Intelligence Risk Security 263

Data Breach Today

OCTOBER 30, 2023

SEC Seeks to Ban Brown From Serving As Officer, Director of Publicly-Traded Company Federal regulators accused SolarWinds and CISO Tim Brown of fraud and internal control failures for misleading investors about the company's cybersecurity practices and risks. The SEC said SolarWinds and Brown disclosed only generic and hypothetical risks even though they knew about specific issues.

Risk 286

Risk Cybersecurity 286

Data Breach Today

OCTOBER 30, 2023

How to Protect Dispersed Apps, APIs and Handle Low Visibility, Emerging Threats In recent years, the adoption of public cloud infrastructures has surged, providing organizations with unparalleled flexibility and scalability. But this shift has also introduced a new set of challenges when it comes to protecting web applications and APIs that are hosted on these platforms.

Cloud 269

Cloud IT 269

Data Breach Today

OCTOBER 30, 2023

Patch or Perish: Researchers See Mass Exploits of NetScaler ADC and Gateway Devices Ransomware-wielding groups are among the attackers exploiting vulnerabilities in NetScaler devices to bypass authentication and gain initial access to victims' networks. Experts say users must not just patch but also wipe device memory to prevent attackers from bypassing access controls.

Ransomware 293

Ransomware Authentication Access 293

Data Breach Today

OCTOBER 30, 2023

Proposed Class Action Suits Accuse Warehouse Market of Unlawful Use of Web Trackers Costco warehouse customers often get free samples of cheese and beef jerky. But members who fill their prescriptions online at Costco pharmacies allegedly get their sensitive information unlawfully scraped and transmitted to third parties, claim two proposed federal class action lawsuits.

Marketing 273

Marketing 273

Data Breach Today

OCTOBER 9, 2023

Petition Signed by 65 Parliamentarians and 31 Civil Society Organizations More than five dozen British lawmakers across political parties and privacy organizations called for an "immediate stop" to real-time facial recognition in the United Kingdom. Live facial recognition faces a ban in Europe and its use by police is banned in a handful of U.S. jurisdictions.

Privacy 268

Privacy IT 268

Data Breach Today

OCTOBER 9, 2023

Militants Likely Planned Assault Offline, to Evade Digital Surveillance Dragnet How did Israeli intelligence fail to spot and stop the deadly assault on Saturday by Hamas militants? Experts suggest planners used offline tactics and extreme compartmentalization to prevent leaks and evade well-known Israeli cyberespionage and digital surveillance capabilities.

157

157

Data Breach Today

AUGUST 29, 2023

Fallout From Crypto-Locking Malware Attacks and Data Exfiltration Remains Costly Ransomware and data-exfiltration attacks are continuing to stick victims with serious bills to cover cleanup, legal and other resulting costs - to the tune of $10.8 million and counting for cloud computing giant Rackspace, for one, which was hit by the Play ransomware group last year.

Cleanup 265

Cleanup Ransomware Cloud 265

Data Breach Today

AUGUST 28, 2023

Fallout From Crypto-Locking Malware Attacks and Data Exfiltration Remains Costly Ransomware and data-exfiltration attacks are continuing to stick victims with serious bills to cover cleanup, legal and other resulting costs - to the tune of $10.8 million and counting for cloud computing giant Rackspace, for one, which was hit by the Play ransomware group last year.

Cleanup 276

Cleanup Ransomware Cloud 276

Data Breach Today

AUGUST 28, 2023

Despite the Financial Hurdles, the Perks of Building a CNAPP-XDR Platform Are Clear Venture-backed cloud security firm Wiz swallowing up publicly traded endpoint security firm SentinelOne would be one of the most unorthodox and surprising acquisitions the cybersecurity industry has ever seen. But despite the major financial hurdles, the potential technology synergies are obvious.

IT 273

IT Cloud Cybersecurity Security 273

Data Breach Today

AUGUST 28, 2023

FTX, BlockFI and Genesis Claimants at Risk of Phishing Kroll is warning claimants in three major cryptocurrency bankruptcy cases that hackers obtained their personal data after the attacker convinced a mobile carrier to redirect an employee's phone number to their own device. Hackers appear to have already begun a phishing campaign.

Phishing 279

Phishing Personal data Risk 279

Data Breach Today

AUGUST 28, 2023

Sector Urged to Broaden Info Sharing Beyond Traditional Indicators Public-private cybersecurity councils urged the healthcare industry to be more expansive in sharing signs of hacking, warning that traditional indicators aren't enough. Fending off hackers requires additional shared data such as SIEM rules and Automated Response Playbooks.

Cybersecurity 248

Cybersecurity 248

Data Breach Today

AUGUST 8, 2023

Sen. Mark Warner Asks Google CEO to Address AI Trust, Privacy, Ethical Practices Citing several growing concerns, Sen. Mark Warner, D-Va., on Tuesday sent a letter quizzing Google CEO Sundar Pichai about how the tech giant is applying privacy, trust and ethical "guardrails" around the development and use of its generative AI product, Med-PaLM 2, in patient care settings.

Privacy 241

Privacy IT 241

Data Breach Today

AUGUST 8, 2023

Threat Actor Coaxes Users Into Downloading MerlinAgent Hackers attempting to spy on the Ukrainian government are using an open-source remote access Trojan, said Kyiv cyber defenders. The RAT, MerlinAgent, is available on GitHub. The threat actor spoofed the Computer Emergency Response Team of Ukraine in phishing emails.

Phishing 246

Phishing Government Access 246

Data Breach Today

AUGUST 8, 2023

Agency Detected the Incident in October 2022 - Over 1 Year After the Hack The U.K. Electoral Commission suffered a "complex cyber-attack" in 2021, resulting in hackers accessing sensitive voter information. Commission CEO Shaun McNally said the attack resulted in hackers accessing copies of electoral register files that the agency uses for research purposes.

Access 245

Access 245

Data Breach Today

AUGUST 8, 2023

Cybercrime Group Defrauded Nearly 200,000 Euros Spanish police estimate that a group that mainly targeted ATMs of Spanish national banks using cloned payment cards had fraudulently pocketed nearly 196,000 euros. Authorities arrested three suspected members of the group Sunday in the Spanish coastal city of Valencia.

246

246

Data Breach Today

JULY 20, 2023

Developing a Multilayered Defense Strategy for the Most Common Attack Techniques Despite the significant advances technology has made over the past few years, email remains one of the best tools for cybercriminals. Training is just one piece of the puzzle. The best defense against today's cybercrime landscape is a multilayered security strategy.

Phishing 238

Phishing Security 238

Data Breach Today

JULY 20, 2023

Expel VP Chris Waynforth on How Security Researchers Can Reduce False Positives Unnecessary cyber alerts are a threat that can overwhelm defenders, leading to burnout and reduced efficiency within the team. Chris Waynforth, vice president and general manager at Expel, said adopting automation solutions to filter and prioritize alerts allows for more effective incident response.

IT 246

IT Security 246

Data Breach Today

JULY 20, 2023

Social Engineering Expert Was Featured on FBI's Most Wanted List Before Going Legit Kevin Mitnick, the self-described "world's most famous hacker" - thanks in no small part to his being featured on the FBI's Most Wanted list during a two-year manhunt - has died at the age of 59. After serving time in prison, Mitnick went legit, warning others about the dangers of social engineering.

237

237

Data Breach Today

JULY 20, 2023

Also: Hackers Launder Fewer Funds From DeFi Hacks in 1st Half of 2023 Between July 14 and 20, senators introduced a bill to address DeFi risk, Nasdaq held back crypto custody plans, DeFi hackers laundered lesser amounts of stolen funds in the first half of this year than in H1 2022, and an Australian bank blocked payments to high-risk crypto exchanges.

Risk 237

Risk 237