Security News

Public exposure of data breaches is becoming inevitable
2023-11-01 06:00

Allianz Commercial analysis of large cyber losses shows the number of cases in which data is exfiltrated is soaring, as is the number of incidents becoming public. "Several factors are combining to make data exfiltration more attractive for threat actors. The scope and amount of personal information being collected is increasing, while privacy and data breach regulations are tightening globally. At the same time, the trends towards outsourcing and remote access leads to more interfaces for threat actors to exploit."

The hidden costs of data breaches for small businesses
2023-10-31 04:00

The cost of data breaches to all businesses is at its highest level ever with an average cost of more than $4.4 million globally, more than $5.1 million in Canada, and more than $9.4 million in the U.S. This financial impact could cripple a small business as they face potential regulatory actions and fines, legal fees, and the loss of customers. 3 in 4 small business leaders and 94% of the individual consumers surveyed said they are concerned about future data breaches.

FTC orders non-bank financial firms to report breaches in 30 days
2023-10-30 19:57

The U.S. Federal Trade Commission has amended the Safeguards Rules, mandating that all non-banking financial institutions report data breach incidents within 30 days. "The addition of this disclosure requirement to the Safeguards Rule should provide companies with additional incentive to safeguard consumers' data."

How to Prevent API Breaches: A Guide to Robust Security
2023-09-11 11:11

The rise of API use has also led to an increase in the number of API breaches. For these reasons, it's essential to implement robust security measures to protect your APIs, and the data traversing them, to prevent breaches from occurring.

Avoidable digital certificate issues fuel data breaches
2023-09-06 03:00

Among organizations that have suffered data breaches 58% were caused by issues related to digital certificates, according to a report by AppViewX and Forrester Consulting. According to the Forrester study, "Enterprise organizations have traditionally been less focused on managing machine identities compared to human ones, partly because they have different requirements and more complicated lifecycle and security challenges. These digital certificates offer authentication and protect sensitive information. Yet, few are confident in successfully layering and managing identity security across machines and navigating responsibility assignment for privacy and security."

WordPress migration add-on flaw could lead to data breaches
2023-08-30 18:37

All-in-One WP Migration, a popular data migration plugin for WordPress sites with 5 million active installations, suffers from unauthenticated access token manipulation that could allow attackers to access sensitive site information. All-in-One WP Migration is a user-friendly WordPress site migration tool for non-technical and inexperienced users, allowing seamless exports of databases, media, plugins, and themes into a single archive that is easy to restore on a new destination.

Critical Insight Reports Fewer Cybersecurity Breaches in Health Care, Yet Victim Numbers Are Up in 2023
2023-08-24 13:12

A new study by Critical Insight shows that cybersecurity attacks in the health care sector are hitting more individuals and finding vulnerabilities in third-party partners. A new study by cybersecurity firm Critical Insight noted that while the sheer number of breaches against health care facilities is actually down, there is a spike in the number of people who have been affected by attacks as well as an increase in supply chain and third-party targets.

Large-scale breaches overshadow decline in number of healthcare data incidents
2023-08-23 03:00

While H1 2023 saw an encouraging decrease in the overall number of data breaches impacting healthcare organizations, it was overshadowed by large-scale breaches resulting in a significant increase in the number of individuals affected, which reached record levels, according to Critical Insight. Notably, the report revealed a decrease in total breaches but an increase in the number of individuals affected; the focus of attacks on the supply chain and third-party associates; and, particularly noteworthy, the shift in some attackers' strategies from encryption to extortion.

Learning from past healthcare breaches to fortify future cybersecurity strategies
2023-08-10 04:00

After nearly two decades of my career leading a cybersecurity office, people, vendors, stakeholders and budgets in public health administration as well as in the private healthcare sector, I find that the industry is particularly vulnerable to cyberattacks. Healthcare organizations have experienced a spike in attacks often due to inadequate security, the high likelihood to quickly consort to attackers' payout demand, and sheer value of patient records that they possess.

"Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches
2023-08-03 09:20

A hacktivist group known as Mysterious Team Bangladesh has been linked to over 750 distributed denial-of-service (DDoS) attacks and 78 website defacements since June 2022. "The group most...