DNA testing firm said the data breach exposed personal and financial data of 2.1 million people, and hackers removed some files from the national genetic testing organization system database.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
The SolarWinds hackers (thought to be backed by Russian intelligence) are up to their old tricks with new cloud providers, and have reportedly already breached a number of companies.
FCA issued remote work guidance in October outlining its expectations for compliance with its regulatory framework and effectively signaling the end of any reprieve for dispersed workforces.
Lloyd’s of London has issued a bulletin indicating that its cyber insurance products will no longer cover the fallout of cyber attacks exchanged between nation-states. This definition extends to operations that have "major detrimental impact on the functioning of a state."
With emails bypassing defenses, humans are left as organizations’ last line of defense against phishing attacks. But it’s unreasonable to expect each employee to be a cybersecurity expert and identify these attacks every time.
Facebook is expanding mandatory two-factor authentication for users flagged as having high-risk accounts and will eventually be locked out of the platform until they enable it.
Google's new Cybersecurity Action Team warned that cybercriminals compromised unsecured or misconfigured Google Cloud instances to perform cryptocurrency mining.
Grinch bots have been a problem in the retail space for years and even beyond the Christmas season, snapping up everything from concert tickets to new video games.
Ransomware groups have shifted from the automated, ‘spray and pray’ tactics of yesterday to highly targeted, human-operated ransomware attacks, carefully crafted to find and encrypt your data and cause maximum critical service disruption.
Security flaw exposes the firmware encryption key allowing attackers to run arbitrary code on Intel Management Engine and access TPM, BitLocker, and EPID encryption keys.










