Security News

COVID-19 has put a renewed spotlight on the importance of defending against cyberattacks and data breaches as more users are accessing data from remote or non-traditional locations. The frequency and sophistication of ransomware, phishing schemes, and data breaches have the potential to destroy both brand health and financial viability.

A pair of healthcare-related data breaches at high-profile government agencies has impacted tens of thousands of people. "Because this is just one of multiple breaches effecting veteran data, the VA needs to ensure they are taking every security step necessary to not only protect financial data, but also the sensitive personal and healthcare data for the veterans it serves."

There are three additional, sometimes overlooked sources of early warning clues of ransomware and breaches I have seen yield more direct, actionable insights in my years as an incident response leader. Ransomware attacks are a great example: A company typically calls in incident response once an attacker has detonated their ransomware payload and taken infected machines hostage.

According to Snyk, SourMint actively performed ad fraud on hundreds of iOS apps and brought with it major privacy concerns to hundreds of millions of consumers. On the surface, the MintegralAdSDK posed as a legitimate advertising SDK for iOS app developers, but its malicious code appeared to commit ad attribution fraud by secretly accessing link clicking activity within thousands of iOS apps that use the SDK. SourMint also spied on user link click activity, improperly tracking requests performed by the app and reporting it back to Mintegral's servers.

Although the number of publicly reported data breaches stands at its lowest in five years, the number of records exposed is more than four times higher than any previously reported time period, a Risk Based Security report reveals. "Why is the breach count low compared to prior years? What is driving the growth in the number of records exposed? And perhaps most importantly, is this a permanent change in the data breach landscape?".

Despite the COVID-19 outbreak starting in the first half of 2020, data analyzed from the Health and Human Services Office for Civil Rights Breach Portal shows that the number of patient data records breached dramatically declined during the early stages of the pandemic. CI Security analysts assessment indicates that the number of breach reports in the first half of 2020 is down 10.4 percent compared to the second half of 2019, and the number of breached records is down nearly 83 percent, based on information that healthcare organizations are required to submit to HHS within 60 days of the discovery of any breach affecting more than 500 individual records.

Healthcare data breaches have fallen this year but could surge over the next few months as hospital records remain a top target, says CI Security. Published on Thursday, "The Healthcare Data Breach Report" specifically looks at data breaches reported by healthcare organizations from January through June 2020.

Australia's consumer watchdog launched court action against Google on Monday alleging the technology giant misled account holders about its use of their personal data. The Australian Competition and Consumer Commission's action in the Federal Court is the latest litigation Google has faced around the world over allegations of privacy breaches.

Blackpoint Cyber announces the launch of its MDR 4.0 service, which provides 24/7 security monitoring, live threat detection, active threat hunting, and true response; stopping breaches before they take hold. MDR 4.0 is built around the company's patented SNAP-Defense platform - the first contextually aware breach detection and response platform on the market - and includes over 200 new detection capabilities as well as a new malicious tradecraft detection engine with improved risk ratings.

Vickery also talks to Threatpost about fringe data breach discoveries he's encountered over the last few years, as well as how the process of data breach disclosure is shifting and the best first steps companies can take once a data breach has been discovered. So just for all of our listeners, Chris works at UpGuard, and he has a great track record of discovering major data breaches and vulnerabilities across the digital landscape.