Reported data breaches in Australia increased 5% in the second half of 2020, but the nation’s privacy regulator says the increase was modest considering the massive shift to working from home. The cause of incidents that rose the most was human error, which often involved email addressing mistakes.
Ransomware attacks continue to pummel organizations, but fewer victims have been paying a ransom, and when they do, on average they're paying less than before, says ransomware incident response firm Coveware, which traces the decline to attackers failing to honor their data deletion promises.
The number of data breaches being reported in the U.S. and elsewhere each year continues to decline. But security experts say this unfortunately can be explained by criminals increasingly focusing on lucrative ransomware and business email compromise scams, which require scant data to be successful.
Wireless carrier UScellular is investigating an incident involving hackers tricking employees into downloading malicious software that compromised a customer relationship management platform, exposing personal data.
New Zealand’s financial regulator has issued a searing report about IT security failures at NZX, the country’s stock exchange, that contributed to a disruptive DDoS attack. The regulator says NZX had inadequate IT security and failed to prepare for DDoS attacks.
The operators of the Nefilim ransomware used the credentials of a deceased system administrator to plant their crypto-locking malware in about 100 vulnerable systems during one attack, according to Sophos. These types of "ghost" accounts are an increasing issue for security teams.
With ransomware continuing to fuel a massive surge in illicit profits, some experts have been calling on governments to launch offensive hacking teams to target cybercrime cartels. They're also calling for a review of cyber insurance payouts being used to fund ransoms.
North Korean hackers have been "targeting security researchers working on vulnerability research and development at different companies and organizations" to trick them into installing backdoored software that gives attackers remote access to their systems, warns Google's Threat Analysis Group.
The Austrian construction equipment manufacturing firm Palfinger AG reports being hit with a cyberattack that has knocked the majority of its worldwide IT infrastructure offline, eliminating its ability to use email and conduct business.
A proposed class-action lawsuit has been filed against Rady Children's Hospital-San Diego in the wake of a data breach resulting from a ransomware attack on Blackbaud, the hospital's cloud-based fundraising software vendor.
Security vendor SonicWall is investigating what the company calls a "coordinated attack" against its internal network by threat actors using a zero-day exploit within the company's remote access products. SonicWall is urging customers to apply temporary fixes to secure VPNs and gateways.
Intel is investigating an incident in which an unauthorized person accessed a portion of the company's latest quarterly financial report, forcing the chipmaker to release its earnings slightly earlier than planned.
The new Biden administration has pledged to hold Russia accountable for its recent "reckless and adversarial" actions and has ordered a full-scale intelligence review of the SolarWinds hack. The moves signal the importance of cybersecurity to President Biden's national security agenda.