Anonymous Targets German Branch of Rosneft, Steals 20TB of Data
Read also: Israel hit with a large-scale DDoS attack, hundreds of GoDaddy-hosted websites infected with a backdoor, and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Understanding The HIPAA Breach Notification Rule
HIPAA requires covered entities and business associates to secure protected health information (PHI). Failing to do so can result in steep fines and penalties. Some PHI breaches, however, are out of the organization’s control. Determined hackers can expose PHI, and employees can make mistakes — they’re only human, Despite training, rigorous security protocols, and constant monitoring, data breaches can happen.
This Is the Reason Behind 70% Of Data Breaches
70% of the data breaches involve the negligence of a 3rd party. Let’s understand this with Target’s classic example. In 2013, they were using a contractor, Fazio, to do maintenance of their air conditioning systems. The hackers got into the Fazio systems and used it as a jumping pod to infiltrate and hack into Target’s infrastructure. Big companies like Audi and Volkswagen have also suffered such cyberattacks due to 3rd party negligence.
Hackers Breached Samsung, Stole Galaxy Source Code
Read also: Rompetrol hit by Hive ransomware, Mozilla fixes Firefox zero-days, and more.
Breach Costs - Millions of Lost Revenue
At the end of 2021, Capital One agreed to pay a settlement of $190 million to 98 million customers whose personal data was stolen in a 2019 data breach. Similar class-action lawsuits were filed in 2021 against T-Mobile, Shopify, and Ledger. When it comes to the cost of breaches, however, those are just the legal fees. Every year, businesses lose millions of dollars in revenue to cyberattacks and data breaches.
The State of Cybersecurity in 2022
2021 was an interesting year for all of us working in IT security. It wasn’t just the spike in supply chain attacks, most notably SolarWinds and Kasaya. It wasn’t just the waves of vulnerabilities leading to privileged access and remote code execution (RCE) in Microsoft Exchange, in printer drivers, externally exposed remote desktop protocol (RDP), and, of course, in OSS projects like Log4J.
12 Biggest Healthcare Data Breaches (Updated May 2022)
The healthcare industry suffers some of the highest volumes of cyberattacks and there are whispers of a lot more to come. Combine this trend with breach damage costs surpassing all other industries and you get the thunderous warning of a devastating cyberattack storm approaching the sector. To help healthcare entities strengthen their cyber resilience, we’ve compiled a list of some of the biggest data breaches in the healthcare industry, ordered by degree of impact.
Data Breach vs. Data Leak: What's the Difference?
Simply put, a data leak is when sensitive data is unknowingly exposed to the public, and a data breach is an event caused by a cyberattack. An example of a data leak is a software misconfiguration facilitating unauthorized access to sensitive resources - such as the major Microsoft Power Apps data leak in 2021. An example of a data breach is a cybercriminal overcoming network security controls to gain access to sensitive resources.
Lessons From Billions of Breached Records by Troy Hunt of https://haveibeenpwned.com
Security flaws, hackers and data breaches are the new normal. It’s not just those of us in the industry facing these foes every single day; it’s everyone. Whether you’re online or offline, you simply cannot exist today without your personal information being digitized in systems which are often left vulnerable and exploited at the whim of attackers. But who are these people — the ones who seek to break through our defenses and exploit our data? And how are they continually so effective at doing so, despite our best efforts?
How to Detect Data Exfiltration (Before It's Too Late)
A data exfiltration attack involves the unauthorized transfer of sensitive data, such as personal data and intellectual property, out of a target system and into a separate location. These transfers could either occur internally, through insider threats, or externally, through remote Command and Control servers. Every cyberattack with a data theft objective could be classified as a data exfiltration attack.