Ten U.S. senators this week wrote to the secretaries of both the Department of Homeland Security and the Department of Transportation inquiring about specific measures they plan to pursue to prevent and respond to cyberattacks on the nation's critical infrastructure.
New York State Attorney General Leticia James detailed a credential stuffing investigation that showed the compromise of 1.1 million user accounts linked to "well-known" retail operations. The 17 companies involved reportedly agreed to put new measures in place to mitigate cyber risks.
The websites of Expresso and SIC, Portugal's largest news publications, remain offline for a third day. A ransomware attack on the parent company Impresa Group was carried out by the Lapsus$ ransomware group - a relatively new bad actor that has made three high-impact attacks in less than a month.
A Zloader malware campaign has been exploiting Microsoft’s digital signature verification to steal cookies, passwords and sensitive information, according to Check Point Research. The threat actor, likely MalSmoke, used legitimate remote management software to gain initial access.
The U.S. Federal Trade Commission, the nation's top consumer protection agency, issued notice that it "intends to use its full legal authority to pursue companies" failing to mitigate against Apache's Log4j vulnerabilities – or similar vulnerabilities in the future.
Applying cloud access security broker’s three functionalities - API-level integration with managed device transfer for visibility, in-line CASB for proxy and other devices, and its control over cloud and other access points - helps provide better control and the ability to protect and secure user access, says Thomas...
A healthcare technology vendor is notifying dozens of its healthcare provider clients of an email security breach affecting their patients' protected health information. Experts say the incident serves as the latest reminder of the risks business associates pose to sensitive healthcare data.
In an update on the Apache Log4j vulnerability, Microsoft says exploitation attempts and testing for vulnerable systems and devices remained "high" through late December. This comes after security leaders have identified sophisticated and even state-backed attacks targeting vulnerable devices.
Remember Y2K? Widespread disruption was feared since systems that rendered dates as two digits needed to be updated to work with four. Well, Microsoft Exchange just issued a workaround to fix a fatal error that disrupted email delivery due to a date check failure with the change of the New Year.
A Florida-based gastroenterology practice is in the process of notifying more than 212,500 individuals of a December 2020 breach involving a business email compromise and fraud. What steps can other entities take to prevent falling victim to similar incidents?
Mobile carrier T-Mobile fell victim to another data breach, this time linked to a SIM swap attack that affected "a very small number" of its 105 million customers. Details remain scarce, but T-Mobile says it has enacted proper incident response protocols to limit the number of people affected.
A Florida public hospital system has kicked off the New Year of breaches by reporting to regulators a hacking incident detected in October that involved data exfiltration affecting the personal information of more than 1.3 million patients and employees.
In a series of crypto giveaway scams, cybercriminals targeted the official Twitter accounts of the Indian Medical Association, the Indian Council of World Affairs and Mann Deshi bank. The incidents highlight why social media accounts need better access management strategies.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.