U.S. Insurance giant American Family Life Assurance Company (Aflac) suffered a cyber attack that exposed extensive sensitive information, including SSNs and health information.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
A new CISA-NSA joint report follows many calls by both members of the cybersecurity industry and government agencies for a transition to memory-safe languages like Rust, Ruby, Java and C# due to their inherent minimization of memory-related classes of vulnerabilities.
Scattered Spider didn’t need zero-days, malware, or a government’s budget to bring a Fortune 500 company to its knees. They didn’t even need to break in. They just logged in.
A massive data leak stemming from a cyber attack on a third-party subcontractor has affected Swiss banks UBS and Pictet, as well as over a dozen other multinational companies, potentially including auditing firm KPMG.
The DOJ, the FBI, and the U.S. Secret Service have collaborated with private partners to execute the largest seizure of crypto assets related to pig butchering investment scams.
Apparently numerous of these companies have a website search feature that will list what is already printed within a URL linking from the ad to the page. In this case, that means that the search bar is pre-filled with fake support numbers when the target arrives at the page.
Google Threat Intelligence Group is now reporting "multiple intrusions" at US-based insurance firms by Scattered Spider, which in some cases has caused outages and business disruptions.
A new set of 16 billion login credentials is not an intentional public leak or data breach. It was accidentally exposed to the internet via improperly secured Elasticsearch and object storage instances for a short period, but long enough for security researchers to hit upon it.
Car-sharing giant Zoomcar has disclosed a data breach that impacted approximately 8.4 million people after a threat actor contacted the company claiming to have accessed its data.
Amazon’s Whole Foods distributor, United Natural Foods Inc. (UNFI), suffered a cyber attack that forced the company to shut down some IT systems, disrupting operations, including ordering and distribution.










