breaches
-
Blog
Coinbase was primary target of recent GitHub Actions breaches
Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. According to new reports from Palo Alto Unit 42 and Wiz, the attack was carefully planned and began when malicious code was injected into reviewdog/action-setup@v1 GitHub Action. It is unclear how the breach occurred, but…
Read More » -
Blog
36 US schools report data breaches following ransomware attack on Carruth Compliance Consulting
Ransomware gang Skira today claimed responsibility for a December 2024 data breach at Carruth Compliance Consulting. The breach led to at least three dozen school districts and colleges across the US–Carruth’s clients–reporting data breaches that compromised the personal data of more than 110,000 school employees. Carruth administers the retirement savings plans for these school districts. It started notifying victims of…
Read More » -
Blog
US charges Chinese hackers linked to critical infrastructure breaches
The US Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011. Their victim list includes US federal and state government agencies, foreign ministries of multiple governments in Asia, U.S.-based dissidents, as well as a prominent religious organization in the United States. “These malicious…
Read More » -
Blog
Why vendor breaches still haunt enterprise IT leaders
Nearly half (47%) of enterprises suffered highly disruptive outages due to vendor-related breaches last year, according to research from Resilience. This is a blind spot for businesses, the report said, with many businesses claiming familiarity but not confidence in their reliance on third parties. While 83% of those surveyed described themselves as ‘familiar’ with their third-party vendor systems, just 35%…
Read More » -
Blog
Two Illinois school districts disclose data breaches claimed by ransomware gangs
Two school districts north of Chicago this week confirmed they notified thousands of people about data breaches claimed by ransomware gangs, according to public disclosures. Community High School District 117 says it notified 18,830 people about a June 2024 data breach. Ransomware gang BlackSuit claimed responsibility. “We recently discovered unauthorized access to our network between approximately June 2 and June…
Read More » -
Blog
Amazon Redshift gets new default settings to prevent data breaches
Amazon has announced key security enhancements for Redshift, a popular data warehousing solution, to help prevent data exposures due to misconfigurations and insecure default settings. Redshift is widely used by enterprises for business intelligence and big data analytics for data warehousing, competing with Google BigQuery, Snowflake, and Azure Synapse Analytics. It’s valued for its petabyte-scale data handling efficiency and performance,…
Read More » -
Blog
Massive healthcare breaches prompt US cybersecurity rules overhaul
The U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to secure patients’ health data following a surge in massive healthcare data leaks. These stricter cybersecurity rules, proposed by the HHS’ Office for Civil Rights (OCR) and expected to be published as a final rule within 60…
Read More » -
Blog
Nearly all of the top US banks were impacted by third party breaches last year
Virtually all of the top 100 US banks were hit by third party data breaches last year, including every one of the top ten. Research from SecurityScorecard found 97% of firms reported third-party breaches across the year, although only 6% of vendors were compromised. A similar number also suffered fourth-party breaches, traced back to just 2% of vendors. Ryan Sherstobitoff,…
Read More » -
Blog
Texas medical school notifies 1.5 million people of two data breaches that compromised SSNs, medical records, and financial info
Texas Tech University Health Sciences Center over the weekend confirmed it notified almost 1.5 million people about two data breaches that occurred in September. The medical school notified 650,000 people following a breach at the main TTUHSC campus in Lubbock, Texas, and 815,000 people for another breach at the school’s El Paso branch. The following patient info was compromised: Names…
Read More » -
Blog
Warning issued after Chinese hacker group breaches telco firms in “dozens of countries”
A senior national security adviser in the Biden Administration has warned that a Chinese state-sponsored hacking group has breached telecommunications firms in “dozens of countries”. Anne Neuberger, President Biden’s deputy national security adviser, said the campaign attributed to the threat actor known as Salt Typhoon is ongoing, and has breached at least eight US telcos, according to reporting in the…
Read More »