Reacting to news reports that some of the more than 220 million personal records on Brazilians that have been offered for sale on the darknet appear to be associated with Experian's Serasa subsidiary, the credit reporting firm says its investigation has turned up no evidence its systems have been compromised.
Microsoft's security team says the company's Office 365 suite of products did not serve as an initial entry point for the hackers who waged the SolarWinds supply chain attack. And SolarWinds' CEO says that no Office 365 vulnerability has been identified that would have opened the door to the attack.
The decline in the total number of U.S. data breaches in 2020 isn't all good news; it reflects that hackers are changing their tactics, says James Lee of the Identity Theft Resource Center, who offers an analysis of the center's new data breach report.
The latest edition of the ISMG Security Report features an analysis of the persistent threat of ransomware. Also featured: Sorting out breaches tied to Accellion’s File Transfer Appliance; an update on fraud trends in 2021.
Alejandro Mayorkas, the newly confirmed secretary of the Department of Homeland Security, says his initial priorities include reviewing all available intelligence on the SolarWinds supply chain hack and scrutinizing the government's cybersecurity programs.
Embedded software vendor Wind River Systems is investigating a security incident within its internal network, according to a notification filed with California authorities. The data that may have been exposed includes Social Security numbers and passport details.
While many details about the SolarWinds Orion hack and full victim list remain unknown, experts have ascribed the apparent espionage campaign to Russia. Now, however, Reuters reports that a separate group of Chinese hackers was also exploiting SolarWinds vulnerabilities to hack targets.
Based on real-world experience and research, this whitepaper shares insights into five of the most dangerous and common IaaS configuration mistakes that could expose your public cloud computing environment to a worst-case security scenario. These are:
Early hacked administrative credentials
In this eBook, we offer a detailed exploration of four key requirements that we think are critical to cloud workload security based on the Forrester Wave: Cloud Workload Security, Q419 Report. By reading this eBook, you’ll gain an understanding of these areas of importance, and you’ll see why we think Forrester...
A data breach of a Washington state auditor's system exposed 1.4 million unemployment claimants’ records. The breach stemmed from an exploit of an unpatched system from Accellion, and the state says it was never notified of the flaw. But Accellion says it notified customers and offered a patch in December.
An organization that administers a children’s dental and health insurance program in Florida took down its online application platform after it discovered the company that hosted its website apparently failed to address vulnerabilities over a seven-year period, resulting in the exposure of personal data.
Reported data breaches in Australia increased 5% in the second half of 2020, but the nation’s privacy regulator says the increase was modest considering the massive shift to working from home. The cause of incidents that rose the most was human error, which often involved email addressing mistakes.
Ransomware attacks continue to pummel organizations, but fewer victims have been paying a ransom, and when they do, on average they're paying less than before, says ransomware incident response firm Coveware, which traces the decline to attackers failing to honor their data deletion promises.
The number of data breaches being reported in the U.S. and elsewhere each year continues to decline. But security experts say this unfortunately can be explained by criminals increasingly focusing on lucrative ransomware and business email compromise scams, which require scant data to be successful.
Wireless carrier UScellular is investigating an incident involving hackers tricking employees into downloading malicious software that compromised a customer relationship management platform, exposing personal data.