The McLaren Health Care data breach impacted nearly 2.2 million patient records. The company confirmed the intrusion and unauthorized data access occurred in July-August 2023 and was discovered in Oct 2023. The ALPHV/BlackCat ransomware group claimed responsibility for the apparent ransomware attack.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
When planning, designing, and delivering cyber security awareness training, it is critical to consider the perspectives, needs, skill levels, and experiences of users. Gaining and maintaining its support among teams is an ongoing and collaborative effort.
Denmark Weathered Wave of Cyber Attacks on Energy Infrastructure in May, Industry Non-profit Reveals
Denmark's energy infrastructure was bombarded by cyber attacks in May of this year. Report says 16 energy infrastructure companies were targeted and 11 were compromised immediately, the other five only apparently dodging a breach because the attackers were sloppy in their technique.
The ALPHV/BlackCat ransomware group has filed an SEC complaint directed at MeridianLink, noting that the data breach took place over a week prior, and claims that new SEC rules require the victim to disclose a material impact within four business days.
Cyber Incident at DP World Australia Shut Down Port Operations, Backed Up 30,000 Shipping Containers
Large-scale cyber incident on critical infrastructure shut down port operations across Australia over the weekend, prompting a backup of some 30,000 shipping containers that were unable to unload for several days.
As applications grow more complex, attackers will increasingly seek to exploit vulnerabilities in business logic to bypass traditional security measures and gain unauthorized access. To address this threat, organizations must rethink their current security strategies for protecting applications and APIs, and the data they’re accessing.
The final report on the Okta security breach indicates that the attackers were able to access HAR files containing session tokens of 134 customers, but it appears they were very selective in which they chose to pursue follow-up attacks on. Only five instances of successful session hijacking were logged.
The state government of Maine has confirmed a MOVEit data breach that leaked extensive personally identifiable information of basically all 1.3 million residents.
Magic Circle law firm Allen & Overy has confirmed a cyber attack claimed by the Russian LockBit ransomware group, which demanded a ransom and threatened to leak stolen data.
OpenAI has attributed ChatGPT outages to a targeted distributed denial of service (DDoS) attack. A suspected Russian hacktivist group Anonymous Sudan has claimed responsibility.