Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2024

knowbe4

The First Half of 2024 Results in More Than 1 Billion Data Breach Victims

Jul 31, 2024 By Stu Sjouwerman In KnowBe4
New data shows that cyber attacks have resulted in double the number of data breaches in 2024 than throughout all of 2023. After a data breach, there are two common impacts– an organization with disrupted operations and customer victims. We tend to focus only on the duration it takes for an organization to regain normal operations, but the total number of victims from a data breach can take years to tally.
Read Post
ekran

What is Data Misuse? 4 Ways to Detect and Prevent Misuse of Information

Jul 29, 2024 By Ekran In Ekran
Access to data comes with significant responsibility, and misuse of this access can negatively affect organizations. When employees misuse data for personal gain or other unauthorized purposes, it can jeopardize data security and lead to costly breaches. Indeed, 68% of data breaches involve a human element, according to the 2024 Data Breach Investigations Report by Verizon.
Read Post
foresiet

Gemini Exchange Breach Highlights Supply Chain Vulnerabilities

Jul 29, 2024 By Foresiet In Foresiet
A recent security incident has shaken the cryptocurrency community as Gemini, a prominent US-based crypto exchange, disclosed a supply chain breach that compromised personal and banking information of thousands of customers. This breach underscores the importance of robust digital footprint analysis and brand protection strategies in the ever-evolving landscape of cybersecurity.
Read Post
salt security

Another API Security Breach: Life360

Jul 26, 2024 By Hadar Freehling In Salt Security
Another day, another API breach in the news. The latest breach occurred on the Life360 platform where an advisory was able to gleam 400k user phone numbers, based on the article written on Bleepingcomputer.com. Known only by their 'emo' handle, they said the unsecured API endpoint used to steal the data provided an easy way to verify each impacted user's email address, name, and phone number.
Read Post
idstrong

Avoiding Scams During the 2024 Paris Olympics

Jul 26, 2024 By IDStrong In IDStrong
Breakdancing is coming to the world stage while French citizens stage a creative protest with the hashtag “JeChieDansLaSeineLe23Juin.” We’ll leave the dirty research on that to you. Regardless, the ramp-up to the 2024 Paris Olympics is proving to be an exciting and controversial affair. However, the Olympic call isn’t reserved for top athletes and sports enthusiasts. It’s also a prime opportunity for scam artists and fraudsters to exploit an influx of tourists.
Read Post
WatchGuard

Security breaches in the supply chain increase by 68%

Jul 24, 2024 By Carlos Arnal In WatchGuard
In today's digital landscape, businesses heavily rely on third-party software for their daily operations. This reliance has led to a surge in software supply chain attacks, which are becoming increasingly prevalent and sophisticated. These attacks exploit vulnerabilities in external tools or services to gain unauthorized access and compromise systems.
Read Post
foresiet

Verizon Settles for $16 Million Over TracFone Data Breach: New Security Measures Required

Jul 24, 2024 By Foresiet In Foresiet
In a significant development in the realm of data security, Verizon Communications has agreed to a $16 million settlement with the Federal Communications Commission (FCC) following a series of data breaches at its subsidiary, TracFone Wireless. The breaches, which occurred between 2021 and 2023, have led to increased scrutiny on Verizon's data protection practices and will result in mandatory improvements to its security measures.
Read Post
1Password

Credential-based data breaches: Five ways to shore up defenses and prevent unauthorized access

Jul 23, 2024 By 1Password In 1Password
Over the last few months, there have been a number of credential-based breaches, including the attacks on Ticketmaster, Santander Bank, and others. As details regarding this string of attacks continue to be uncovered, it is critical that organizations take precautionary measures in order to protect themselves and their customers from potentially being compromised by cybercriminals.
Read Post
levelblue

What Healthcare Providers Should Do After A Medical Data Breach

Jul 23, 2024 By Karoline Gore In LevelBlue
Healthcare data breaches are on the rise, with a total of 809 data violation cases across the industry in 2023, up from 343 in 2022. The cost of these breaches also soared to $10.93 million last year, an increase of over 53% over the past three years, IBM’s 2023 Cost of a Data Breach report reveals. But data breaches aren’t just expensive, they also harm patient privacy, damage organizational reputation, and erode patient trust in healthcare providers.
Read Post
idstrong

Door-To-Door Scams: Common Types and How They Work

Jul 19, 2024 By Steven In IDStrong
Over the years, door-to-door scams have become rampant, targeting unsuspicious homeowners with various tactics. The door-to-door scam involves individuals disguising themselves as sales representatives or service providers to access people's homes to gain personally identifiable information like social security numbers, properties, or money. There are various door-to-door scams, and understanding how they work is crucial to protecting oneself and the community.
Read Post
idstrong

How To Protect Your Home Title From Deed Theft

Jul 19, 2024 By Steven In IDStrong
Nowadays, there is an increase in offensive real estate fraud, with potentially disastrous outcomes for homeowners. The practice known as deed fraud or house title theft involves an online scam for a fraudulent transfer of property ownership. Then, in order to make money, thieves can either sell the house, get a mortgage on it, or even rent it out. Home title theft can cause significant financial loss for individuals and families.
Read Post
idstrong

Watering Hole Attacks: What They Are and How to Prevent Them

Jul 19, 2024 By Steven In IDStrong
Hackers often lurk around the most popular websites, looking for ways to exploit users. These sites include ticket purchasing, travel, e-commerce, and banking. Watering hole attacks continue to become a genuine threat to any user who frequently visits popular sites.”Hackers use malware, browser exploits, and DNS poison to lure users into exposing their login credentials or clicking on a malicious link.” Has a watering hole attack compromised your credentials, email, or phone?
Read Post
idstrong

What is a Brute Force Attack in Cybersecurity and How to Prevent it

Jul 19, 2024 By Steven In IDStrong
In the world today, there is a plethora of critical data circulating the internet, leading to complex attacks like brute force attacks. Individuals who are after this data for the wrong purpose and who use brute force attacks to gain access to these data are called cyber attackers.
Read Post
obrela

The Cost of Complacency: Analyzing the Financial Impact of Cybersecurity Breaches

Jul 19, 2024 By Obrela In Obrela
In today’s digital landscape, the importance of robust cybersecurity measures cannot be overstated. Yet, despite the clear and present danger posed by cyber threats, many organizations still underinvest in cybersecurity, operating under a false sense of security. This complacency can be incredibly costly, as the financial ramifications of cybersecurity breaches are staggering.
Read Post
foresiet

Unveiling the Wallet behind the Cyber Heist WazirX: A Deep Dive by Foresiet

Jul 19, 2024 By Foresiet In Foresiet
In today's digital age, cyber theft has become a rampant issue, with malicious actors constantly devising new ways to exploit vulnerabilities and steal valuable assets. At Foresiet, our mission is to stay ahead of these threats by providing comprehensive threat intelligence and cybersecurity solutions. In our latest investigation, we have uncovered a cryptocurrency wallet potentially linked to a significant cyber heist.
Read Post
foresiet

Life360 Data Breach Exposes Over 400,000 User Phone Numbers

Jul 18, 2024 By Foresiet In Foresiet
A significant data breach has compromised the personal information of 442,519 Life360 customers due to a vulnerability in the company's login API. The breach, discovered in March 2024, has exposed sensitive user details, including email addresses, names, and phone numbers. This incident underscores the critical importance of robust cybersecurity measures, particularly for services handling vast amounts of personal data. Exploiting an Unsecured API Endpoint.
Read Post
idstrong

Pyramid Scheme: What Is it and How Does It Work?

Jul 18, 2024 By Steven In IDStrong
Pyramid schemes are one of the world's most well-known forms of financial fraud. For many years, they have victimized people who trust the promises of quickly making easy and significant profits. The frightening thing about these schemes is that they are built on a "business model" doomed to collapse. It is essential to understand what principles the pyramid operates in to be able to reveal and then avoid involvement in such a scam.
Read Post
Trustwave

6 Steps on How to Respond to a Data Breach Before it Ruins Your Business

Jul 17, 2024 By Trustwave In Trustwave
Too many consumers have awoken one morning to find messages from a retailer or their bank detailing purchases made through their account of which they were unaware. While the realization that they have been hacked will cause some well-deserved panic for the account holder, it usually only takes a few phone calls to cancel purchases, change a password, and cancel a credit card to put a stop to the problem.
Read Post
idstrong

What is Hashing and How Does It Work in Cyber Security?

Jul 17, 2024 By Steven In IDStrong
Hashing transforms a key or set of characters into a unique value from the original input, all for cybersecurity data validation and integrity checking. Hashing is a one-way process based on creating a value to associate with a specific data set. Security solutions providers like IDStrong use the highest level of hashing and encryption to protect their users' information. Organizations like IDStrong understand how critical safeguarding their consumer’s credentials is.
Read Post
idstrong

The CIA Triad: Confidentiality, Integrity, and Availability

Jul 17, 2024 By Steven In IDStrong
The confidentiality, integrity, and availability (CIA) triad is a critical concept in cybersecurity, including three fundamental principles that help protect information. Organizations seeking a starting point for developing an information security framework would benefit from the triad model.
Read Post
idstrong

What is Protected Health Information (PHI)? And why is it important?

Jul 16, 2024 By Steven In IDStrong
“Safeguarding personal health information (PHI) is governed under the Health Insurance Portability and Accountability Act (HIPAA).” Protecting identifiable health data is the responsibility of everyone who comes into contact with it, including covered entities. Healthcare providers, health plan companies, school districts not covered under FERPA, universities, employers, and federal, state, and local government agencies are mandated to protect PHI data from any security risk.
Read Post
idstrong

What is a Ponzi Schemes: History and Examples

Jul 16, 2024 By Steven In IDStrong
Ponzo schemes continue to grow in complexity and notoriety. These schemes are not transactions or one-time hacks. “Ponzi schemes are fraudulent business operations that promise high returns with little or no risk, claiming investors' money will go towards a legitimate investment.” Investors believe they will score huge returns from their initial investment, yet most only realize once it is too late that the entire scheme is doomed to fail from the beginning.
Read Post
idstrong

How to Stay Away from LinkedIn Scams

Jul 16, 2024 By Steven In IDStrong
LinkedIn is the world's largest professional networking service for accountants, policemen, politicians, advertising professionals, business executives, college students, investment bankers, and consultants. Most use LinkedIn to connect with others and help with career development, new business contacts, and professional networking. However, job scams and other online cybercriminals use LinkedIn features for fraudulent activities.
Read Post
idstrong

What Is Google Chat Scam and How to Spot and Stop It

Jul 16, 2024 By Steven In IDStrong
Google Chat is a popular communication software that allows you to share content and send messages in real time. Individuals use it for personal communication or collaboration with teams at work. However, as its popularity is increasing, people are using it as their primary form of communication.
Read Post
Trustwave

Latest AT&T Data Breach Highlights the Need to Double Down on Cybersecurity Basics

Jul 15, 2024 By Eric Harmon In Trustwave
AT&T reported on July 12 that an internal investigation had revealed that the telecommunication provider had been victimized by a third-party breach,resulting in the compromise of records of calls and texts of nearly all of AT&T’s cellular customers. An AT&T spokesperson confirmed to a news source that the breach resulted from of the data stolen from cloud storage firm Snowflake.
Read Post
idstrong

Financial Business and Consumer Solutions Data Breach

Jul 10, 2024 By IDStrong In IDStrong
Financial Business and Consumer Solutions (FBCS) was founded in 1982 as Federal Bond Collection Services and currently has over 100 employees. Based in Pennsylvania, the name was later changed in 2014. The company is a licensed debt collection agency offering specialized solutions for creditors across various product verticals to meet their diverse needs. Such creditors include those playing in healthcare, consumer credit, utilities, auto, and education services.
Read Post
securitysenses

Understanding the Importance of Access Control Systems for Tech Businesses

Jul 9, 2024 By SecuritySenses In SecuritySenses
Access control systems play a vital role in safeguarding the security and integrity of your tech business. These systems assist in regulating who can enter or access specific areas within your organization. Implementing effective access control measures can protect sensitive information and ensure compliance with industry regulations.
Read Post

Lessons From the Front Line - Examining Real-Life Cyber Breaches

Jul 8, 2024 By Cloudflare In Cloudflare
Cybersecurity professionals are bracing themselves as the relentless cycle of new phishing scams, malware attacks, and AI-enabled threats make it hard to stay a step ahead. Against this background, the Department of Home Affairs is proposing to establish a Cyber Incident Review Board to protect and investigate Australian organizations that have been breached. But is this enough?
View Video
foresiet

Twilio's Authy App Breach: Millions of Phone Numbers Exposed

Jul 5, 2024 By Foresiet In Foresiet
Twilio, the cloud communications provider, has disclosed a security breach affecting its Authy app, exposing users' phone numbers due to an exploit in an unauthenticated endpoint. Understanding the Authy App Breach Twilio confirmed unauthorized access to an endpoint within Authy, leading to the exposure of data linked to Authy accounts, specifically users' cell phone numbers.
Read Post
protegrity

Enhancing Data Security in the Wake of Recent High-Profile Breaches

Jul 5, 2024 By Protegrity In Protegrity
Recent high-profile breaches at Ticketmaster and Santander, attributed to the ShinyHunters group, have brought the critical need for robust data protection measures to the forefront. ShinyHunters, a notorious cybercriminal group known for stealing data from various organizations for financial gain, has demonstrated how vulnerabilities in third-party platforms can lead to significant data breaches.
Read Post
keeper

Were You Part of the 2024 AT&T Breach? Don't Panic. Here's What to Do.

Jul 5, 2024 By Keeper In Keeper
If you were one of the 70+ million people affected by the 2024 AT&T data breach, you are likely concerned about the safety of your accounts and the risk of your identity being stolen. Although some of the data is from 2019 or earlier, according to AT&T, the 2024 data breach occurred this past March when stolen customer data was found on the dark web. If you were part of this data breach, your identity could be at risk of being stolen because customers’ Social Security numbers were exposed.
Read Post
vista infosec

Chip maker launches probe into data theft amid cybersecurity concerns

Jul 2, 2024 By Narendra Sahoo In VISTA InfoSec
American chip giant Advanced Micro Devices, Inc. (AMD) announced that it has launched a probe of a data breach carried out by a cybercriminal group called Intelbroker that led to several private documents and information being stolen which occurred early this month. In a statement to media outlets, the company spokesperson said that it is working closely with the authorities and a third-party hosting partner to investigate the impact of the breach.
Read Post
kovrr

Likely Disclosure Inconsistencies With Massive Snowflake Data Breach

Jul 2, 2024 By Kovrr In Kovrr
‍After unearthing evidence as early as May 2024, cloud computing–company Snowflake released an official statement on June 2, reporting that they were investigating a series of targeted cyber events. A week later, Google's Mandiant, who, alongside Crowdstrike, is aiding Snowflake in this investigation, concluded that clients had been attacked after malicious actors had gotten access to compromised credentials.
Read Post

Secrets in Plain Sight: Unveiling over 1 million secrets on public websites

Jul 2, 2024 By GitGuardian In GitGuardian
Join us at CodeSecDays for an insightful session with Cybernews researcher Vincentas Baubonis, who will reveal how their team discovered 1,141,004 secrets across 58,364 websites. Learn how exposed environment (.env) files containing passwords, API keys, and email credentials can lead to data breaches and site takeovers. We’ll discuss common leaked secrets like database credentials and AWS keys, and their impact, and share research methodology, ethical considerations, and steps to prevent exposure.
View Video
Arctic Wolf

TeamViewer Detects Compromise

Jul 2, 2024 By Andres Ramos In Arctic Wolf
On June 26, 2024, TeamViewer published a statement disclosing they detected an irregularity in TeamViewer’s internal corporate IT environment. TeamViewer is an organization that provides remote access software for devices and is extensively utilized by businesses and individuals globally. Upon detecting the incident on June 26th, TeamViewer immediately activated their response team and procedures and started investigations while implementing necessary remediation measures.
Read Post
WatchGuard

Ticketmaster Incident: How to protect your company's Cloud

Jul 1, 2024 By Kirk Jensen In WatchGuard
Cloud systems were created to maintain information on a comprehensive, accessible, and flexible platform. Although this system is still preferred by many companies, especially multinationals, to facilitate access to information between different teams within organizations, irresponsible use of the Cloud can create serious problems for corporate cybersecurity. Ticketmaster is a recent case in point.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.