Data Breach Today

Ransomware: No Decline in Victims Posted to Data-Leak Sites

Data Breach Today

Count of Victims - Listed on Leak Sites or Not - Appears To Be Holding Steady One measure of the damage being done by ransomware groups continues to be how many victims get listed on ransomware operators' dedicated data-leak sites, as part of their so-called double extortion tactics.

MirrorBlast Campaign Targets Finance Sector Using Macros

Data Breach Today

TA505 APT Group delivers phishing email containing malicious links Researchers at Morphisec Labs have published fresh details about a new MirrorBlast campaign that they say is run by a Russia-based threat group TA505, targeting financial services organizations.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Video Game Streamer 'Twitch' Confirms Massive Data Breach

Data Breach Today

Reports: Platform's Entire Source Code Compromised in 125GB Leak Amazon-owned video streaming service Twitch, which focuses on video games and e-sports broadcasts, reportedly suffered a massive data breach, which the company vaguely confirmed via Twitter.

New File-Locking Malware With No Known Decryptor Found

Data Breach Today

DSCI: Ransomware Alkhal Likely Spread Via Phishing, Malicious URLs The Data Security Council of India has issued an advisory about newly discovered ransomware Alkhal, which uses a strong encryption tool and has no known decryptor to recover lost data. The ransomware was likely discovered on Oct.

Monitoring AWS Container Environments at Scale

In this eBook, learn how to monitor AWS container environments at scale with Datadog and which key metrics to monitor when leveraging two container orchestration systems (ECS and EKS).

Missouri Refers Responsible Bug Report to Prosecutors

Data Breach Today

Michael L. Parson Alleges Newspaper Employee Improperly Accessed Data A newspaper employee in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state's governor.

Data Breach Reports Rise as Supply Chain Attacks Surge

Data Breach Today

US Breach Notification Transparency Declining, Identity Theft Resource Center Warns The number of breach reports filed by U.S. organizations looks set to break records, as breaches tied to phishing, ransomware and supply chain attacks keep surging, the Identity Theft Resource Center warns.

Microsoft Will Mitigate Brute-Force Bug in Azure AD

Data Breach Today

Microsoft Sparred with SecureWorks Over Impact But Relents Microsoft has indicated it will make changes to reduce the risk around what a security vendor says is a vulnerability that lets attackers run brute-force credential attacks against Azure Active Directory.

Risk 281

Hackers Impersonate Amnesty International to Spread Malware

Data Breach Today

Sarwent Malware Can Execute Remote Tasks Fraudsters are impersonating Amnesty International by building a fake site to distribute malware purporting to be an anti-virus tool to protect against the NSO Group's Pegasus tool, according to researchers at Cisco Talos

269
269

Cyberattacks Disable IT Networks at 2 Indiana Hospitals

Data Breach Today

Some Patients' Care Previously Postponed Due to COVID-19; What Happens Now? Two Indiana hospitals say their IT systems are disabled as they recover from cyberattacks suffered last week.

IT 261

The Importance of PCI Compliance and Data Ownership When Issuing Payment Cards

This eBook provides a practical explanation of the different PCI compliance approaches that payment card issuers can adopt, as well as the importance of both protecting user PII and gaining ownership and portability of their sensitive data.

Nobelium Makes Russia Leader in Cyberattacks

Data Breach Today

Microsoft: 58% of Attacks Reported Worldwide Originated From Russia Microsoft, in its annual threat review report, Digital Defense, says 58% of cyberattacks worldwide over the past year originated in Russia. And 92% of the Russia-based threat activity came from the nation-state threat group Nobeliu

IT 242

US Agencies to Water Facilities: You May Be Next Target

Data Breach Today

FBI, CISA, EPA & NSA Advisory Says Threats to Critical Infrastructure Rising U.S. federal agencies issued a joint advisory around potential cyber threats to the nation's water facilities.

IT 200

ISMG Editors' Panel: Are Our Systems Too Complex to Secure?

Data Breach Today

Thingiverse Data Leak Affects 228,000 Subscribers

Data Breach Today

The Data Dump Is Being Broadly Circulated on a Popular Hacking Forum Thingiverse, a popular website dedicated to sharing user-created digital design files, has reportedly leaked a 36GB backup file that contains 2.5 million unique email addresses and other personally identifiable information

208
208

Assess and Advance Your Organization’s DevSecOps Practices

In this white paper, a DevSecOps maturity model is laid out for technical leaders to use to enable their organizations to stay competitive in the digital economy.

Researcher Finds Malware Targeting Mac Users via Baidu Ad

Data Breach Today

The Ad, Now Deleted, Lured Users to a Phishing Website to Harvest Credentials Chinese security researcher Zhi has discovered a malware targeting Mac users. The malware, spread via a paid advertisement on search engine Baidu, is intended to harvest user credentials, he says.

Democratic Lawmakers Urge Agencies to Act on Ransomware

Data Breach Today

Letter to 4 Departments Asserts that Cryptocurrency Is Enabling These Attacks A congressional letter sent to the heads of four federal agencies expressed an urgent need for the Biden administration to continue combating ransomware.

FTC: Health App, Device Makers Must Report Breaches

Data Breach Today

But Does the 'Policy Statement' Warning Overstep the Intention of the Rule?

282
282

Teenage Cybercrime: Giving Young Hackers A Second Chance

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of attempts made by European law enforcement to encourage young cybercriminals to channel their skills in more ethical ways. Also featured: Fraud detection and response; Inspiring behavioural change

Make Payment Optimization a Part of Your Core Payment Strategy

Everything you need to know about payment optimization – an easy-to-integrate, PCI-compliant solution that enables companies to take control of their PSPs, minimize processing costs, maximize approval rates, and keep control over their payments data.

Fertility Testing Lab Says Ransomware Breach Affects 350,000

Data Breach Today

Also, NJ AG Smacks Fertility Clinic With Big Fine in Hacking Incident A flurry of hacking incidents and other recent breach developments highlight the cyberthreats and risks facing fertility healthcare and other related specialty providers that handle sensitive patient information

CISA Launches Insider Threat Self-Assessment Tool

Data Breach Today

Agency Is Also Keeping Its 'Rumor Control' Website Active Ahead of Midterm Elections A new self-assessment tool aims to help public and private sector organizations assess their level of vulnerability to insider threats, according to CISA.

IT 249

Top US Cyber Officials Say Ransomware Is Here to Stay

Data Breach Today

Head of NSA, Cyber Command Says US Will Continue to Battle Ransomware for Years Some of the highest-ranking cybersecurity officials in the U.S.

Good News: REvil Ransomware Victims Get Free Decryptor

Data Breach Today

Many Files Crypto-Locked Before July 13 Unlockable via Free Bitdefender Decryptor Score one for the good guys in the fight against ransomware: Anyone who fell victim to REvil, aka Sodinokibi, crypto-locking malware before July 13 can now decrypt their files for free, thanks to a decryptor released by security firm Bitdefender.

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

Microsoft Fully Ditches the Password

Data Breach Today

Windows Users Can Now Use Other Methods to Access Microsoft Products Microsoft has officially gone fully passwordless, allowing Windows users to replace their alphanumeric passwords with one of several substitute sign-in technologies to gain entry into a Microsoft product - a move received positively by industry insiders.

Facebook's WhatsApp Hit With $266 Million GDPR Fine

Data Breach Today

GDPR 284

Ransomware Reportedly Hits Iowa Farm Services Cooperative

Data Breach Today

Researchers Believe NEW Cooperative Targeted By BlackMatter Gang NEW Cooperative, an Iowa-based farm services cooperative, has reportedly been targeted by the BlackMatter ransomware gang, demanding a $5.9 million payment from the organization, according to security researchers and published reports.

BlackByte: Free Decryptor Released for Ransomware Strain

Data Breach Today

But Name-and-Shame Attackers Likely Retooling After Spotting Encryption Problems A free decryptor for BlackByte ransomware has been released by security researchers at Trustwave who cracked the crypto-locking malware's encryption.

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Apache Issues Another Emergency Patch for Exploited Flaws

Data Breach Today

110,000 Servers Exposed to Active Attacks; US Government Urges Immediate Patching Apache HTTP Server users are being warned to install yet another patch, as a fix released Wednesday was incomplete and introduced a new flaw. The U.S.

Breach of Syniverse Reveals Yet Another Supply Chain Attack

Data Breach Today

5-Year Intrusion Is the Latest Incident Involving Lesser-Known - Yet Key - Provider Who had heard of Syniverse before it recently disclosed a five-year breach, potentially exposing call-routing data and text messages for hundreds of mobile phone networks?

IT 223

To Repel Supply Chain Attacks, Better Incentives Needed

Data Breach Today

The breach of text message routing giant Syniverse revealed yet another supply chain attack involving a key supplier, exacerbated by outdated communications protocols desperately in need of a security revamp and better incentives for improvement, says mobile telephony security expert Karsten Nohl

CISA to Access Agencies' Endpoints, Help Enhance Security

Data Breach Today

OMB Memo: Agencies Have 90 Days to Allow CISA to Begin Reviewing EDR Status In an effort to bolster endpoint protection within the U.S. government, the White House is ordering federal agencies to allow CISA to access existing deployments.

Access 203

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

House Lawmakers Announce Bill Targeting Tech Algorithms

Data Breach Today

Bill Would Remove Some Third-Party Content 'Immunity' Held by Social Platforms Democratic lawmakers on the House Committee on Energy and Commerce announced legislation that would rein in tech algorithms on platforms exceeding 5 million monthly viewers.

192
192

New Bill Would Require Ransom Disclosure Within 48 Hours

Data Breach Today

Legislation Would Also Direct US DHS to Study Ransomware, Cryptocurrencies U.S. lawmakers have introduced legislation that would require the reporting of ransom payments within 48 hours of the transaction.

LANtenna Attacks Exploit Air-Gapped Networks Via Ethernet

Data Breach Today

Exploits Use Ethernet Cables, Can Leak Data to Location Several Meters Away Researchers at Ben-Gurion University of the Negev, Israel, have uncovered a new type of electromagnetic attack, dubbed LANtenna, that exfiltrates sensitive data from an isolated, air-gapped computer using Ethernet cables as transmitting antennas.

221
221

FIN12 Ransomware Attacks Aggressively Targeting Healthcare

Data Breach Today

Reaching Unreachable Candidates

Speaker: Patrick Dempsey and Andrew Erpelding of ZoomInfo

What is ZoomInfo for Recruiters? Find and connect with the right talent to fill roles fast with more data, basic search, advanced search, candidate and company profiles, and export results. Watch this On-Demand Webinar today to see how ZoomInfo for Recruiters can work to get your talented candidates results.