Security News

A US bank has said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December. In a statement to the office of Maine's Attorney General this month, Flagstar Bank said it was compromised between December and April 2021.

There is good news as the number of breaches reported in the last year among middle market companies slightly decreased with protections becoming more available and executives understanding the consequences related to potential incidents. Twenty-two percent of middle market leaders claimed that their company experienced a data breach in the last year, representing a drop from 28% in last year's survey, suggesting that even with enhanced protections in place and the decrease in attacks, companies cannot afford to let their guard down.

Water may be the greatest vulnerability in our national infrastructure, said Samantha Ravich, chair of CCTI. Much of the problem lies in just how decentralized water systems are, she explained. Water treatment plants are a ripe target because the majority of them serve smaller communities of fewer than 50,000 residents.

The municipality of Palermo in Southern Italy suffered a cyberattack on Friday, which appears to have had a massive impact on a broad range of operations and services to both citizens and visiting tourists. Palermo is home to about 1.3 million people, the fifth most populous city in Italy.

Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang. Yesterday, the hacking group began selling data allegedly stolen from Novartis on their Tor extortion marketplace for $500,000 in bitcoins.

The Cybersecurity & Infrastructure Security Agency has added 41 vulnerabilities to its catalog of known exploited flaws over the past two days, including flaws for the Android kernel and Cisco IOS XR. The added vulnerabilities come from a wide range of years, with the oldest disclosed in 2016 and the most recent being a Cisco IOS XR vulnerability fixed last Friday. CISA has given federal agencies until June 13th, 2022, to apply security updates for the Android and Cisco vulnerabilities.

Half of global CISOs feel their organization is unprepared to deal with cyberattacks. As part of Proofpoint's "2022 Voice of the CISO" report, it was revealed that 50% of 1,400 CISOs surveyed feel their company is unequipped to deal with a cyberattack, and 48% feel that their organization is at risk of suffering a material cyberattack within the next year.

Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "Blast radius" of a potential attack. So how can you reduce the blast radius once malware is inside?

Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. on Wednesday released a joint advisory warning of threats targeting managed service providers and their customers. Key among the recommendations include identifying and disabling accounts that are no longer in use, enforcing multi-factor authentication on MSP accounts that access customer environments, and ensuring transparency in ownership of security roles and responsibilities.

The Five Eyes nations comprising Australia, Canada, New Zealand, the U.K., and the U.S., along with Ukraine and the European Union, formally pinned Russia for masterminding an attack on an international satellite communication provider that had "Spillover" effects across Europe. The cyber offensive, which took place one hour before the Kremlin's military invasion of Ukraine on February 24, targeted the KA-SAT satellite network operated by telecommunications company Viasat, crippling the operations of wind farms and internet users in central Europe.