LATEST POST
$19M in Settlements Underscore Cybersecurity Risks for TPAs and Insurers
From Polsinelli PC: In two separate but related actions, third party administrators (TPAs) and their insurance business partners agreed to substantial settlements to resolve allegations that they failed to adequately safeguard sensitive data from cyberattacks. Though neither case involved a finding of fault, both spotlight a growing trend: plaintiffs and regulators are treating basic cybersecurity […]
Attorney General James Secures $14.2 Million from Car Insurance Companies Over Data Breaches
From the New York Attorney General’s Office:
PNC Bank faces class action lawsuit over data breach exposing 740,000 records
Top Class Actions reports: A new class action lawsuit alleges The PNC Financial Services Group failed to properly secure and safeguard personally identifiable information of its customers during a data breach earlier this year. Plaintiff Madonna Blunt claims PNC disclosed earlier this month that sensitive customer information was mistakenly provided to another client without authorization […]
British govt agents demand action after UK mega-cyberattacks surge 50%
The Register reports: Cyberattacks that meet upper severity thresholds set by the UK government’s cyber agents have risen 50 percent in the last year, despite almost zero change in the volume of cases handled. GCHQ’s cyber arm, the National Cyber Security Centre’s (NCSC), said in its annual review published today that its incident management team handled 429 […]
Harvard investigating breach linked to Oracle zero-day exploit
Bleeping Computer reports: Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site, saying the alleged breach was likely caused by a recently disclosed zero-day vulnerability in Oracle’s E-Business Suite servers. “Harvard is aware of reports that data associated with the University has been obtained […]
Crimson Collective claims to have hacked Nintendo
Computing.co.uk reports; Notorious hacking group Crimson Collective has claimed responsibility for a major breach of Nintendo’s internal systems. Crimson Collective says it has access to sensitive production assets, developer files, and backup data. This claim was given weight by cybersecurity intelligence firm Hackmanac which shared a screenshot on X purportedly showing folders labeled “Production Assets,” “Dev Builds,” […]
DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
KrebsOnSecurity.com reports: The world’s largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet’s attacks, which shattered […]
FBI Alert: Update Red Hat OpenShift AI Now
The FBI urges all organizations using Red Hat’s OpenShift AI platform to address a 9.9/10 security flaw. It allows an attacker with authenticated access to a low-privileged account to escalate privileges, potentially leading to stolen data, disrupted services, and complete takeover of the underlying infrastructure. If you have OpenShift deployed in your environment, urgent action is […]