The MOVEit breach was one of the biggest breaches of 2023. Cl0p threat actors exploited vulnerabilities in the file transfer software and exfiltrated massive amounts of data from entities in all sectors. Now data from Amazon and almost three dozen other MOVEit victim entities is being leaked on BreachForums by a forum user calling themself […]
Days after Delta Air Lines sued cybersecurity vendor CrowdStrike for $500 million in losses that it attributes to the vendor’s outage, CrowdStrike countersued its customer. CyberDaily reports CrowdStrike’s statement, previously reported by The Times of India, but adds CrowdStrike’s counterclaim that Delta delayed its own recovery by refusing assistance from it and its partner, Microsoft: […]
The Times of India reports that Delta Air Line sued CrowdStrike over the firm’s faulty software update in July that resulted in widespread outages for CrowdStrike customers. Delta had to cancel 7,000 flights for 1.3 million customers and suffered $500 million in losses. CrowdStrike responded to the lawsuit, which was filed in Georgia state court […]
The Record reports that the Securities and Exchange Commission has charged four cybersecurity firms for their disclosures stemming from the SolarWinds incident in 2020: The Securities and Exchange Commission (SEC) charged four companies —- Check Point, Avaya, Unisys and Mimecast — for making “materially misleading” disclosures related to cybersecurity risks and intrusions. Tuesday’s announcement is the result […]
More than a year after other victims of the MOVEit hacking incident notified people, the the Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) are notifying people whose protected health information was acquired by the Clop gang: The MOVEit data breach may be long in the rear-view mirror, but […]
Risky Biz News reports: The FTC has fined security camera firm Verkada $2.95 million for failing to implement cybersecurity measures to protect its systems. The fine is related to a March 2021 security breach when a hacker accessed customer data and video footage from over 150,000 Verkada cameras. The hacker used the cameras to access and leak footage from psychiatric hospitals, […]
After the disastrous CrowdStrike update glitch in July, Microsoft continues to explore ways to prevent another such fiasco. Aidan Marcuss, Corporate Vice President of Microsoft Windows and Devices, announces a summit to address the issues raised and possible solutions: On Sept. 10, 2024, Microsoft will host a Windows Endpoint Security Ecosystem Summit at our Redmond, Washington, headquarters. […]
If you don’t audit your vendors, will you know if they are really adhering to the security provisions of your contract with them? Maybe you’ll get lucky, and disgruntled employees will blow the whistle. The Register reports: The US is suing one of its leading research universities over a litany of alleged failures to meet […]
In April 2024, AT&T learned that its customer data had been exfiltrated from its Snowflake workspace. The breach affected 90 million or more customers’ call and text histories recorded during a six-month period in 2022. The following is a press release from Senator Chuck Grassley:
The problem with third-party breaches – a data protection dilemma
Commentary by Clyde Williamson, Security Architect at Protegrity. There has been a notable increase in third-party breaches, with headlines featuring Snowflake, Santander and Ticketmaster as recent victims. These incidents highlight that vulnerabilities are inherent in our systems, making no organisation immune to such attacks. Unsurprisingly, 98% of organisations have experienced a third-party breach within the past two years. These breaches […]