October 19, 2023 at 08:42AM The US cybersecurity agency CISA, along with the NSA, FBI, and MS-ISAC, has released a joint guide on phishing techniques. Threat actors use social engineering to trick victims into revealing their credentials or visiting malicious websites. To mitigate credential theft phishing, organizations are advised to implement strong multi-factor authentication and … Read more
October 19, 2023 at 08:15AM Organizations are realizing the importance of continuous vulnerability scanning due to the narrow time between vulnerability discovery and exploitation by hackers. One-off or periodic scans provide a point-in-time snapshot of vulnerabilities but may leave businesses exposed to new vulnerabilities. Continuous scanning allows for 24/7 monitoring and faster identification and resolution … Read more
October 19, 2023 at 07:41AM Japanese electronics manufacturer Casio experienced a data breach on its ClassPad education platform. The breach exposed customer information from 149 countries, including personal details, service usage information, and purchase information. Casio has confirmed that credit card information was not compromised. The company is cooperating with law enforcement and conducting an … Read more
October 19, 2023 at 07:06AM Healthcare solutions company Henry Schein disclosed a recent cybersecurity incident that disrupted its business operations and may have led to a data breach. The incident affected its manufacturing and distribution businesses, causing temporary disruption. The company has engaged cybersecurity experts to investigate and has notified law enforcement authorities. Details of … Read more
October 18, 2023 at 05:43PM CISOs face the challenge of deciding what details to report and omit under new SEC rules. The CISO, along with the security operations center, would prepare a memo with incident details to be reviewed by investor relations and legal for a filing to the SEC. CISOs must balance reporting as … Read more
October 18, 2023 at 05:22PM Taiwan-based network equipment vendor D-Link confirms data breach but denies hacker’s claims of severity. Investigation reveals that the stolen data is outdated and doesn’t contain personally identifiable or financial information. D-Link believes the breach occurred through a successful phishing attack on an employee and assures customers that they are unlikely … Read more
October 18, 2023 at 04:46PM Cybercriminals are targeting plastic surgery offices, stealing medical records and using them to extort doctors and patients. The trend is not limited to the US, as plastic surgeons in Brazil and the UK have also been affected. The FBI has warned about these attacks and provided security tips for patients, … Read more
October 18, 2023 at 03:07PM Researchers found that out of over 1.8 million admin portals, 40,000 had “admin” as the password, making it the most popular password among IT administrators. The study also revealed an increase in the use of default passwords. The top 10 passwords included common defaults and easy-to-guess options. This highlights the … Read more
October 18, 2023 at 02:08PM An additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany have been leaked by a hacker known as ‘Golem’. The data was obtained through credential stuffing attacks on weak passwords. The hacker claims the stolen data includes genetic information on wealthy individuals and a … Read more
October 18, 2023 at 02:02PM The EPA has withdrawn its rules requiring cybersecurity assessments for water utilities due to legal challenges. Experts warn that this leaves the water sector vulnerable to cyberattacks, which could have serious public health and safety consequences. The EPA is now encouraging utilities to voluntarily conduct risk assessments and provide user … Read more