Security Affairs

MARCH 7, 2024

The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported cybercrime losses reached $12.5 billion in 2023. The 2023 Internet Crime Report published the FBI’s Internet Crime Complaint Center (IC3) reveals that reported cybercrime losses reached $12.5 billion in 2023. billion in 2023 (+38%).

Ransomware 115

Ransomware Data breaches Personal data Phishing 115

Security Affairs

MARCH 13, 2024

Threat actors behind the ransomware attacks that hit Stanford University in 2023 gained access to 27,000 people. Stanford University confirmed that threat actors behind the September 2023 ransomware attack had access to 27,000 people. The Akira ransomware gang claimed the theft of 430 GB of data from the university’s systems.

Ransomware 116

Ransomware Data breaches Passwords Access 116

IT Governance

NOVEMBER 6, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. When MOVEit was hacked by the Russian Cl0p ransomware gang in May, email addresses and links to government employee surveys were compromised.

Data Privacy 76

Data Privacy Privacy Security Libraries 76

Security Affairs

OCTOBER 4, 2023

The DRM Report Q2 2023 report provides a detailed insight into the ransomware threat landscape during the period between May and August 2023. Ransomware, a menace that has evolved into a formidable adversary, takes center stage in our examination of the cyber threat landscape during the second quarter of 2023.

Ransomware 115

Ransomware Data collection Cybersecurity Security 115

Security Affairs

OCTOBER 18, 2023

Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the bug was still a zero-day. ” reported Google TAG.

Archiving 128

Archiving Security IT Data breaches 128

Security Affairs

OCTOBER 17, 2024

Russia-linked threat actor RomCom targeted Ukrainian government agencies and Polish entities in cyber attacks since late 2023. In the past, RomCom launched ransomware attacks and cyber espionage campaigns, however, it is ramping up attacks focused on data exfiltration from Ukrainian targets.

Government 100

Government Communications Ransomware Phishing 100

IT Governance

OCTOBER 31, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Data has been exfiltrated, but we don’t know how much. The data controller of the breached data is currently unclear. Records breached: Unknown.

Data Privacy 52

Data Privacy Privacy Security Data breaches 52

Hunton Privacy

MAY 4, 2022

In April 2022, two states enacted insurance data security legislation based on the National Association of Insurance Commissioners (“NAIC”) Insurance Data Security Model Law (MDL-668). Kentucky’s law goes into effect on January 1, 2023.

Insurance 110

Insurance Security Compliance Information Security 110

Security Affairs

FEBRUARY 13, 2024

Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. The data collected unearthed a total of 1771 ransomware claims, with 55 recorded incidents in Italy.

Ransomware 113

Ransomware Data collection Cybersecurity Information Security 113

Security Affairs

AUGUST 17, 2024

Background check service National Public Data confirms a data breach that exploded millions of social security numbers and other sensitive information. The company states that the security incident may have occurred in late December 2023, with potential leaks of certain data in April 2024 and summer 2024.

Data breaches 122

Data breaches Archiving Sales Personal data 122

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Libraries 124

Libraries IT Security Information Security 124

IT Governance

NOVEMBER 20, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Date of breach: 26 October 2023 Breached organisation: Homeland, Inc., to its leak site.

Data Privacy 52

Data Privacy Privacy Data breaches Security 52

Security Affairs

OCTOBER 4, 2023

Atlassian fixed a critical zero-day flaw in its Confluence Data Center and Server software, which has been exploited in the wild. Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software.

Mining 127

Mining Access Authentication Cloud 127

Krebs on Security

APRIL 27, 2023

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. A researcher found DC Health had five Salesforce Community sites exposing data.

Access 295

Access Information Security Authentication Communications 295

Security Affairs

NOVEMBER 28, 2023

Threat actors started exploiting a critical ownCloud vulnerability (CVE-2023-49103) that can lead to sensitive information disclosure. It allows individuals and organizations to create their own private cloud storage services, giving them control over their data while facilitating collaboration and file access across multiple devices.

Cybersecurity 119

Cybersecurity Libraries Passwords Access 119

Security Affairs

NOVEMBER 29, 2023

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. On Thursday, October 19, Okta advised customers of a security incident.

Authentication 114

Authentication Cloud Access Archiving 114

Security Affairs

OCTOBER 8, 2024

MoneyGram disclosed a data breach following a cyberattack in September, during which threat actors stole customer data. On September 22, the company informed its customers that it was experiencing a network outage impacting connectivity to several of its systems. ” reads the notice of data breach published by MoneyGram.

Data breaches 106

Data breaches Government Ransomware Cybersecurity 106

Security Affairs

JANUARY 19, 2024

Ransomware groups claimed that they successfully targeted 4191 victims in 2023, Cybernews researchers report. of attacks in 2023), while summer was the most active for ransomware attacks (30.4%). The top 10 groups, based on the number of victims, collectively account for 59% of the total victims in 2023.

Ransomware 128

Ransomware Manufacturing Retail Insurance 128

Security Affairs

OCTOBER 25, 2023

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. reported Citrix. reported Citrix.

Authentication 123

Authentication Access Communications Cloud 123

Security Affairs

NOVEMBER 2, 2023

Rapid7 researchers warn of the suspected exploitation of a recently disclosed critical security flaw (CVE-2023-46604) in the Apache ActiveMQ. Cybersecurity researchers at Rapid7 are warning of the suspected exploitation of the recently disclosed critical vulnerability CVE-2023-46604 in the Apache ActiveMQ. before 5.18.3

Ransomware 123

Ransomware Communications Encryption Cybersecurity 123

Security Affairs

OCTOBER 31, 2023

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. We’ve developed a Proof of Concept for CVE-2023-20198 in #Cisco IOS XE.

Honeypots 130

Honeypots Authentication Access Security 130

Security Affairs

OCTOBER 9, 2023

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM’s X-Force researchers reported that threat actors are conducting a large-scale credential harvesting campaign exploiting the recent CVE-2023-3519 vulnerability (CVSS score: 9.8)

Authentication 118

Authentication Passwords Cybersecurity Security 118

Security Affairs

MAY 12, 2023

Email-based threats have become increasingly sophisticated, how is changing the Email Security Landscape? What started as notes from Nigerian princes that needed large sums of money to help them get home has evolved into bad actors that use refined social engineering tactics to convince the receiver to unknowingly share important information.

Security 93

Security Phishing B2B Data breaches 93

Security Affairs

OCTOBER 25, 2024

US hospice pharmacy OnePoint Patient Care suffered a data breach that exposed the personal info of approximately 800,000 individuals. The company suffered a data breach that exposed the personal info of approximately 800,000 individuals. ” reads the notice of Data Security Incident published by the company on its website.

Data breaches 100

Data breaches Ransomware Security IT 100

Security Affairs

SEPTEMBER 4, 2023

Cybercrime will cost Germany 206 billion euros ($224 billion) in 2023, German digital association Bitkom told Reuters. According to the German digital association Bitkom, cybercrime will have a worrisome impact on the economy of the state in 2023. The digital communications of 61% of companies was compromised, +4% on the year.

Communications 119

Communications Security IT Information Security 119

Security Affairs

MAY 19, 2024

WebTPA, a third-party administrator that provides healthcare management and administrative services, disclosed a data breach. The US company disclosed a data breach that impacted almost 2.5 The investigation revealed that an unauthorized actor may have obtained personal information between April 18 and April 23, 2023.

Data breaches 115

Data breaches Insurance Cybersecurity Security 115

Security Affairs

SEPTEMBER 12, 2024

Fortinet disclosed a data breach after a threat actor claimed the theft of 440GB of files from the company’s Microsoft Sharepoint server. The threat actor taunted the company, doubting its capabilities even after the acquisition of firms specializing in cloud security and data loss prevention. Guess what?

Data breaches 121

Data breaches Cybersecurity Cloud Access 121

Security Affairs

APRIL 29, 2024

Google announced that in 2023, they have prevented 2.28 This amazing result was possible thanks to the introduction of enhanced security features, policy updates, and advanced machine learning and app review processes. Google announced they have prevented 2.28 million policy-violating apps from being published on Google Play.

Privacy 104

Privacy Access Risk Security 104

IT Governance

MARCH 1, 2023

Welcome to our February 2023 list of data breaches and cyber attacks. It follows a mammoth start to the year, with more than 277 million breached records in January , and brings the running total for the year to over 300 million pieces of compromised personal data.

Data breaches 122

Data breaches Ransomware e-Delivery Government 122

Security Affairs

AUGUST 2, 2023

Researchers warn that hundreds of Citrix servers have been hacked in an ongoing campaign exploiting the RCE CVE-2023-3519. Cybersecurity and Infrastructure Security Agency (CISA) recently warned of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting the zero-day CVE-2023-3519.

Cybersecurity 94

Cybersecurity Cloud Encryption Passwords 94

Hunton Privacy

JUNE 9, 2022

515 , making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). Information Security Program Requirements. On May 27, 2022, Vermont Governor Phil Scott signed H.515

Insurance 107

Insurance Security Information Security Cybersecurity 107

Security Affairs

FEBRUARY 5, 2024

Hewlett Packard Enterprise (HPE) is investigating a new data breach after a threat actor claimed to have stolen data on a hacking forum. Hewlett Packard Enterprise (HPE) is investigating a new data breach, following the discovery of an offer on a hacking forum where a threat actor claimed to be selling the allegedly stolen data.

Security 112

Security Data breaches Cybersecurity Access 112

Security Affairs

MAY 27, 2024

Prescription service firm Sav-Rx disclosed a data breach that potentially impacted over 2.8 Prescription service company Sav-Rx disclosed a data breach after 2023 cyberattack. The company is notifying 2,812,336 individuals impacted by the security breach in the United States. million people in the United States.

Data breaches 116

Data breaches Cybersecurity Insurance Access 116

Security Affairs

FEBRUARY 13, 2024

Bank of America revealed that the personal information of some customers was stolen in a data breach affecting a third-party services provider. Bank of America began notifying some customers following a data breach at the third-party services provider Infosys McCamish System (IMS). This review process is ongoing.

Data breaches 116

Data breaches e-Discovery Ransomware Cybersecurity 116

Security Affairs

JULY 19, 2024

Personal and health information of 12.9 MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia. Threat actors gained access to the personal and health information of an undisclosed number of individuals. million individuals.

Data breaches 106

Data breaches Unstructured data Ransomware Phishing 106

Security Affairs

DECEMBER 19, 2023

Comcast’s Xfinity discloses a data breach after a cyber attack hit the company by exploiting the CitrixBleed vulnerability. Comcast’s Xfinity is notifying its customers about the compromise of their data in a cyberattack that involved the exploitation of the CitrixBleed flaw. ” reads the notice of a security incident.

Authentication 114

Authentication Passwords Data breaches Communications 114

Security Affairs

JUNE 7, 2024

The campaign seems to have been active since at least October 2023, it initially targeted a limited number of customers/organizations but recently became widespread. Post-exploitation features include network port scanning and access to existing databases and server data. ” reads the analysis published by Akamai.

File names 112

File names Passwords Access Cloud 112