Security News

Former Google and Twitter security leader, Co-Director of Stanford Online's Advanced Cybersecurity Certificate Program and best-selling author Neil Daswani is releasing his book, Big Breaches: Cybersecurity Lessons for Everyone, co-authored together with Moudy Elbayadi, CTO of Shutterfly. As a Chief Information Security Officer, entrepreneur and educator, Daswani distills his experiences, research and analyses to offer current and aspiring CISOs, CIOs, CTOs as well as security and technology professionals a roadmap for recovery, providing actionable insights.

Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a data breach after zero-day vulnerabilities in its Accellion File Transfer Appliance server were exploited to steal sensitive business documents. As proof of access to the data, the cybercriminals behind the recent hacks targeting Accellion FTA servers have shared screenshots of files belonging to the company's customers on a publicly accessible data leak website operated by the CLOP ransomware gang.

Yahil declined to say how many users have been affected for confidentiality reasons, but Singapore Airlines reported more than 580,000 impacted customers alone, meaning the compromise could ultimately impact millions of users. "Many airlines have issued public statements confirming what types of data have been affected in relation to their passengers."

Key insights 95% of IT leaders believe that client and company data is at risk on email. Data is most at risk on email, with 83% of organizations experiencing email data breaches.

Found among the leaked data are usernames, passwords, credit card numbers, bank account details, healthcare information, and other personal data. This trend of data breaches is quite disappointing when compared to the staggering $120 Billion in global IT security spending; according to Gartner, this number has grown each year rapidly.

Indian Railways has revealed it has suffered "a number of incidents... regarding breaches in various IT applications" and appears to have blamed some of them on sloppy infosec practices among staff working from home due to the COVID-19 pandemic. The organisation's document [PDF] announcing the cyber-transgressions says "a majority of these are application related," but doesn't explain what applications were affected nor the extent of the intrusions.

The attacks occurred in mid-December 2020 and involved the Clop ransomware gang and the FIN11 threat group. After we reported on the Singtel breach earlier this month, the Clop gang contacted us and stated that they stole 73 GB of data as part of their attack.

The attacks occurred in mid-December 2020 and involved the Clop ransomware gang and the FIN11 threat group. After we reported on the Singtel breach earlier this month, the Clop gang contacted us and stated that they stole 73 GB of data as part of their attack.

A ransomware attack against the widely used payment processor ATFS has sparked data breach notifications from numerous cities and agencies within California and Washington. Due to the large amount of potential data allegedly stolen by the Cuba Ransomware operation, cities utilizing AFTS as their payment processor or address verification service have begun disclosing potential data breaches.

In 2020, there were 599 healthcare breaches that collectively affected over 26 million individuals. Bitglass' report takes an in-depth look at the breaches that healthcare organizations faced, comparing them to previous years and revealing key trends and cybersecurity challenges facing the industry.