Security News > 2022

A ransomware attack on the McMenamins dining and hospitality empire in the Pacific Northwest came along with a data breach covering 12 years of employee data, the organization has confirmed. The Dec. 12 incident - which some have attributed to the Conti gang - forced McMenamins to shut down various operations, though locations can still receive customers.

The cracked passwords for almost 7.5 million DatPiff members are being sold online, and users can check if they are part of the data breach through the Have I Been Pwned notification service. It is unclear when the data breach occurred, but the DatPiff database was first sold privately and then publicly on hacking forums in July 2020.

Commentary: The privacy-oriented search engine keeps winning fans. The privacy-oriented search engine netted more than 35 billion search queries in 2021, a 46.4% jump over 2020.

The Information Commissioner's Office has confirmed that former New Zealand privacy commissioner John Edwards has started his new role as the UK's Information Commissioner. While legal experts have warned of the dangers of the UK straying too far from the EU's General Data Protection Directive - or risking the adequacy decision which currently allows data sharing between the UK and the EU to support business as usual - his message is don't stop believing.

Media giant Impresa, which owns the largest television station and newspaper in Portugal, was crippled by a ransomware attack just hours into 2022. The suspected ransomware gang behind the attack goes by the name Lapsus$.

A group of academics from the University of California, Santa Barbara, has demonstrated what it calls a "Scalable technique" to vet smart contracts and mitigate state-inconsistency bugs, discovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met based on the encoded terms of the agreement.

As we enter 2022, organizations are re-evaluating their cybersecurity strategies to lower risks and best defend against potential threats. Two things to consider in that planning - in addition to the ever-growing threats of ransomware, phishing, and zero-day vulnerabilities - are nation-state and Advanced Persistent Threat-style attacks.

In prevention, you are attempting to ID employees who are high threat before they are able to act on an insider vulnerability. Not only will the training educate all of the employees as to the threat, but your most likely opportunity for someone to identify a potential insider threat is through another employee.

All digital markets are built on trust and that trust has been reduced to an algorithm driven by proof of identity, which currently remains heavily reliant on formal documents such as a passport or driving license. Among the various methods used by those committing criminal fraud, an alarmingly common and effective tactic designed to defeat many existing automated technologies is the use of "Synthetic identities." This is where real and fictitious identity fragments are combined specifically to evade fraud detection processes.

The global healthcare cloud infrastructure market size is expected to reach $142 billion by 2028, according to ResearchAndMarkets. The growing trend of healthcare digitalization, rising expenditures, overburdened health systems, rising traffic on the network, growing data siloes, and the emergence of remote working is contributing to the demand for healthcare cloud infrastructure systems and solutions.