2023, Data, Information Security and Security - Information Management Today

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks City of Philadelphia discloses data breach after five months Date of breach: 24 May 2023 ( notice issued 20 October 2023).

Data Privacy

Data Privacy Privacy Security Data breaches

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Authentication

Authentication Passwords Data collection Communications

The Week in Cyber Security and Data Privacy: 13 – 19 November 2023

IT Governance

NOVEMBER 20, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Date of breach: 26 October 2023 Breached organisation: Homeland, Inc., to its leak site.

Data Privacy

Data Privacy Privacy Data breaches Security

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

The Week in Cyber Security and Data Privacy: 23–29 October 2023

IT Governance

OCTOBER 31, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Data has been exfiltrated, but we don’t know how much. The data controller of the breached data is currently unclear. Records breached: Unknown.

Data Privacy

Data Privacy Privacy Data breaches Security

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

Security Affairs

OCTOBER 9, 2023

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM’s X-Force researchers reported that threat actors are conducting a large-scale credential harvesting campaign exploiting the recent CVE-2023-3519 vulnerability (CVSS score: 9.8)

Authentication

Authentication Passwords Cybersecurity Security

What the Email Security Landscape Looks Like in 2023

Security Affairs

MAY 12, 2023

Email-based threats have become increasingly sophisticated, how is changing the Email Security Landscape? What started as notes from Nigerian princes that needed large sums of money to help them get home has evolved into bad actors that use refined social engineering tactics to convince the receiver to unknowingly share important information.

Security

Security Phishing B2B Data breaches

Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws

Security Affairs

AUGUST 8, 2023

Microsoft Patch Tuesday security updates for August 2023 addressed 74 vulnerabilities, including two actively exploited flaws. The company also fixed 11 flaws in Chromium group for Edge (Chromium-Based) and a fix for AMD. reads the post.

Phishing

Phishing Security Government IT

Welltok data breach impacted 8.5 million patients in the U.S.

Security Affairs

NOVEMBER 23, 2023

Healthcare services provider Welltok disclosed a data breach that impacted nearly 8.5 It provides a platform that leverages data-driven insights to engage individuals in their health and well-being. The company disclosed a data breach that exposed the personal data of nearly 8.5 million patients in the U.S.

Data breaches

Data breaches Insurance Ransomware Education

The State of Maine disclosed a data breach that impacted 1.3M people

Security Affairs

NOVEMBER 12, 2023

The State of Maine disclosed a data breach that impacted about 1.3 The Government organization disclosed a data breach that impacted about 1.3 The Government organization disclosed a data breach that impacted about 1.3 The security breach took place in the State between May 28, 2023, and May 29, 2023.

Data breaches

Data breaches Insurance Education Cybersecurity

Introducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware

Security Affairs

MAY 15, 2023

DRM Dashboard Ransomware Monitor released the first quarterly report for the year 2023 about the activities of ransomware groups globally. DRM Dashboard Ransomware Monitor, an independent platform of cybersecurity monitoring, is pleased to release the quarterly the DRM-Report for the first quarter of 2023.

Ransomware

Ransomware Cybersecurity Security Access

CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears

KnowBe4

MARCH 14, 2023

CyberheistNews Vol 13 #11 | March 14th, 2023 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears Robert Lemos at DARKReading just reported on a worrying trend. In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2%

Phishing

Phishing Security Artificial Intelligence Security awareness

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

The Colorado Department of Higher Education (CDHE) finally disclosed a data breach impacting students, past students, and teachers after the June attack. In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach.

Education

Education Data breaches Ransomware Access

Nissan Oceania data breach impacted roughly 100,000 people

Security Affairs

MARCH 14, 2024

The ransomware attack that hit the systems of Nissan Oceania in December 2023 impacted roughly 100,000 individuals. Nissan Oceania, the regional division of the multinational carmaker, announced in December 2023 that it had suffered a cyber attack and launched an investigation into the incident.

Data breaches

Data breaches Financial Services Ransomware Government

Australian Privacy Regulator Sues in Data Breach Case

Hunton Privacy

NOVEMBER 15, 2023

Patrick Gunning from King & Wood Mallesons reports that, on November 2, 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking a civil penalty ( i.e. , a fine) in connection with the company’s response to a data breach that occurred in February 2022.

Data breaches

Data breaches Privacy Risk Information Security

Intellihartx data breach exposed the personal and health info of 490,000 individuals

Security Affairs

JUNE 12, 2023

The attack took place earlier this year, the attackers have exploited the GoAnywhere zero-day vulnerability tracked as CVE-2023-0669. On March 24, 2023, ITx completed its initial review of the logs provided to it by Fortra. ITx began notifying potentially affected data owners on April 11, 2023.”

Data breaches

Data breaches Ransomware Insurance Data Privacy

51 Must-Know Phishing Statistics for 2023

IT Governance

JUNE 8, 2023

We’ve looked at sources such as IBM’s Cost of a Data Breach Report , Verizon’s 2023 DBIR (Data Breaches and Investigations Report) and Proofpoint’s The State of Phishing report , and found 50 essential stats to reveal the threat that phishing plays – plus we have an extra statistic to explain how you can prevent attacks.

Phishing

Phishing Data breaches Communications Government

Experts found critical flaws in Nagios XI network monitoring software

Security Affairs

SEPTEMBER 20, 2023

Researchers discovered four vulnerabilities (CVE-2023-40931, CVE-2023-40932, CVE-2023-40933, CVE-2023-40934) in the Nagios XI network and IT infrastructure monitoring solution that could lead to information disclosure and privilege escalation. The flaws impact Nagios XI version 5.11.1

Passwords

Passwords Cybersecurity Access IT

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

Security Affairs

NOVEMBER 23, 2023

American retailer and distributor of automotive parts and accessories AutoZone discloses a data breach after a MOVEit attack. AutoZone disclosed a data breach resulting from the hack of their MOVEit Transfer installation. Based on that analysis, we have determined that certain of your information was included in those files.”

Data breaches

Data breaches Retail Education Ransomware

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Navigating the EU-US Data Protection Framework sparsh Thu, 01/11/2024 - 05:26 On 10 July 2023, the European Commission adopted a new adequacy decision regarding the Data Privacy Framework (“DPF”). However, European organizations need to dive with eyes wide open when transferring personal data to the US under the DPF.

Data Privacy

Data Privacy Personal data Privacy Cloud

Companies impacted by Mailchimp data breach warn their customers

Security Affairs

JANUARY 23, 2023

The recent Mailchimp data breach has impacted multiple organizations, some of them are already notifying their customers. The popular email marketing and newsletter platform Mailchimp recently disclosed a news data breach , the incident exposed the data of 133 customers. reads the notice published by the company.

Data breaches

Data breaches e-Discovery Blockchain Passwords

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 18, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Libraries

Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition

Security Affairs

JULY 15, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Government Analytics

Around the World with Thales: Our Upcoming Events

Thales Cloud Protection & Licensing

SEPTEMBER 27, 2023

Around the World with Thales: Our Upcoming Events madhav Thu, 09/28/2023 - 05:01 The summer is long gone, and we are all back to work. Cloud Expo Asia, 11-12 October Singapore As the digital world increases, so does the workload for cloud professionals. Find out more about the event or arrange a meeting with our Thales experts.

Authentication

Authentication Cloud Cybersecurity Data Privacy

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

Security Affairs

OCTOBER 19, 2023

The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2023 (ETL) report , which is the annual analysis of the state of the cybersecurity threat landscape. This is the 11th edition of the annual report and analyzes events that took place between July 2022 and July 2023.

Artificial Intelligence

Artificial Intelligence Ransomware Cybersecurity Manufacturing

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. Zimbra addressed the vulnerability CVE-2023-37580 in July 2023. A second threat actor exploited the vulnerability since July 11 before the official patch became available on July 25. .”

Government

Government Authentication Phishing IT

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group discovered the zero-day on on 2023-11-24.

IT

IT Libraries Cybersecurity Passwords

Mailchimp discloses a new security breach, the second one in 6 months

Security Affairs

JANUARY 19, 2023

Popular email marketing and newsletter platform Mailchimp was hacked and the data of dozens of customers were exposed. The news of a new security breach was confirmed by the company, the incident exposed the data of 133 customers. ” reads the notice published by the company. ” reads the post published by TechCrunch.

e-Discovery

e-Discovery Security Data breaches Marketing

Security Affairs newsletter Round 394

Security Affairs

NOVEMBER 20, 2022

Every week the best security articles from Security Affairs free for you in your email box. Ukraine Police dismantled a transnational fraud group that made €200 million per year Lockbit gang leaked data stolen from global high-tech giant Thales. A new round of the weekly SecurityAffairs newsletter arrived! Pierluigi Paganini.

Security

Security Ransomware Phishing Privacy

Security Affairs newsletter Round 404 by Pierluigi Paganini

Security Affairs

JANUARY 29, 2023

Every week the best security articles from Security Affairs free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! If you want to also receive for free the newsletter with the international press subscribe here.

Security

Security Data breaches Military Ransomware

Security Affairs newsletter Round 412 by Pierluigi Paganini – International edition

Security Affairs

MARCH 26, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! If you want to also receive for free the newsletter with the international press subscribe here.

Security

Security Data breaches Ransomware Marketing

News Alert: AppViewX – EMA study finds 79 percent of SSL/TLS certificates vulnerable to MiTM attacks

The Last Watchdog

AUGUST 1, 2023

1, 2023– AppViewX , a leader in automated machine identity management (MIM) and application infrastructure security, today announced the results of a research study conducted by Enterprise Management Associates (EMA) on SSL/TLS Certificate Security. New York, NY, Aug.

Risk

Risk Compliance Security Information Security

Lockbit ransomware gang demanded an 80 million ransom to CDW

Security Affairs

OCTOBER 14, 2023

The Lockbit ransomware gang claims to have hacked the technology services giant CDW and threatens to leak the stolen data. LockBit has published 2 posts with CDWG data to its leak site. The data leaked looks pretty bad from both a security and business pov. subsidiary of CDW-G.”

Ransomware

Ransomware Cybersecurity Archiving Education

CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

AUGUST 22, 2023

US CISA added critical vulnerability CVE-2023-26359 in Adobe ColdFusion to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-26359 (CVSS score 9.8) CISA orders federal agencies to fix this flaw by September 11, 2023.

IT

IT Cybersecurity Risk Security

Hyundai suffered a data breach that impacted customers in France and Italy

Security Affairs

APRIL 12, 2023

Hyundai disclosed a data breach that impacted Italian and French car owners and clients who booked a test drive. Hyundai has suffered a data breach that impacted Italian and French car owners and customers who booked a test drive. According to the letter, financial data were not exposed.

Data breaches

Data breaches Manufacturing Cybersecurity Education

MGM Resorts hit by a cyber attack

Security Affairs

SEPTEMBER 12, 2023

Source: [link] pic.twitter.com/ZgYkv1fD58 — Joe Tidy (@joetidy) September 12, 2023 MGM RESORTS’ COMPUTER SYSTEMS HACKED! The company confirmed the security incident with a post on X (formerly Twitter), it immediately launched an investigation into the incident with the help of cybersecurity experts. We appreciate your patience.”

Cybersecurity

Cybersecurity Ransomware Access IT

Massive MOVEit campaign already impacted at least 1,000 organizations and 60 million individuals

Security Affairs

AUGUST 28, 2023

The Cl0p ransomware gang exploited the zero-day vulnerability CVE-2023-34362 to hack the platforms used by organizations worldwide and steal their data. ” The experts explained that is impossible to accurately calculate the cost of the MOVEit security breaches. million Genworth 2.5 million PH Tech 1.7 million “U.S.

Insurance

Insurance Ransomware Data breaches Education

Free Expert Insights

IT Governance

MARCH 29, 2024

Here are all our Q&As to date, grouped by broad topic: AI Cyber attacks and data breaches Cyber Essentials Cyber resilience Cyber security Data privacy DORA Incident response ISO 27001 PCI DSS PECR Security testing Training Miscellaneous To get new expert insights straight to your inbox, sign up to our weekly newsletter, the Security Spotlight.

Data Privacy

Data Privacy Compliance GDPR Privacy

Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue

Security Affairs

JUNE 8, 2023

Researchers published an exploit for an actively exploited Microsoft Windows vulnerability tracked as CVE-2023-29336. The Microsoft Windows vulnerability CVE-2023-29336 (CVSS score 7.8) Microsoft addressed the issue with the release of Patch Tuesday security updates for May 2023. reads the advisory.

Risk

Risk Cybersecurity Security Access

Spanish bank Globalcaja confirms Play ransomware attack

Security Affairs

JUNE 5, 2023

The Play ransomware gang added the bank to the list of victims on its Tor leak site and claims to have stolen private and personal confidential data, clients and employee documents, passports, contracts, and more. The group will publish the stolen data on June 11, 2023, if the bank will not pay the ransom.

Ransomware

Ransomware Data breaches Cloud Security

Ukrainian REvil gang member sentenced to 13 years in prison

Security Affairs

MAY 2, 2024

“Ransomware is malicious software designed to encrypt data on victim computers, allowing bad actors the ability to demand a ransom payment in exchange for the decryption key.” To drive their ransom demands higher, Sodinokibi/REvil co-conspirators also publicly exposed their victims’ data when victims would not pay ransom demands.”

Ransomware

Ransomware Encryption Information Security IT

In an FTC First, Proposed Order Requires Global Tel*Link Corp. to Notify Users and Facilities of Future Breaches

Hunton Privacy

NOVEMBER 22, 2023

On November 16, 2023, the Federal Trade Commission released a proposed order in connection with a complaint filed in August of 2020 against Global Tel*Link Corp. (“GTL”) GTL”) and its subsidiaries, Telmate and TouchPay, which offers communication and payment services for incarcerated individuals.

Passwords

Passwords Communications Access Security

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

Security Affairs

AUGUST 21, 2023

In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called “ HiatusRAT ” that infected over 100 edge networking devices globally. “Starting in mid-June through August 2023, Black Lotus Labs observed multiple newly compiled versions of the HiatusRAT malware discovered in the wild. 57 155.138.213[.]169

Military

Military Manufacturing Government Access

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

Security Affairs

MAY 19, 2024

In 2023 the state-sponsored group focused on nuclear agendas between China and North Korea, relevant to the ongoing war between Russia and Ukraine. Troll Stealer supports multiple stealing capabilities, it allows operators to gather files, screenshots, browser data, and system information. This stops the backdoor.

Communications

Communications Government Encryption IT

N. Korean Kimsuky APT targets S. Korea-US military exercises

Security Affairs

AUGUST 20, 2023

The news was reported by the South Korean police on Sunday, the law enforcement also added that the state-sponsored hackers did not steal any sensitive data. The military drill, the Ulchi Freedom Guardian summer exercises , will start on Monday, August 21, 2023 , and will last 11 days. Korean Kimsuky APT targets S.

Military

Military Phishing Government Security

The Week in Cyber Security and Data Privacy: 16–22 October 2023

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Webinars

Trending Sources

The Week in Cyber Security and Data Privacy: 13 – 19 November 2023

Webinars

The Week in Cyber Security and Data Privacy: 23–29 October 2023

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

What the Email Security Landscape Looks Like in 2023

Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws

Welltok data breach impacted 8.5 million patients in the U.S.

The State of Maine disclosed a data breach that impacted 1.3M people

Introducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware

CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Nissan Oceania data breach impacted roughly 100,000 people

Australian Privacy Regulator Sues in Data Breach Case

Intellihartx data breach exposed the personal and health info of 490,000 individuals

51 Must-Know Phishing Statistics for 2023

Experts found critical flaws in Nagios XI network monitoring software

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

Navigating the EU-US Data Protection Framework

Companies impacted by Mailchimp data breach warn their customers

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition

Around the World with Thales: Our Upcoming Events

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

Zimbra zero-day exploited to steal government emails by four groups

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Mailchimp discloses a new security breach, the second one in 6 months

Security Affairs newsletter Round 394

Security Affairs newsletter Round 404 by Pierluigi Paganini

Security Affairs newsletter Round 412 by Pierluigi Paganini – International edition

News Alert: AppViewX – EMA study finds 79 percent of SSL/TLS certificates vulnerable to MiTM attacks

Lockbit ransomware gang demanded an 80 million ransom to CDW

CISA adds critical Adobe ColdFusion flaw to its Known Exploited Vulnerabilities catalog

Hyundai suffered a data breach that impacted customers in France and Italy

MGM Resorts hit by a cyber attack

Massive MOVEit campaign already impacted at least 1,000 organizations and 60 million individuals

Free Expert Insights

Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue

Spanish bank Globalcaja confirms Play ransomware attack

Ukrainian REvil gang member sentenced to 13 years in prison

In an FTC First, Proposed Order Requires Global Tel*Link Corp. to Notify Users and Facilities of Future Breaches

New HiatusRAT campaign targets Taiwan and U.S. military procurement system

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

N. Korean Kimsuky APT targets S. Korea-US military exercises

Stay Connected