Cyber Security

Amid a resurgence in cyber incidents targeting companies, a notable shift has emerged: fewer firms are succumbing to ransom demands. Matt Ross, national cyber claim leader at insurance brokerage Marsh McLennan, highlighted this change during a webcast, attributing it to organizations' enhanced awareness of the significance of maintaining separate system backups, enabling faster system...

Huntress, in its latest report addressing threats faced by small- and medium-sized businesses (SMBs), highlighted a concerning trend: threat actors are increasingly exploiting legitimate tools rather than relying on conventional malware in their attacks. The report, based on incidents recorded in the third quarter of 2023, revealed that nearly 3 out of 5 attacks...

Taipei-based trading firm, Kronos Research, disclosed unauthorized access to its API keys, resulting in a staggering loss of approximately 13,007 ETH, valued at $25 million. This breach, detailed on X, prompted a temporary halt in trading activities, impacting affiliated exchange Woo X. Woo X assured the safety of client funds but paused specific asset pairs...

Tri-City Medical Center officials clarified that recent employee layoffs were driven by the hospital's efforts to align staffing with patient numbers, dismissing any connection to the recent cybersecurity breach or the hospital's collaboration with UC San Diego Health. The layoffs, occurring subsequent to the ransomware attack on November 9, were attributed to the hospital's need...

Stanley Steemer International disclosed a significant breach affecting approximately 67,000 customers in a consumer breach notification submitted to the Maine Attorney General's office. The Dublin, Ohio-based carpet cleaning company identified suspicious activity on March 6 and traced the attackers' access to their systems back to February 10. The intruders acquired specific records following their...

Yamaha Motor's subsidiary in the Philippines, Yamaha Motor Philippines, Inc. (YMPH), fell victim to a ransomware attack, leading to unauthorized access and subsequent data theft involving certain employees' personal information. The breach was detected on October 25, prompting an investigation assisted by external security experts. According to Yamaha, the breach affected a specific server managed...

The US Federal Trade Commission (FTC) recently disclosed a settlement with Global Tel*Link Corp, encompassing two subsidiaries, Telmate and TouchPay Holdings, over a significant data breach exposing sensitive information of its users, including those incarcerated. The breach led to leaked data on the dark web and instances of identity abuse and fraudulent credit card...

Mount Graham Regional Medical Center (MGRMC), a prominent healthcare provider in Safford, Arizona, disclosed a significant data breach following a ransomware attack that occurred on or around September 13, 2023. The incident prompted MGRMC to file a notice of breach with the U.S. Department of Health and Human Services Office for Civil Rights on...

Security vendor WithSecure's tracking reveals a concerning trend in the ransomware landscape, with nearly half of the 60 tracked ransomware groups initiating operations in 2023. Established entities like 8Base, Alphv/BlackCat, Clop, LockBit, and Play remain dominant, contributing to over 50% of data leaks in the first nine months of 2023. However, the emergence of...

Singapore's Personal Data Protection Commission (PDPC) has levied a S$10,000 fine on Ascentis, the developer behind Starbucks Singapore's e-commerce platform, following a data breach impacting over 300,000 members of Starbucks' rewards program. The breach, which occurred last year, compromised personal data such as names, addresses, emails, phone numbers, and birth dates of 332,774 Starbucks Singapore...

The Australian Information Commissioner initiated legal proceedings against Australian Clinical Labs Limited, marking a significant move as only the second instance of such action taken since 2014. The case is pivotal, underscoring the regulator's emphasis on swift responses to cybersecurity incidents and its commitment to privacy protection, despite the limitations of maximum penalties set...

Toyota Financial Services (TFS), a subsidiary of the automotive giant, confirmed a ransomware attack on its European & African operations. The company acknowledged unauthorized activity on certain systems across limited locations but did not confirm data theft, though the attackers claim to have accessed sensitive information. In response, TFS initiated investigations, taking affected systems offline...

Hellenic Public Properties Co (HPPC), responsible for managing Greece's state real estate assets, faced Distributed Denial-of-Service (DDoS) attacks on November 8, as reported by the media. The incident has triggered criticism from opposition MPs directed at the conservative government, citing concerns about the country's cybersecurity approach. Opposition SYRIZA MP George Karameros emphasized the need for...

In a comprehensive report compiled by Google Cloud's security experts, concerns have surfaced regarding the imminent rise in cyber threats anticipated for 2024. The report, drawing insights from Mandiant Intelligence, Chronicle Security Operations, and other prominent entities, points to the escalating use of generative AI and large language models (LLMs) by cyber criminals to...

The Philippine Center for Investigative Journalism (PCIJ) faced an active hacking attack compelling its temporary shutdown, confirmed by Executive Director Carmela Fonbuena on Wednesday. Fonbuena highlighted the move as a preventive measure to evaluate and mitigate potential damages resulting from the ongoing attack. This incident, labeled as the "most serious" attack in recent years by...