Data breach news, regulatory updates and best practice tips are published continually. We review and filter news from countless sources, so check back frequently for our latest posts.
A reported 90% of all data breaches affect small businesses, and these breaches can be quite costly. Cyber insurance is one way to help protect your organization.
It is undeniable that internal controls facilitate data security, but a company’s culture can play an even larger role. Awareness is key, and it starts at the top.
The National Highway Traffic Safety Administration (NHTSA) has issued guidelines for automakers outlining cybersecurity best practices for connected cars. The guidance is not binding, so automakers aren’t required to adhere to the standards set forth.
Some of the country’s most popular sites were disrupted by a DDoS attack Friday. Additionally, corporate applications could not be accessed and organizations were unable perform critical business operations.
Yahoo has confirmed that a ‘likely state sponsored’ 2014 breach exposed data from about 500 million users. The company has stated that information possibly affected includes names, email addresses, birth dates and scrambled passwords. Even more alarming is the acknowledgment that encrypted or unencrypted security questions and answers may have also been compromised, which could allow hackers to access victims’ other online accounts.
The rising threat of ransomware gives evidence to the fact that vulnerability assessments are important to overall cybersecurity protection. Is your organization at risk?
The cloud-storage site has confirmed that 68 million users’ passwords have been compromised. While the hack was in 2012, new information has just recently confirmed that passwords were included in the breached data.
Over 900 million Android devices are at risk of compromise due to a dangerous grouping of vulnerabilities recently discovered. The vulnerabilities have folded directly into the Android operating system developed for each original equipment manufacturer (OEM) that uses the affected chipsets within their devices, including Samsung, HTC, Motorola and LG.
Kaspersky Lab and Intel Security worked with officials around the world to help develop decryption tools for popular ransomware variants. Ransomware victims in Europe and the United States have also been given the tools notify authorities of infections in an effort to better track and combat ransomware.
More information on the DNC breach shows us that no organization is too big to follow the most basic cybersecurity practices. The most glaring issues identified include the transfer of personally identifiable information and passwords via unencrypted email.
A new congressional report indicates the Chinese government was likely responsible for hacks at the FDIC in 2010, 2011 and 2013. A total of 12 workstations were compromised and 10 servers were penetrated and infected with a virus.
In short, yes. Guests of short-term rentals, like the popular Airbnb, can reset home routers and gain full control of network traffic. What’s more, the potential hacker needs only one thing: a paper clip.
The $150 million experimental investment fund known as Decentralized Autonomous Organization has been hacked, resulting in a loss of $55 million in digital currency. The June 17th hack resulted in a loss of 3.6 million ethereum coins as attackers created an identical fund and moved the money into it.
TeamViewer, which provides remote support and access, has announced that it is strengthening security controls after a rise in corporate account takeovers. A company spokesman noted that many consumer accounts used “the same account credentials across multiple internet accounts.”
A statement by Tien Phong Commercial Joint Stock Bank indicates the bank thwarted an attempt to transfer $1.36 million via a malware attack. The fraudsters attempted to transfer the funds via the interbank SWIFT messaging system, which is used by 11,000 banks worldwide.
A Turkish hacking group is likely responsible for the release of 10GB of UAE-based Invest Bank files. The archive is said to contain internal files and sensitive financial documents, including customer data.
The hacktivist group is waging a “a 30-day campaign against central bank sites across the world,” according to a new video posted on the group’s YouTube page. The Target List includes the U.S. Federal Reserve, as well as Fed banks in Atlanta, Boston, Chicago, Dallas, Minneapolis, New York, Philadelphia, Richmond and St. Louis.
Wells Fargo has announced that it plans to roll out biometric security technology in July. Users will be authenticated through eye prints.
A Bangladesh Bank was a victim of a malware attack that allowed hackers into the bank’s SWIFT software to transfer money and even hide their tracks in the process. $81 million were stolen.
The 11.5 million leaked documents reveal alleged money laundering, tax avoidance and sanctions dodging by heads of state, politicians, celebrities and other fraudsters.
Big or small, every organization is at risk. Here I discuss ways to protect yourself and your clients.
Verizon has released a statement confirming that “Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers.” Experts believe the exposure of the clients’ contact information leaves them more vulnerable to phishing attacks.
21st Century Oncology was notified by the FBI in November 2015 that a third party may have gained access to a 21st Century database. A forensic firm confirmed what the FBI suspected, noting that a possible 2.2 million patients’ names, Social Security numbers, physicians’ names, diagnosis and treatment information, and insurance information was obtained.
Hollywood Presbyterian Medical Center is in the midst of what is is describing as an ‘internal emergency.’ Staff have been locked out of computer systems for over a week now as hackers demand 9,000 bitcoin. The FBI, the LAPD and a cyber forensic team are investigating the ransomware attack.
A zero-day flaw has been found in the Linux kernel that runs millions of servers, desktops and mobile devices that use the Android operating system. At least 66 percent of all Android mobile devices and tens of millions of Linux PCs and servers are expected to be affected.
Security firm FireEye has released a report indicating the mobile banking trojan, SlemBunk, is becoming more and more sophisticated as the number of mobile banking users rises. The malware is designed to attack Android devices and steals mobile banking credentials. The original report identified at least 30 mobile banking applications that were affected, including those in North America, Europe and Asia Pacific. An update to the report indicates the attack is even larger than originally identified.
A Ukrainian news outlet has reported a recent power blackout that affected 1.4 million members of the population. Half of all homes in the western region of the country were left without power for a few hours. Investigators believe that the outage was the first time that malware has been used to facilitate a large-scale power disruption. The “hacker attack” involved remote access to industrial control systems at a local energy supplier called Prykarpattyaoblenergo.
On December 18, both houses of Congress enacted the Cybersecurity Information Sharing Act (CISA), which will establish a process for the government to share cyberthreat information with businesses that voluntarily agree to participate in the program. President Obama has signed the legislation.
VTech has issued a notification that customer accounts and related kids profiles worldwide have been affected. User profile information includes name, email address, password, secret question and answer for password retrieval, IP address, mailing address and download history. Moreover, children’s name, gender and birthdate were also stored.