LATEST POST
First came the cyberattack. Then Microsoft made it worse.
As if the CrowdStrike debacle with a faulty update wasn’t enough vendor drama in July, then Microsoft managed to make a cyberattack’s impact even worse. AP reports: A global Microsoft Azure outage that impacted a range of services for consumers Tuesday — from reports of stalling Outlook emails to trouble ordering on Starbucks’ mobile app — was […]
Cyberattack hits blood donation center that services over 250 hospitals in southeastern US
Some ransomware groups pledge not to encrypt any medical entity if doing so would risk life. Not all ransomware groups have taken that pledge, however, and even some that claim they will not encrypt, do. Scripps News reports a ransomware attack is affecting blood availability to hospitals throughout the southeast U.S.: A nonprofit blood donation […]
Ransomware gangs are loving this dumb but deadly make-me-admin ESXi vulnerability
An article in The Register begins with a simple question: Do you have your VMware ESXi hypervisor joined to Active Directory? If you don’t know what The Register is even talking about, pass this article to your IT department directly. The Register explains the significance of a recently patched vulnerability, and why you should patch […]
Average Cost of Data Breaches in India hits over USD 2 million; Phishing tops list of cyber threats
Because so many firms outsource to India, it is interesting to note the average cost of a data breach in India may be less than in the U.S., but still significant. Financial Express Online reports: According to a report from the Reserve Bank of India (RBI) released on Monday, the average cost of a data […]
Software Maker MCG Health Settles Data Breach Suit for $8.8M
GovInfoSecurity reports that software vendor MCG Health has agreed to pay $8.8 million to settle a consolidated proposed federal class action lawsuit involving a 2020 hacking incident. The Seattle-based firm provides patient care guidelines to providers and health care plans. In a June 2022 announcement, they claimed that on March 25, 2022, they determined that an […]
CrowdStrike Outage: Critical Lessons for Third-Party Vendor Risk Management
It wasn’t a cyberattack, but it was an incident that took down businesses globally. Last week, people all over the world turned on their work PCs only to see something they probably hadn’t seen in a while: the notorious Windows Blue Screen of Death error message. Flights had to be canceled, and at least one […]
Heads-Up: Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer
Following up on recent reports that threat actors were capitalizing on the CrowdStrike glitch by using phishing attacks to obtain credentials or spread malware, CrowdStrike reported yesterday: On July 22, 2024, CrowdStrike Intelligence identified a Word document containing macros that download an unidentified stealer now tracked as Daolpu. The document impersonates a Microsoft recovery manual.1 Initial analysis […]
Cost of a data breach up 10% to almost $5 million — IBM report
IBM’s new cost of a data breach report is out, and the numbers are not encouraging. By the numbers: $4.88 million — The global average cost of a data breach in 2024—a 10% increase over last year and the highest total ever. The highest average cost was $9.77 million for the healthcare sector. The industrial sector […]