Attack

IOTW: Sysco confirms data breach impacting company, supplier and employee data

IOTW: Sysco confirms data breach impacting company, supplier and employee data

Food distribution company Sysco has confirmed that customer, business and employee data was stolen in a cyber attack it suffered earlier this year. The cyber attack is thought to have taken place on January 14, 2023 and was detected by Sysco on March 5. According to BleepingComputer, Sysco said in an internal memo sent on May 3 that data from companies and suppliers located in the US and Canada as well as data from US employees may have been accessed during the cyber attack. The employee data accessed is believed to include name, social security number, account numbers and other personal…
Read More
IOTW: Former Uber CSO charged with concealing data breach

IOTW: Former Uber CSO charged with concealing data breach

Former Uber CSO, Joe Sullivan, has been sentenced to three years’ probation for his involvement in covering up a data breach in 2016 that affected 57 million Uber users. Sullivan was convicted on October 5 of obstruction of proceedings of the Federal Trade Commission (FTC) and misprision of felony in connection with his attempts to cover up the hack. US district judge William Orrick sentenced Sullivan on May 4 to three years’ probation and 200 hours of community service, noting that Sullivan has previously worked to protect people from the crimes he was charged with covering up. Orrick also said…
Read More
The top 8 password attacks and how to defend against them

The top 8 password attacks and how to defend against them

Did you know that the very first password attack happened in 1962? At that time, MIT's CTSS (Compatible Time-Sharing System) was the first to utilize passwords for granting individual access. Allen Scherr, a Ph.D. researcher, wanted to use the CTSS beyond his allocated weekly hours. In order to extend his usage time, he decided to borrow passwords from other people. Scherr managed to obtain all the passwords stored in the CTSS system by submitting a request to print the password files using a punched card. Nowadays, password attacks have become one of the most significant concerns for both companies and…
Read More
How to transform cloud security challenges into business opportunities

How to transform cloud security challenges into business opportunities

To secure enterprise assets in the cloud, CISOs must address several challenges previously unseen in traditional IT and on-premises data centers. This whitepaper explores the key strategies to secure your enterprise cloud infrastructure from cyber threats.  Cloud migration has many benefits, including virtual storage and virtual network support. However, cloud storage and infrastructure also adds complexity to network security. Unique cloud dynamics require future-proof solutions in order to ensure they are adequately protected.  Cloud security has far-reaching implications for organizational success. A cloud security maturity model can help business leaders to benchmark and assess their organization’s security evolution. Securing cloud…
Read More
IOTW: American Bar Association accused of data breach affecting 1.4 million peop…

IOTW: American Bar Association accused of data breach affecting 1.4 million peop…

In a class action lawsuit, the American Bar Association (ABA) has been accused of “grossly fail[ing] to comply with security standards” and causing a data breach that affected approximately 1.5 million people. The data breach, which occurred in March 2023, saw a malicious actor gain access to the ABA’s systems and steal the data of approximately 1.4 million members. The data stolen included personal information such as name, phone number, address and email address. The lawsuit also alleges that financial information was stolen during the breach.   The plaintiff has accused the ABA of causing and enabling the data breach…
Read More
Google ads are being used to spread malware

Google ads are being used to spread malware

Malicious actors are using Google advertisements and SEO tactics to entice victims into clicking on links poisoned with malware. According to cyber security company Secureworks, malicious actors have been using poisoned ad installers as trojans, specifically to spread Bumblebee malware. These ad installers are associated with a number of well-known companies including Zoom, Citrix Workspace, Cisco AnyConnect and OpenAI’s ChatGPT. For example, Secureworks researchers found that a malicious actor had not only created a poisoned ad installer for Cisco AnyConnect, but a fake download page for the malware as well. They were able to do this by exploiting a compromised…
Read More
Hundreds of members of congress affected by data breach

Hundreds of members of congress affected by data breach

DC Health Link, the provider of health insurance for those in the United States (US) Government, has suffered a data breach that affects over 50,000 people.  The breach, which took place on March 6, saw an unauthorized party gain access to the data of 56,415 current and past customers of DC Health Link, including 585 staff members and 17 members of the US Congress.  In a message sent to employees on March 8, the US House of Representatives explained that the data breach has “potentially expos[ed] the Personal Identifiable Information (PII) of thousands of enrollees”.  After the breach was discovered,…
Read More
When will AI be fully integrated into cyber security?

When will AI be fully integrated into cyber security?

ChatGPT, a machine learning (ML)-powered chatbot, is rapidly growing across all sectors. The app's developer, OpenAI, reported that it gained one million users in just five days. The app has now been visited over two billion times, according to research by Similarweb. This being said, concerns have been raised about the use of the intelligent chatbot, with Italy's data privacy agency even going so far as to temporarily ban the use of the app in the country over concerns that it violates GDPR law. Due to the app's impact on the sector, Cyber Security Hub’s Advisory Board members discussed ChatGPT's…
Read More
KFC owner suffers data breach following ransomware attack

KFC owner suffers data breach following ransomware attack

Note: This article was updated on April 12, 2023, to reflect the fact that employee data, not customer data, was accessed during the cyber attack against Yum! Brands US fast-food corporation Yum! Brands, which owns franchises including KFC, Pizza Hut and Taco Bell, has suffered a data breach following a ransomware attack. The cyber attack, which took place on January 18, 2023, involved a malicious actor gaining unauthorized access to Yum! Brands’ network. The ransomware attack resulted in approximately 300 restaurants within the UK being temporarily shut down due to the IT systems affected by the attack. Once discovered, Yum!…
Read More
Italy bans ChatGPT over data privacy concerns

Italy bans ChatGPT over data privacy concerns

In a move that one Italian minister has called “disproportionate”, Italy has temporarily banned ChatGPT due to data privacy concerns. Italy has made the decision to temporarily ban ChatGPT within the country due to concerns that it violates the General Data Protection Regulation (GDPR). GDPR is a law concerning data and data privacy which imposes security and privacy obligations on those operating within the European Union (EU) and the European Economic Area (EEA). The Italian data protection agency, Garante per la Protezione dei Dati Personali (also known as Garante) said there was an “absence of any legal basis that justifies…
Read More