U.K. flag carrier British Airways informed employees that hackers had accessed data via payroll provider Zellis and the MOVEit vulnerability. (Image: Shutterstock)

Microsoft Attributes MOVEit Transfer Hack to Clop Affiliate

Jayant Chakravarti • June 5, 2023

Microsoft says an affiliate of the Russian-speaking Clop ransomware gang is behind a rash of attacks exploiting a recently patched vulnerability in Progress Software's MOVEit application. Known victims include British payroll provider Zellis, which says eight corporate customers were affected.

Governance & Risk Management

Sports Warehouse Fined $300,000 Over Payment Card Data Theft

Latest

Governance & Risk Management

Psychiatry Practice Fined for Posting PHI Online

Marianne Kolbasuk McGee • June 5, 2023

Federal regulators have once again smacked a healthcare provider with a HIPAA settlement involving patient protected health information that was disclosed in response to a negative online review.

3rd Party Risk Management

Iowa Reports Third Big Vendor Breach This Year

Marianne Kolbasuk McGee • June 5, 2023

The Iowa Department of Health and Human Services has reported to federal regulators its third major health data breach involving a vendor since April. This time, Iowa HHS/Medicaid says the data of nearly 234,000 individuals was compromised in a mega hack recently reported by MCNA Insurance Co.

Cyberwarfare / Nation-State Attacks

Why Cyber Defenders Need Partnerships, Tools and Education

Steve King • June 5, 2023

In this episode of "Cybersecurity Insights," Lonnie Price of Peraton discusses the importance of partnerships between the public and private sectors to help Ukrainians with the war effort. He also shares how we can become better educated and more efficient as cyber defenders.

Business Continuity Management / Disaster Recovery

Why Rubrik Is Looking to Break Cybersecurity's IPO Dry Spell

Michael Novinson • June 5, 2023

Despite the beating new publicly traded security companies have taken during the economic downturn, Rubrik is looking to test its luck in the public market. Reuters reported Monday the firm is working with Goldman Sachs, Barclays and Citigroup in preparation for an IPO that could take place in 2024.

General Data Protection Regulation (GDPR)

Microsoft Sets Aside $425M for Anticipated GDPR Fine

David Perera • June 3, 2023

Microsoft is warning investors it may receive a fine from European privacy regulators adding up to at least hundreds of millions of dollars over targeted advertising on its LinkedIn social network. European authorities have shown increased willingness to use the GDPR to limit targeted advertising.

Cybercrime

Chinese APT Backdoor Bypasses Indonesian Antivirus

Jayant Chakravarti • June 2, 2023

A Chinese espionage threat group is using a novel backdoor to bypass popular Indonesian antivirus tool Smadav. Targets include European embassies in Southeast and East Asia. Smadav treats processes with no windows as suspect. The APT gets around that by opening a window not visible to users.

Leadership & Executive Communication

ISMG Editors: Why Communications Skills Matter for CISOs

Anna Delaney • June 2, 2023

In the latest weekly update, ISMG editors discuss why communication is vital to be an effective CISO in 2023, how the hack of Florida-based dental insurer MCNA affects nearly 9 million people, and how CyberArk is securing privileged users with a new browser.

Endpoint Protection Platforms (EPP)

SentinelOne Lays Off 5% of Staff as Data Consumption Tumbles

Michael Novinson • June 1, 2023

SentinelOne plans to ax approximately 105 workers after a significant drop in data usage for products with consumption-based pricing caused revenue to fall short of expectations. The company revealed plans to reduce its staff by 5% to remain on track with achieving non-GAAP profitability next year.

Endpoint Security

Kaspersky Discloses Apple Zero-Click Malware

Akshaya Asokan • June 1, 2023

Russian cybersecurity firm Kaspersky disclosed iOS zero-click malware on the same day the Kremlin claimed it had uncovered a U.S. intelligence smartphone spy campaign. "We have never worked with any government to insert a backdoor into any Apple product and never will," an Apple spokesperson said.

Fraud Management & Cybercrime

After Ransomware Attack, Oakland Faces Data Breach Lawsuit

Mathew J. Schwartz • June 1, 2023

A flurry of legal complaints and a lawsuit have been filed against the city of Oakland, California, after it fell victim to a ransomware attack. The Play group claimed credit for the attack and posted some of stolen information, which includes personal details, ID numbers and health information.

Fraud Management & Cybercrime

Lab Testing Firm Says Ransomware Breach Affects 2.5 Million

Marianne Kolbasuk McGee • June 1, 2023

A Long Island, New York-based life sciences company has reported to the U.S. Securities and Exchange Commission that clinical test information of nearly 2.5 million individuals was compromised in a ransomware attack in April involving data exfiltration.

Fraud Management & Cybercrime

Breach Roundup: Amazon Settles US FTC Investigations

Prajeet Nair • June 1, 2023

This week: Amazon settled privacy and cybersecurity investigations with the U.S. FTC, SAS received a $3 million extortion demand and apparently Ukrainian hacktivists penetrated Russia's Skolkovo Foundation. Plus, breaches at Onix Group and Toyota and a warning about Salesforce "ghost sites."