Breaches
-
MOVEit victims are still coming forward. This time it’s Wisconsin Medicare.
The delayed notifications underscore the difficulty organizations confront in discovering breaches and attributing compromises to a root cause or source.
By Matt Kapko • Sept. 9, 2024 -
CISA officials credit Microsoft security log expansion for improved threat visibility
CISA officials say they plan to hold Microsoft accountable to ensure the company lives up to its commitments.
By David Jones • Aug. 27, 2024 -
Trendline
Securing the cloud
A host of new technologies and a spate of incidents at top providers means businesses have even more cloud security conundrums to consider.
By Cybersecurity Dive staff -
SEC settles cyber case with Equiniti Trust as oversight questions linger
The firm, formerly known as American Stock Transfer, will pay $850,000 to settle civil fraud charges involving the theft of $6.6 million in client funds.
By David Jones • Aug. 26, 2024 -
Progress Software says SEC declines to pursue action related to MOVEit exploitation spree
The decision comes just weeks after a federal court dismissed most of the SEC’s civil fraud case against SolarWinds.
By David Jones • Aug. 8, 2024 -
Global data breach costs reach all-time high of $4.9M, IBM says
U.S. organizations led the world with the highest average data breach cost, a dubious distinction it has earned for the 14th straight year.
By Matt Kapko • July 30, 2024 -
UnitedHealth’s cyberattack response costs to surpass $2.3B this year
The healthcare giant’s new estimate is roughly $1 billion higher than previous forecasts as the cyberattack on subsidiary Change Healthcare continues to hamper its profit outlook.
By Rebecca Pifer • July 17, 2024 -
Weak credentials behind nearly half of all cloud-based attacks, research finds
Credential mismanagement was the top initial access vector for cloud environment attacks during the first half of 2024, a Google Cloud report found.
By Matt Kapko • July 17, 2024 -
AutoNation warns CDK cyberattack will dent quarterly earnings
The major North American car dealership estimates the attack will lead to a $1.50 per-share earnings impact.
By David Jones • July 15, 2024 -
TeamViewer’s IT network breached through compromised employee credentials
The remote access software provider said the impact of the attack from Midnight Blizzard was limited to its internal network and customer environments were not affected.
By David Jones • July 1, 2024 -
Microsoft alerts additional customers of state-linked threat group attacks
The company told customers the Midnight Blizzard attacks disclosed in January were more widespread than previously known.
By David Jones • June 28, 2024 -
Santander warns US employees bank account info stolen in third-party database hack
The bank in May confirmed a major breach involving customer data in multiple countries.
By David Jones • June 20, 2024 -
Clorox to restart ERP upgrade as it looks past August cyberattack
With the company out of recovery mode, teams are looking to advance on digital transformation projects.
By Lindsey Wilkinson • June 11, 2024 -
Frontier Communications says cyberattack snagged data from 751,000 people
The breach notifications come almost two months after the company initially disclosed the April attack.
By David Jones • June 7, 2024 -
Pressure mounts on Snowflake and its customers as attacks spread
More businesses are likely impacted by an attacker’s access to multiple Snowflake customer databases.
By Matt Kapko • June 6, 2024 -
Snowflake customers caught in identity-based attack spree
Cyber authorities and researchers warn many major companies could be compromised by the targeted attacks against Snowflake customer environments.
By Matt Kapko • June 3, 2024 -
Live Nation confirms jumbo breach, Ticketmaster customer data exposed
The live concert and entertainment giant disclosed the compromise days after reports began surfacing of a data breach. The company said it detected the intrusion on May 20.
By Matt Kapko • June 3, 2024 -
First American says personal data of 44K breached in December cyberattack
The company previously said the attack had a material impact on Q4 operations, but would not have a significant long-term impact on results.
By David Jones • May 29, 2024 -
SEC clarifies intent of cybersecurity breach disclosure rules after initial filings
The rules require notification of “material” breaches, but some early filers have reported incidents that appear to fall short of the regulatory threshold.
By Alexei Alexis • May 29, 2024 -
Providers urge HHS to clarify Change data breach reporting requirements
More than 50 provider groups are asking the federal government to publicly state that UnitedHealth should handle data breach reporting stemming from the cyberattack on its subsidiary.
By Emily Olsen • May 22, 2024 -
Remote-access tools the intrusion point to blame for most ransomware attacks
Self-managed VPNs from Cisco and Citrix were 11 times more likely to be linked to a ransomware attack last year, At-Bay research found.
By Matt Kapko • May 16, 2024 -
Every Dropbox Sign user, account holders or not, stung in cyberattack
An attacker intruded the electronic signature platform’s production environment and accessed a trove of user data, including OAuth tokens.
By Matt Kapko • May 2, 2024 -
Congress grills UnitedHealth CEO over Change cyberattack
Legislators slammed Andrew Witty over the company’s lack of cybersecurity practices and the impact of the breach, which may have compromised the data of a third of Americans.
By Emily Olsen • May 2, 2024 -
CVE exploitation nearly tripled in 2023, Verizon finds
Threat actors are going after critical security flaws in widely used applications, but human error is still at the root of business security woes.
By David Jones • May 1, 2024 -
Change Healthcare, compromised by stolen credentials, did not have MFA turned on
AlphV deployed ransomware nine days after it used access to a Citrix portal on Change’s network to move laterally within systems, CEO Andrew Witty said in testimony prepared for a House subcommittee hearing set for Wednesday.
By Matt Kapko • April 30, 2024 -
Deep Dive
At Microsoft, years of security debt come crashing down
Critics say negligence, misguided investments and hubris have left the enterprise giant on its back foot.
By David Jones • April 30, 2024