July 2, 2024 at 01:55PM Bloom Health Centers, a mental health service provider, reported a data security incident involving potential exposure of personal and health information. Patient data such as name, address, health insurance, and medical details may have been affected, with some individuals’ Social Security, payment card, or driver’s license numbers possibly involved. Bloom … Read more
July 1, 2024 at 07:28AM Prudential Financial reported a February 2024 data breach affecting over 2.5 million individuals. The compromised data included names, addresses, driver’s license numbers, and non-driver identification card numbers. While the attackers were not disclosed, the Alphv/BlackCat ransomware group claimed responsibility. Prudential is providing impacted individuals with two years of free credit … Read more
June 28, 2024 at 09:18AM ICE faced a $10 million fine from the SEC for delaying reporting a VPN breach, violating compliance requirements. No clear reason for the delay was provided. The case highlights risks of bypassing compliance for quick response, showing cybersecurity’s broad business impact and insurance implications. Boards are urged to ask better … Read more
June 28, 2024 at 09:01AM A large scale supply chain attack affecting numerous websites has been traced to a common operator. Leaked Cloudflare secret keys revealed the connection between the attack and the CDN services Polyfill.io, BootCDN, Bootcss, and Staticfile. Collaborative efforts of several security researchers contributed to the discovery. The attack’s widespread impact and … Read more
June 27, 2024 at 06:47PM Beazley Security, a newly launched cyber-risk management company resulting from a merger between Beazley’s cyber services and Lodestone, will integrate risk management services with technical cybersecurity services. Led by CEO Alton Kizziah and reporting to Beazley’s head of cyber risks, the company will provide integrated cyber preparedness and response capabilities, … Read more
June 25, 2024 at 06:45AM Browser security is gaining traction as organizations seek to protect against web-borne threats and internal data exfiltration. In a new report, “CISO Testimonials: 6 Real Life Stories of Cutting Costs with a Browser Security Platform,” CISOs highlight the benefits of browser security, including reduced workloads and enhanced efficiency. The report … Read more
June 24, 2024 at 02:08PM Several US companies filing Form 8-Ks with the SEC have referenced a cyber incident affecting CDK Global, a major software provider for car dealerships. The incident has disrupted business operations, leading affected companies to deploy mitigation strategies. CDK has faced two system shutdowns and is reportedly considering a ransom payment … Read more
June 24, 2024 at 10:03AM The recent settlement between the US Securities and Exchange Commission (SEC) and Intercontinental Exchange Inc. (ICE) emphasizes cybersecurity and corporate accountability issues. The severe cyberattack on ICE’s subsidiary exposed sensitive information and highlighted inadequate cybersecurity measures. The SEC’s proactive investigation and the $10 million settlement underscore the need for robust … Read more
June 13, 2024 at 08:26AM Security professionals emphasize the importance of comprehensive asset management to maintain organizational security. Challenges in obtaining accurate asset inventory have increased due to the complexity and scale of modern networks. Experts stress the need for efforts to identify and manage business-technology assets effectively, as poor visibility can lead to security … Read more
June 12, 2024 at 03:22PM Cleveland City Hall closed due to a cyber incident disrupting computer systems. Essential services remained operational, but details of the incident’s nature and scope are unknown as an investigation is ongoing. The city followed incident response plans, shut down affected services, and isolated high-risk ones while providing updates through social … Read more