In the latest weekly update, ISMG editors discuss the surging number of MOVEit breach victims and the state of ransomware innovation, why the federal government warned healthcare firms about the use of web trackers, and how the DOJ is expanding its "whole of government" approach to fight ransomware.
Application journeys are fluid in practice because applications can live anywhere. Complex deployments with too many tools to configure and manage and overwhelmed IT teams lead to mistakes, so organizations should take a cybersecurity mesh platform approach to securing their application journeys.
Michigan-based academic medical provider Henry Ford Health is notifying nearly 170,000 individuals that their protected health information was breached in a recent phishing scam that compromised three employees' email accounts. Henry Ford Health said the incident occurred on March 30.
Practicing incident response procedures is as important as practicing fire drills, said CISO Nick Prescot of Norgine. But beyond regularly testing the plan, security leaders must foster a collaborative environment so their teams maintain a sense of calm in the heat of an incident.
The U.S. federal government says hacker abuse of valid credentials is the most successful method for gaining access to systems and the technique is responsible for slightly more than the half of critical infrastructure attacks that occurred over a yearlong period.
It has become a cliche in payments circles: Faster payments equals faster fraud. But John Filby and Yogesh Patel of Outseer say behavioral biometrics and generative AI are among the emerging technologies fueling new ways to empower layered defenses.
The fallout from Clop group's data-grabbing attacks against MOVEit managed file transfer software users keeps mounting. In recent days, the extortionists have added 70 more organizations to their data leak site, taking the tally of known victims to over 515 organizations and 36 million individuals.
Between July 21 and 27, Worldcoin set off security and privacy alarms; threat actors stole from AlphaPo, CoinsPaid, Era Lend and Conic Finance; hackers set a cryptojacking record; Apple users became the target of a crypto-stealing malware and the DOJ merged its computer crime and crypto crime units.
Is the Akira ransomware story coming to an end? Security researchers say the group was competing in a competition designed by Royal to give it a new cryptolocker - but lost. Even with a free decryptor now available for Akira victims, however, it's too soon to say if the group might be doomed.
Toronto, Canada-based CardioComm Solutions Inc., which sells cardiac monitoring and electrocardiogram software globally, said it is dealing with a cyberattack that could affect the company's business operations "for days and potentially longer."
Ukrainian cyber defenders said a financially motivated threat actor is intensifying efforts to entice users into installing a backdoor Trojan known as SmokeLoader. The SSSCIP said the malware had the second-highest number of detections domestically during the months of May and June.
Dutch police arrested a suspected super user of Genesis Market, characterizing him as likely one of the busted criminal bazaar's top 10 most active buyers of stolen digital credentials and access to infected computers. The Dutch citizen will remain in custody and faces a growing list of charges.
More details about victims of the Clop crime group's zero-day attacks on users of the widely used MOVEit file transfer software continue to come to light. Researchers now report that at least 455 organizations were hit directly or indirectly, exposing data for at least 23 million individuals.
A startup founded by two Israel Defense Forces veterans and backed by the likes of Insight Partners and Cyberstarts could soon be acquired by CrowdStrike. The endpoint security firm is in advanced negotiations to purchase Silicon Valley-based application security posture management vendor Bionic.
With social engineering attacks escalating, security organizations should embrace better cybersecurity awareness training to protect their organizations against insidious schemes, said Barry Coatsworth, director of risk, compliance and security at Guidehouse.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.