A security breach has affected all users of the eSignature platform Dropbox Sign (formerly HelloSign), including those who received or signed a document without an account.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
The new Microsoft security initiative update promises more sweeping changes. This move is also likely tied directly to the company's security woes and issues with cyber threats in 2023 and early 2024.
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”) was signed into law on March 15, 2022 and requires covered entities to report “significant” cyber incidents within 72 hours and ransomware payments within 24 hours.
The headline items from the 2024 Verizon DBIR include a 180% jump in vulnerability exploitation from 2023's numbers, and non-malicious employee elements continuing to play a role in over two-thirds of breaches as phishing remains a major threat.
Healthcare provider Kaiser Permanente has disclosed a data breach stemming from online tracking that inadvertently shared with third-party advertisers how users interacted with and navigated through the website and mobile applications, and search terms used in the health encyclopedia patient information.
GRU-affiliated Russian hackers targeted 20 Ukrainian critical infrastructure facilities in March 2024, Ukraine’s Computer Emergency Response Team (CERT-UA) has disclosed.
South Korea's National Police Agency has revealed that state-sponsored North Korean hackers have been waging an all-out espionage campaign against the country's defense companies since at least 2022, and have lurked in the networks of some targets for over a year.
The Akira ransomware gang earned approximately $42 million in ransoms after breaching over 250 victims across three continents between March 2023, when the group emerged, and January 2024.
UnitedHealth Group has released further details about the devastating Change Healthcare attack that caused widespread damage throughout the US, taking large chunks of revenue from some care providers and in some cases keeping patients from needed medication. The group has confirmed that it made a ransom payment to restore service.
A cyber attack by a suspected cybercrime group has forced Frontier Communications, a Dallas, Texas-based optic-fiber Internet provider, to temporarily shut down its information systems to contain the incident.









