December 12, 2023 at 09:28AM Former Uber CISO Joe Sullivan disclosed details of the 2016 data breach at Black Hat Europe, reflecting on his firing and legal issues. The breach compromised 57 million accounts, and a $100,000 payment to attackers was considered a bug bounty. Sullivan emphasizes the importance of personal protections for security professionals … Read more
December 12, 2023 at 08:48AM A review of the PSNI’s August data breach revealed vast impact on staff, including relocation for safety, mental health decline, and operational consequences. Failings in data protection and governance were highlighted, along with delayed audits and incomplete GDPR requirements. Staff responses varied, with some feeling resilient while others encountered significant … Read more
December 12, 2023 at 06:36AM The year 2023 witnessed a surge in cyber attacks, particularly through non-human access credentials like API keys, tokens, and service accounts. These credentials lack robust security measures and are often over-permissive and unused, making them an ideal target for cybercriminals. Several high-profile attacks exploited non-human access, prompting the need for … Read more
December 12, 2023 at 06:00AM Toyota Germany informed customers of a ransomware attack compromising personal information. The incident affected Toyota Financial Services Europe & Africa and Medusa ransomware gang claimed responsibility. Stolen data includes corporate documents, passport copies, and personal information. Toyota is gradually restoring systems and potential initial access was through the CitrixBleed vulnerability. … Read more
December 12, 2023 at 06:00AM The FBI has issued guidance on SEC data breach reporting, including potential delays. SEC’s new cybersecurity rules require public companies to report material breaches within 4 days via Form 8-K. FBI clarifies that Justice Dept. can grant a 30-60 day delay for national security reasons, but delays can’t exceed 120 … Read more
December 11, 2023 at 03:07PM Norton Healthcare disclosed a ransomware attack resulting in the potential theft of 2.5 million individuals’ sensitive data, including personal and financial information and health records. The not-for-profit healthcare system reported the incident to the FBI and engaged in investigations but did not make any ransom payment. This is amid a … Read more
December 11, 2023 at 12:55PM Cold storage and logistics company Americold suffered a cyberattack in April, resulting in the theft of personal data of 129,000 employees and dependents. The attack, attributed to Cactus ransomware, forced a network shutdown. The breach involved theft of personal information and the group plans to release additional confidential documents. Americold … Read more
December 11, 2023 at 10:54AM Norton Healthcare, a Kentucky-based healthcare organization, disclosed that 2.5 million individuals had their personal information compromised in a ransomware attack earlier this year. The breach, which occurred in May 2023, involved unauthorized access to network storage systems and exposed sensitive data such as names, contact details, Social Security numbers, and … Read more
December 11, 2023 at 09:34AM Spanish police have arrested a leader of the ‘Kelvin Security’ hacking group responsible for 300 cyberattacks in 90 countries since 2020. The group targeted government institutions and critical infrastructure, with notable breaches including Vodafone Italia and U.S. firm Frost & Sullivan. The arrest aims to uncover co-conspirators and data buyers. … Read more
December 11, 2023 at 06:53AM 23andMe’s data breach revealed that 5.5 million sets of “DNA relatives” profiles were stolen, along with 1.4 million sets of Family Tree data. Additionally, hundreds of laptops stolen from a Bay Area tech company were recovered, and Henry Schein employees’ personal data was stolen in a ransomware attack. These incidents … Read more