Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2024

ekran

7 Examples of Real-Life Data Breaches Caused by Insider Threats

Feb 28, 2024 By Ekran In Ekran
Insiders know all the ins and outs of your organization’s infrastructure and cybersecurity tools. That’s why companies worldwide fall victim to numerous malicious and negligent insider security incidents every month, leading to data breaches and lots of other negative consequences. Such attacks may result in financial and reputational losses and might even lead to business disruption.
Read Post
cato networks

Fake Data Breaches: Why They Matter and 12 Ways to Deal with Them

Feb 28, 2024 By Vitaly Simonovich In Cato Networks
As a Chief Information Security Officer (CISO), you have the enormous responsibility to safeguard your organization’s data. If you’re like most CISOs, your worst fear is receiving a phone call in the middle of the night from one of your information security team members informing you that the company’s data is being sold on popular hacking forums.
Read Post
SecurityScorecard

SecurityScorecard 2024 Global Third-Party Cybersecurity Breach Report: Software supply chain is top target for ransomware groups

Feb 28, 2024 By SecurityScorecard In SecurityScorecard
The SecurityScorecard Global Third-Party Breach Report uses the world’s largest proprietary risk and threat dataset to provide unique insights into the intricate web of supply chain vulnerabilities exploited by ransomware groups. As the digital landscape continues to evolve, so too do the tactics of cyber adversaries. Ransomware groups, in particular, have honed in on a prime target: the software supply chain.
Read Post
idstrong

What is PPP Loan Fraud?

Feb 27, 2024 By Steven In IDStrong
When the pandemic hit in 2020, our world became chaotic overnight. Throughout the nation, individuals were met with layoffs or stringent checks—pushing the financials of families to their breaking points. Simultaneously, business organizations faced similar issues; because fewer bodies were allowed in the same area, production trickled to a minimum, niche clients limited their spending, and small businesses counted the days until their doors closed.
Read Post
vista infosec

Data Breaches 101: What They Are And How To Prevent Them

Feb 26, 2024 By Narendra Sahoo In VISTA InfoSec
A data breach could ruin your business overnight. Imagine customer outrage as hackers leak the private details your company promised to protect. Are you prepared to deal with regulatory fines, lawsuits, costly investigations, disrupted operations, and destroyed trust while cybercriminals profit freely from stolen data? That’s the harsh aftermath companies face today following high-profile breaches.
Read Post
knowbe4

Data Breach at French Healthcare Payment Processor Puts 20 Million Policyholders at Risk

Feb 23, 2024 By Stu Sjouwerman In KnowBe4
A single account being phished caused millions of French healthcare policyholder records to be breached. I’ve said it before… it only takes one phish. And in the case of French payment processor, Malakoff Humanis, a single click enabled a cyber attack was the catalyst for a data breach that occurred earlier this month, according to their post on LinkedIn (press See Translation for a localized version of the post).
Read Post
ekran

How to Calculate the Cost of a Data Breach

Feb 21, 2024 By Ekran In Ekran
The financial consequences of a data breach can impact your organization in unprecedented ways. Entailing costly remediation measures and reputational damage, data breaches often amount to substantial monetary losses. But what factors contribute to the overall cost of a data breach? Calculating the financial cost of a data breach is a tricky process that includes estimating the total cost associated with all the consequences.
Read Post
idstrong

Cementitious Vendor-CGM-Network Compromised by 315k Data Breach

Feb 21, 2024 By Steven In IDStrong
Based in Philadelphia, Pennsylvania, CGM is a nationwide cementitious vendor for industries and construction projects. They are a leader in manufacturing, labeling, and distributing custom cement and patching products. CGM also offers solutions for dry cementitious powders, construction liquids, and options for epoxy resins. At their physical facility, they process and package concrete construction products for their vast range of clients.
Read Post
idstrong

Chattanooga Heart Institute Updates on 2023 Network Cyber Attack

Feb 20, 2024 By Steven In IDStrong
Patients with cardiovascular issues may appear in one of the Chattanooga Heart Institute (CHI) facilities in Tennessee and Georgia. The network features a substantial team of surgeons, specialists, and cardiologists. CHI provides a comprehensive approach to cardiac care, offering patients exceptional services when needed.
Read Post
idstrong

Oklahoma's Largest Non-Profit Health System Breached; 2.3 Million Exposures

Feb 19, 2024 By Steven In IDStrong
INTEGRIS Health is the largest non-profit healthcare network in Oklahoma and surrounding regions. The network includes medical and surgical centers, hospitals, emergency rooms, hospice options, addiction recovery programs, and a holistic approach to health and wellness. In November 2023, Integris discovered suspicious activity within their network environment; subsequent investigations have confirmed they were the target of a cyberattack that exposed 2,385,646 individuals.
Read Post
safebreach

State Government Organization Network Breach: SafeBreach Coverage for US-CERT Alert (AA24-046A)

Feb 16, 2024 By Kaustubh Jagtap In SafeBreach
On February 15th, the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) issued an advisory highlighting the results of their incident response investigation into a state government organization’s network whose sensitive data including host/user details and other pertinent metadata were posted to the dark web.
Read Post

Bleeding Credit Unions Dry: The Story of Sloppy and Broken Operations

Feb 16, 2024 By CISO Global In CISO Global
How vulnerable are credit unions, the bedrock of community finance, to rapidly advancing cyber threats? Very. Join CISO Global's Chris Clements, Tigran Safari, James Montagne, and special guest Iwona Karpeta as they discuss recent attacks against credit unions, how they responded, and how their customers were impacted. Speakers: Chris Clements is the VP of Solutions Architecture for CISO Global. Chris has spent more than two decades working in the information security field and has a wide range of experience, including business management, sales, product, and service delivery.
View Video
idstrong

462k Hawaiians and Patients Exposed by Health Network Cyberattack

Feb 16, 2024 By Steven In IDStrong
Navvis & Company is a comprehensive healthcare network throughout the US, including Hawaii. They offer scalable healthcare services that push patients towards their health and wellness goals while supporting providers’ roles to achieve those milestones. In the middle of last year, mid-July, Navvis experienced a cyberattack; their experts responded, but not before the assailants got away with 462,861 records—and that’s just from Hawaii.
Read Post
idstrong

Weekly Cybersecurity Recap February 16

Feb 16, 2024 By Steven In IDStrong
This week was particularly active in Cybersecurity—attacks rained upon all states, from the Great Basin of Nevada to the Volcanoes of Hawaii. The week began with an announcement out of Texas: U.S. Renal Care found exposed information from a vendor breach in 2023, impacting over 132k patients. Connecticut College was also featured this week; investigations are ongoing, but victims shouldn’t wait to protect themselves. The public also got an update on the PJ&A data breach from 2023.
Read Post
idstrong

National Vascular Care Provider Confirms Cyber Attack; 348k Exposures

Feb 15, 2024 By Steven In IDStrong
Azura Vascular Care operates a national network of health and wellness centers. They specialize in minimally invasive procedures and strive to treat vascular conditions in comfortable, out-patient settings. They offer healthcare in 25 states with multiple facilities and specialized teams. At the end of last year (2023), Azura discovered a threat actor within their network environment; officials removed the threat, but not before the criminals obtained 348k patient records.
Read Post
WatchGuard

Responding to the AnyDesk Security Breach with WatchGuard's Solutions

Feb 15, 2024 By Iratxe Vazquez In WatchGuard
On February 2nd, the remote desktop application AnyDesk was the target of a cybersecurity breach, marking a significant event in digital security. Hackers infiltrated AnyDesk's production environment, sparking concerns over data integrity and user security.
Read Post

Defending Against Modern Breaches: Lookout's Defense-in-Depth Solution

Feb 14, 2024 By Lookout In Lookout
Today, cloud breaches happen in minutes. Not months. Attackers, with just the right login, can instantly access your data. To halt a breach, identifying and blocking data theft is essential. Prevention, however, begins with securing mobile devices. which are often unprotected, are highly susceptible to social engineering. Lookout adds depth to your defense with security that works at every turn. This includes blocking text messages that steal credentials and preventing compromised accounts from accessing your data. With Lookout, rest assured that your cloud data flows freely, and securely.
View Video
idstrong

Connecticut College Announces Breach Investigations from March 2023

Feb 14, 2024 By Steven In IDStrong
Connecticut College (CC) is a private campus institution in New London, CT; initially opened as a women’s college, the institution today serves a 2k-student population and offers more than 40 degree programs. In March 2023, cybercriminals victimized CC by accessing their network environment. Eleven months later, CC officials have begun sending impact notices to those with data exposed in the incident.
Read Post
idstrong

PJ&A Transcription Releases Update; 13.3 Million Exposures from 2023 Breaches

Feb 14, 2024 By Steven In IDStrong
Perry Johnson & Associates (PJ&A) is a medical transcription organization based in Nevada. Since the public learned about PJ&A’s breach, we have featured it whenever large healthcare networks have announced data breaches stemming from their incident and when officials present updates. This week, more information is public about the incident, through the Maine Attorney General’s Office.
Read Post

Random but Memorable - Episode 12.1: Data Breach Box Set with Jayson E Street

Feb 13, 2024 By 1Password In 1Password
We're back! Join the podcast crew for a brand new season of random security. We're kicking off our first episode with notorious hacker and expert security consultant, Jayson E. Street. Settle in, as he recalls how understanding human behavior led him to successfully robbing banks and organizations on five different continents.
View Video
idstrong

Massive Renal Care Network Announces Breach via HealthEC's 2023 Incident

Feb 13, 2024 By Steven In IDStrong
U.S. Renal Care (Renal) is a 32-state, 400-location, 26k-patient healthcare provider primarily concerned with kidney disease and longevity; Renal offers in-facility and at-home dialysis solutions. Renal’s significant treatment network is made possible by various third-party vendors, from equipment solutions to transcription services.
Read Post
idstrong

Credit Union Struggles Following Ransomware; SSNs of 61k Stolen

Feb 12, 2024 By Steven In IDStrong
The Bayer Heritage Federal Credit Union has headquarters in West Virginia. Like other unions, they offer various services that assist members in saving and investing no matter their life phase. Bayer’s products include financial accounts, IRAs, investment options, and many loans, from estate to student. At the end of October 2023, Bayer reportedly experienced a cyberattack; the breach lasted only a day but exposed the Social Security Numbers (SSNs) of 61,159 borrowers.
Read Post
idstrong

Weekly Cybersecurity Recap February 9

Feb 12, 2024 By Steven In IDStrong
This week, around 643k data records were announced as lost in the cyber wars. Early on, the public learned of HopSkipDrive’s event, which impacted 155k student guardians. The most significant breach of this week, with an impact figure of over 307k, also occurred early in the week; the Des Moines Orthopaedic Surgeon clinic claimed the incident was due to a vendor’s failure.
Read Post

#100 - A tale of two breaches: examining the AnyDesk & Cloudflare incidents

Feb 9, 2024 By LimaCharlie In LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we take a close look at the AnyDesk and Cloudflare breaches that were both disclosed on February 2, 2024. AnyDesk, a prominent remote desktop software provider, disclosed a cyberattack late on February 2nd, causing the company to enforce strict security measures for nearly a week. Adversaries breached AnyDesk's systems, compromising vital assets such as source code and private code signing keys, and gaining unauthorized access to production systems.
View Video
kroll

Data Breach Outlook: Finance Surpasses Healthcare as Most Breached Industry in 2023

Feb 7, 2024 By David White In Kroll
While businesses might have become more prepared for direct cyberattacks, 2023 demonstrated that unfortunately a business is only as secure as the organizations within their environment. Third-party risk, which is to say any risk to an organization by external parties in its ecosystem or supply chain, was the headline culprit in 2023.
Read Post
idstrong

Verizon Employee Data Compromised

Feb 7, 2024 By Steven In IDStrong
Verizon is a top-performing communications organization with clients and influence worldwide. They offer various electronic services, including physical technology, Internet services, entertainment programs, communications plans, etc. They enjoy a user base of nearly 145 million people in the US, making them the largest telecoms operator in the states. Verizon recently announced a breach in mid-September 2023; however, the event was not from an external threat actor—it came from an employee.
Read Post
idstrong

Retirement & Life Insurance Provider Responds to Application Disruptions

Feb 7, 2024 By Steven In IDStrong
Infosys McCamish Systems (IMS) is a subsidiary of Infosys, a global outsourcing organization. IMS is primarily concerned with delivering life insurance and retirement solutions for clients of Infosys. Among those who use IMS’ services are nationwide organizations, including Bank of America. In November 2023, IMS was made aware of a cyberattack on their systems; the attack disrupted some of IMS’ applications and compromised the information of 57,028 people.
Read Post
idstrong

Orthopaedic Surgeon Group Breached by Vendor Cyberattack; 307k Exposed

Feb 6, 2024 By Steven In IDStrong
Des Moines Orthopaedic Surgeons, P.C. (DMOS) has three clinics throughout Iowa’s capital; they offer comprehensive solutions for ortho-care, from joints to extremities and MRI imaging to outpatient surgery. DMOS utilizes a variety of third-party vendors to serve their patients and the surrounding regions; almost a year ago, DMOS experienced a cybersecurity event through one of these vendors. The unauthorized actors broke into their system and compromised the information of 307,864 individuals.
Read Post
idstrong

Bankers Life-Retirement Solutions Provider-Faces Member Data Breach

Feb 5, 2024 By Steven In IDStrong
Bankers Life and Casualty Company (Bankers) is a nationwide retirement solutions provider. Their services assist members in maintaining and stretching their retirement income, paying for health and treatment programs, finding excellent retirement care, and assisting families with final expenses. There are over 3,800 Bankers agents throughout the US, with most states having one or more physical branches.
Read Post
idstrong

Education Transport and Ride Share Organization Updates on 155k Breach

Feb 5, 2024 By Steven In IDStrong
HopSkipDrive is an education solution that assists guardians with their unique transportation needs; from planning bus logistics to utilizing live ride-share options, HopSkipDrive is a family’s best resource for education transportation. In July 2023, HopSkipDrive received an email from an unknown actor, allegedly claiming that assailants exfiltrated information during a cyber attack.
Read Post
idstrong

GEICO Finds Employee Personal Data Exfiltrated via 2023 MOVEit Breach

Feb 2, 2024 By Steven In IDStrong
The Government Employees Insurance Company (GEICO) is a privately owned insurance group with 18 branches in the US. They provide insurance plans for all aspects of life, including auto, motorcycle, travel, pet, homeowner, renter, and jewelry options. GEICO employs over 38,000 people nationwide, many of whom receive discounted prices for their insurance. GEICO also offers dental insurance to its employees through Delta Dental of California (DDC) and affiliates.
Read Post
idstrong

Weekly Cybersecurity Recap February 2

Feb 2, 2024 By Steven In IDStrong
This week started with a cyber event targeting a Californian insurance brokerage, Keenan & Associates; the assailants garnered over 1.5 million records from the attack. GEICO also announced data from their organization was compromised, although the breach didn’t happen through them; one of their vendors was hit by the global MOVEit event, exposing the data of over 70k employees and associates.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.