In a breach notification letter filed with New Hampshire's Office of the Attorney General, Bose said that in early March 2021, the company "experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across" its "environment."
Rapid7 has disclosed that the attackers behind the Codecov breach had accessed some of the company's source code using a previously compromised Bash Uploader script from Codecov.
More than 60 experts from industry, government, law enforcement, civil society and international organizations have worked together to develop a comprehensive framework, breaking down siloed approaches and advocated for a unified, aggressive, comprehensive, public-private anti-ransomware campaign.
The 81-page report, "A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force," includes 48 recommendations that together form a comprehensive framework to address ransomware. The report was delivered to the Biden administration this week. Among those, these priority recommendations are the most foundational and urgent, and many of the other recommendations were developed to facilitate or strengthen these core actions.
Click Studios has advised customers to stay vigilant and ensure the validity of any email sent to them, as a bad actor has commenced a phishing attack with a "small number of customers having received emails requesting urgent action."
Supply Chain Risk is more pertinent now that digital transformation initiatives are the norm. In a recent Ponemon study, 82% of respondents believe their organization experienced at least one data breach due to digital transformation. At the same time, 55% said with certainty that at least one of the three breaches was caused by a third party. Reporting on SCRM and gaining visibility into the cyber risk across third parties is critical to the security of both small and large organizations, especially in the digital age we live in.
Comparitech researchers set up honeypots on the web to lure in attackers and record their actions. They recorded 73,000 attacks in 24 hours. The honeypots were left unsecured so that no authentication was required to access and attack it. Using this method, Comparitech researchers sought to find out which types of attacks would occur, at what frequency, and where they come from.
While COVID-19 paused many activities in 2020, cybercriminals continued to keep busy evolving their arsenal of weapons for more lucrative cyberattacks. While companies adopted remote work models and third parties experienced heightened disruption, cyber risk skyrocketed with increased ransomware, credential stuffing, malware, and Virtual Private Network (VPN) exploitation. As a result, the number of data breaches in the U.S. reached 1001 cases last year, with over 155.8 million individuals affected. Now following the SolarWinds hack, President Biden is set to sign off on an executive action to address gaps in national cybersecurity. The move is causing many CSOs to look for ways to evolve beyond the reactive model to an “always-on” approach -- one that proactively mitigates potential threats and risks before they disrupt business.
Hiscox reveals that U.S. businesses’ cybersecurity spending is on the rise and they are leaders in cyber expertise, but still have more work to do when it comes to ransomware and phishing emails. The annual Hiscox Cyber Readiness Report, which gauges businesses’ preparedness to combat cyber incidents and breaches, surveyed over 6,000 professionals responsible for their company’s cybersecurity from the U.S., U.K., Belgium, France, Germany, the Netherlands, Spain and Ireland. Key findings specific to the more than 1,000 U.S. professionals surveyed include:
The National Cybersecurity Alliance and the Identity Defined Security Alliance (IDSA), present the first ‘Identity Management Day,’ an annual awareness event which will take place on the second Tuesday in April each year. The inaugural Identity Management Day will be held on April 13, 2021.
Recently, an SQL database containing data of 1.3 million Clubhouse users was posted on a hacker forum for anyone to access. The data included names, user IDs, social media profile names and other details about clubhouse users.
