Identity and access management giant Okta says some customer data was exposed by the "relentless phishing campaign" that breached Twilio, which it uses to provide some SMS services. Twilio says attackers accessed data for 163 customer organizations.
As ransomware continues to pummel organizations left, right and center, two states have responded by banning certain types of ransom payments, and more look set to soon follow suit. But experts warn such bans could have "terrible consequences," leading to costlier and more complicated recovery.
The recently discovered Russian-linked MagicWeb malware that exploits on-premises Microsoft Active Directory Federated Services servers to persist in compromised systems underscores the benefits of cloud-based infrastructure and a zero trust approach to architecture, security researchers say.
A probe into alleged use of Pegasus spyware on Indian citizens identified malware on five of the 29 volunteers who submitted their devices for forensic examination. The nature of the malware was not disclosed, but Chief Justice of India said New Delhi did not cooperate with investigators.
Password manager stalwart LastPass acknowledged Thursday that a threat actor gained unauthorized access to its source code and proprietary technical information. The attacker does not appear to have gained access to customer data or encrypted password vaults.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including implications of the Russia-Ukraine cyberwar, the former CISA director’s somber message to the industry at Black Hat, and how the cryptocurrency landscape is changing.
In many healthcare entities, the amount of data that is being generated and retained continues to grow - and that mounting trove of legacy data is often never disposed, expanding the surface for cyberattacks and other compromises, says Matthew Bernstein of consulting firm Bernstein Data.
Fintech company Block faces a putative class action demanding damages for customers affected by a 2021 data breach that affected 8.2 million individuals. The company, formerly known as Square and co-founded by former-Twitter CEO Jack Dorsey, disclosed the breach in April.
The ongoing COVID-19 pandemic continues to fuel new opportunities for cybercriminals, malicious insiders and other adversaries who are posing new security threats to the privacy of patient health data, says attorney Erik Weinick of law firm Otterbourg P.C.
Retailer Sephora has been fined $1.2 million as part of a settlement agreement with California's attorney general, over accusations that it violated the California Consumer Privacy Act by failing to disclose that it was selling customers' data and not honoring their opt-out requests.
The latest edition of the ISMG Security Report discusses how ransomware-as-a-service groups are shifting their business models, how investigators battling cybercrime have been hindered by GDPR, and how employees consider workplace "choice" a key factor for job satisfaction.
A breach investigation into an incident initially appearing to affect only one individual has turned into a $300,640 HIPAA settlement for a dermatology practice that was subsequently discovered to be improperly disposing many patient information for more than a decade.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.