June 28, 2024 at 09:18AM ICE faced a $10 million fine from the SEC for delaying reporting a VPN breach, violating compliance requirements. No clear reason for the delay was provided. The case highlights risks of bypassing compliance for quick response, showing cybersecurity’s broad business impact and insurance implications. Boards are urged to ask better … Read more
May 8, 2024 at 08:29PM Zscaler found and secured an exposed “test environment” after rumors of a potential breach circulated. The company stated that no customer or production environments were compromised and emphasized ongoing investigation. IntelBroker claimed they had access to a cybersecurity company, potentially Zscaler, leading to speculation and concerns. Zscaler did not respond … Read more
April 3, 2024 at 11:36AM A federal review board placed responsibility on the tech giant for the Microsoft 365 breach, urging them to prioritize their “inadequate” security. The breach enabled China’s Storm-0558 to hack email accounts of government officials. Based on the meeting notes, it is clear that a federal review board has demanded the … Read more
November 25, 2023 at 05:08PM General Electric is investigating a cyberattack where a threat actor breached the company’s development environment and leaked allegedly stolen data. The hacker, known as IntelBroker, attempted to sell access to GE’s development and software pipelines on a hacking forum. They then posted that they are now selling both the network … Read more
November 17, 2023 at 06:29PM Ransomware gangs are targeting vulnerable Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files. The threat actors exploit the Citrix Bleed vulnerability (CVE-2023-4966). Many recent victims, including Toyota Financial Services, ICBC, DP World, Allen & Overy, and Boeing, were found to have … Read more
November 15, 2023 at 09:04PM The ALPHV/BlackCat ransomware group has filed a complaint with the U.S. Securities and Exchange Commission (SEC) against software company MeridianLink for not disclosing a cyberattack within the four-day rule. The ransomware group threatened to leak stolen data unless a ransom was paid. MeridianLink confirmed the cyberattack and stated that it … Read more