IT Governance

JANUARY 9, 2023

Welcome to our review of security incidents for 2022, in which we take a closer look at the information gathered in our monthly lists of data breaches and cyber attacks. IT Governance discovered 1,063 security incidents in 2022, which accounted for 480,014,323 breached records. That represents an 14.8%

Data breaches 126

Data breaches Ransomware Government Passwords 126

Security Affairs

APRIL 6, 2022

Block disclosed a data breach related to the Cash App investing app and is notifying 8.2 The data breach involved a former employee that downloaded some unspecified reports of its Cash App Investing app that contained some U.S. customer information. customer information. To nominate, please visit:?

Data breaches 104

Data breaches Passwords Access Security 104

Security Affairs

FEBRUARY 18, 2023

. “According to information we have received, their apparent goal is to infect websites and servers with malware for phishing campaigns, malware distribution and other malicious activities.” million customers , and March 2020, which exposed data of 28,000 customers. ” reads a FORM- 10-K filed with SEC.

Data breaches 84

Data breaches Military Manufacturing Libraries 84

Security Affairs

JANUARY 4, 2022

The Broward Health public health system disclosed a massive data breach that has impacted more than 1.3 The Broward Health public health system has suffered a data breach that impacted 1,357,879 individuals. Broward Health discovered the intrusion on October 19, 2021.” million individuals. Pierluigi Paganini.

Data breaches 78

Data breaches Passwords Insurance Access 78

Hunton Privacy

MAY 20, 2021

On May 18, 2021, New York Attorney General (“AG”) Letitia James announced a settlement agreement with Filters Fast LLC (“Filters Fast”) over a data breach that compromised personal information of approximately 324,000 consumers nationwide, including over 16,500 New York state residents.

Data breaches 78

Data breaches Retail Security IT 78

Security Affairs

MARCH 25, 2021

Researchers discovered the availability in the DarK Web of 30M of records of Americans affected by the Astoria Company data breach. Collected data si shared with a number of partner sites (such as insurance or loan agencies), that pay per lead referral. DATABASE SALE ON DARKWEB MARKETS. ” continues the experts.

Data breaches 99

Data breaches Sales Insurance Marketing 99

Security Affairs

JULY 10, 2021

Mint Mobile discloses a data breach, an unauthorized attacker gained access to subscribers’ account information and ported phone numbers. BleepingComputer reported that Mint Mobile has disclosed a data breach that exposed subscribers’ account information and ported phone numbers to another carrier.

Access 135

Access Data breaches Passwords Security 135

Security Affairs

DECEMBER 10, 2021

Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library. Apache Log4j2 jndi RCE #apache #rce [link] pic.twitter.com/CdSlSCytaD — p0rz9 (@P0rZ9) December 9, 2021.

Libraries 136

Libraries IT Cloud Paper 136

eSecurity Planet

MAY 3, 2022

From Q1 2021 to Q1 2022, the team discovered 399,200 exposed databases due to those efforts. Also read: Database Security: 7 Best Practices & Tips. According to Group-IB, the likelihood of the database systems being used in cybercrime and security breaches is high. Redis DBMS Tops the List.

Security 126

Security Risk Information Security Data breaches 126

IT Governance

JANUARY 10, 2019

This week, we discuss a high-profile German data breach, the top worst passwords of 2018, the resignation of NHS Digital’s CISO, and Microsoft’s latest patches. Coincidentally, SplashData has just published its annual list of 100 weak passwords, culled from the previous 12 months’ publicly disclosed data breaches.

Data breaches 77

Data breaches Passwords GDPR Personal data 77

Security Affairs

DECEMBER 7, 2023

In January 2021, a misconfigured Git server caused the leak of the source code of mobile apps and internal software used by Nissan North America. The software engineer Tillie Kottmann was informed by an anonymous source that the Git server was exposed online and accessible to anyone using the default login credentials admin/admin.

Financial Services 107

Financial Services Data breaches Ransomware Access 107

Security Affairs

JUNE 13, 2023

A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023. The availability of the archive was reported by the data breach notification service Have I Been Pwned , which notified Zecks.

Data breaches 80

Data breaches Passwords Encryption Archiving 80

Security Affairs

JUNE 11, 2023

Experts found new MOVEit Transfer SQL Injection flaws The University of Manchester suffered a cyber attack and suspects a data breach Russians charged with hacking Mt.

Healthcare 85

Healthcare Security Ransomware Data breaches 85

Security Affairs

JUNE 15, 2022

Privacy Affairs published the Dark Web Index, an analysis of prices for illegal services/products available in the black marketplaces and related to the period between February 2021 and June 2022. The document updates the information provided in the Dark Web Index 2022 report. verified account goes for $170 ($710 in 2021).

Privacy 90

Privacy Cybersecurity Security IT 90

Security Affairs

APRIL 18, 2021

Joker malware infected 538,000 Huawei Android devices Personal data of 1.3 Joker malware infected 538,000 Huawei Android devices Personal data of 1.3

Security 93

Security Data breaches Personal data Risk 93

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Eva Galperi n | @evacide.

Cybersecurity 139

Cybersecurity e-Discovery Passwords Information Security 139

Security Affairs

OCTOBER 25, 2022

The Hive ransomware gang, which claimed the responsibility for the Tata Power data breach, started leaking data. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of its IT systems.”. key files.

Ransomware 83

Ransomware Blockchain Encryption Data breaches 83

Security Affairs

OCTOBER 3, 2021

Threat actors exploit a flaw in Coinbase 2FA to steal user funds Flubot Android banking Trojan spreads via fake security updates Th Tim’s RED Team Research reports 3 new CVEs, two of which in 4G/5G Baby died at Alabama Springhill Medical Center due to cyber attack Hydra Android trojan campaign targets customers of European banks Neiman Marcus discloses (..)

Security 52

Security Data breaches Information Security Risk 52

Security Affairs

NOVEMBER 14, 2021

Hundreds of thousands of fake warnings of cyberattacks sent from a hacked FBI email server GravityRAT returns disguised as an end-to-end encrypted chat app Intel and AMD address high severity vulnerabilities in products and drivers New evolving Abcbot DDoS botnet targets Linux systems Retail giant Costco discloses data breach, payment card data exposed (..)

Security 53

Security Data breaches Ransomware Phishing 53

Security Affairs

OCTOBER 5, 2021

The UK media outlet The Telegraph has leaked 10 TB of subscriber data after failing to properly secure one of its databases. The UK newspaper The Telegraph’, one of the UK’s largest newspapers and online media outlets, has leaked 10 TB of data after failing to properly secure one of its databases.

Honeypots 90

Honeypots Passwords Encryption Authentication 90

IT Governance

JUNE 8, 2023

We’ve looked at sources such as IBM’s Cost of a Data Breach Report , Verizon’s 2023 DBIR (Data Breaches and Investigations Report) and Proofpoint’s The State of Phishing report , and found 50 essential stats to reveal the threat that phishing plays – plus we have an extra statistic to explain how you can prevent attacks.

Phishing 111

Phishing Data breaches Communications Government 111

eSecurity Planet

DECEMBER 10, 2021

The bug, tracked as CVE-2021-44228 , is a zero-day vulnerability that allows unauthenticated remote code execution (RCE) that could give attacks control of the systems the software is running in. The vulnerability – which has been dubbed Log4Shell – has been given a severity score of 10/10, the highest score possible.

Risk 133

Risk Libraries Cybersecurity Honeypots 133

Security Affairs

DECEMBER 6, 2021

At the time of this writing, no ransomware gang has claimed responsibility for the security breach. 90% of internal controls and systems were corrupted by the cyber attack and most of the historical data dating back more than 20 years was compromised. “DMEA was the victim of a cyber-attack on November 7, 2021.

Energy and Utilities 87

Energy and Utilities Ransomware Data breaches Security 87

Security Affairs

OCTOBER 12, 2021

The attack took place on October 10, 2021. “As part of the investigation and containment, we have suspended affected systems and have informed the relevant external partners. .” The investigation is still ongoing and Olympus states that it will continue to provide updates as new information becomes available.

Ransomware 87

Ransomware Data breaches IT Security 87

Security Affairs

MARCH 13, 2023

The three-year-old high-severity flaw is a deserialization of untrusted data in Plex Media Server on Windows, a remote, authenticated attacker can trigger it to execute arbitrary Python code. CISAgov added #CVE -2020-5741 & CVE-2021-39144 to the Known Exploited Vulnerabilities Catalog.

Libraries 76

Libraries Data breaches Cybersecurity Authentication 76

Security Affairs

FEBRUARY 8, 2022

Data belonging to 6,632 Puma employees was stolen in a December 2021 ransomware attack that hit Ultimate Kronos Group (UKG). Data of 6,632 Puma employees was stolen in a ransomware attack that hit HR management platform Ultimate Kronos Group (UKG) in December. We notified PUMA of this incident on January 10, 2022.”

Ransomware 80

Ransomware Cloud Personal data Encryption 80

The Last Watchdog

MARCH 21, 2022

At the same time – in fact, as a direct result of data’s central importance – more adversaries are working harder and finding more nefarious ways to steal or otherwise compromise your data. As just one measure, the number of data breaches in the first nine months of 2021 exceeded all those in 2020, a new record.

Encryption 214

Encryption Cloud Privacy GDPR 214

Security Affairs

JULY 11, 2022

The average ransomware payment climbed 82% since 2020 to a record high of $570,000 in the first half of 2021, and then by 2022 it almost doubled. In a recent post from 10 Jul 2022, 15:35 pm in Dark Web , “ALPHV” introduced search not only by text signatures, but also supporting tags for search of passwords and compromised PII.

Ransomware 79

Ransomware Passwords Communications Cybersecurity 79

Security Affairs

APRIL 17, 2022

Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist The unceasing action of Anonymous against Russia Threat actors target the Ukrainian gov with IcedID malware Threat actors use Zimbra exploits to target organizations in Ukraine Conti Ransomware Gang claims responsibility for the Nordex hack ZingoStealer crimeware released (..)

Security 71

Security Ransomware Data breaches Cybersecurity 71

Security Affairs

OCTOBER 4, 2021

Pottawatomie County restored operations that were suspended after a ransomware attack hit its systems on September 17, 2021. Officials at Pottawatomie County announced to have fully recovered their IT infrastructure that was hit by a ransomware attack on September 17, 2021.

IT 93

IT Ransomware Government Security 93

eSecurity Planet

MAY 30, 2024

Ransomware attacks and data breaches make headlines when they shut down huge connected healthcare providers such as Ascension Healthcare or Change Healthcare. Examining the available details of these breaches will help you learn key lessons from their pain to avoid suffering the same humiliating and expensive situations.

Cybersecurity 73

Cybersecurity Ransomware Data breaches Risk 73

IT Governance

OCTOBER 31, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Breached organisation: French public bodies, organisations, universities, research institutes and think tanks. It’s unclear whether any records were breached.

Data Privacy 52

Data Privacy Privacy Data breaches Security 52

Security Affairs

JUNE 25, 2023

Someone is sending mysterious smartwatches to the US Military personnel CISA orders govt agencies to fix recently disclosed flaws in Apple devices VMware fixed five memory corruption issues in vCenter Server Fortinet fixes critical FortiNAC RCE, install updates asap More than a million GitHub repositories potentially vulnerable to RepoJacking New Mirai (..)

Security 84

Security Military Ransomware Cybersecurity 84

Security Affairs

SEPTEMBER 29, 2023

State Department IT officials, officials told lawmakers that threat actors stole at least 60,000 emails from a 1 total of 10 State Department accounts. The company discovered that threat actors stole a signing key used to breach government email accounts from a Windows crash dump after compromising a Microsoft engineer’s corporate account.

Authentication 98

Authentication Access Government IT 98

Security Affairs

AUGUST 18, 2020

Carnival Corporation & plc is a British-American cruise operator, currently the world’s largest travel leisure company, with a combined fleet of over 100 vessels across 10 cruise line brands. In March, Carnival Corporation disclosed another data breach that took place in 2019. x base score of 10.

Ransomware 91

Ransomware Personal data Access Data breaches 91

Thales Cloud Protection & Licensing

MAY 4, 2021

Tue, 05/04/2021 - 09:40. The same goes with the advent of Quantum Computing , which is supposed to bring exponential computing power that shall not only bring endless benefits but also raises question marks on the current state of cryptography that is the bedrock of all information security as we know today. Data Firewall.

Computer and Electronics 98

Computer and Electronics IoT Communications Risk 98

Security Affairs

NOVEMBER 12, 2023

The group claims to theft of more than 400GB of data, including internal files, patient medical images, and also employee email communications. The Lorenz ransomware gang has been active since April 2021 and hit multiple organizations worldwide demanding hundreds of thousands of dollars in ransom to the victims.

Ransomware 118

Ransomware Encryption Communications IT 118