Data and software services firm Blackbaud's cybersecurity was criticised as "lax" and "shoddy" by the United States Federal Trade Commission (FTC) in a damning post-mortem of the business’s February 2020 data breach.
Read more in my article on the Hot for Security blog.
Category: Blackbaud
Interpol, in collaboration with several global law enforcement agencies, initiated Operation Synergia with the aim of apprehending criminals involved in spreading ransomware and conducting malware and phishing attacks. The operation successfully resulted in the seizure of approximately 1300 suspected IP addresses and URLs engaged in ransomware and banking malware dissemination.
Security researchers from the Israeli firm Cycode discovered that Google Bazel, an open-source software tool used for building server applications in data centers, was vulnerable to command injection attacks. This vulnerability poses a significant threat, potentially impacting millions of projects running on platforms such as Kubernetes, Angular, LinkedIn, Uber, Dropbox, Nvidia, Databricks, and Alphabet Inc’s subsidiary.
The Indian subcontinent has issued a cybersecurity warning to all Apple Inc users, alerting them to potential cyber attacks. The advisory states that hackers can exploit vulnerabilities to steal valuable information by bypassing security measures. Devices affected include Apple TVos versions prior to 17.3, Apple Watches prior to 10.3, Watch series 4 and later, iPhone 6, 7, 8, iPhone SE, iPad Air 2, iPad Mini, iPad Touch, iPhone X, iPad 5th gen, iPad Pro (9.7 and 12.9 inches), MacOS Monterey, and MacOS Ventura.
The BlackCat or ALPHV ransomware group claims responsibility for stealing intellectual information from the Defense Counterintelligence and Security Agency. The group threatens to sell the stolen data to adversaries unless their ransom demands are met. Screenshots from the 300GB of data include documents related to Department of Defense employees, social security numbers, billing invoices, FBI and Air Force contract details, and employee work location and clearance levels. This incident follows the Chinese intelligence attack on FBI Director Chris Wray, raising concerns about data security measures.
The Federal Trade Commission (FTC) has issued a new set of data security and retention policies to Blackbaud, a South Carolina-based company, urging it to enhance information security controls related to the generation and storage of user data through its management software. This policy is a response to Blackbaud’s failure to protect user information in early 2020, resulting in fraudulent access to unencrypted customer data.
The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.
The Navy Exchange Service‘s sale of Lenovo laptops at steep discounts and duty-free rates has raised concerns among U.S. lawmakers due to the manufacturer’s ties to the People’s Republic of China. There are apprehensions that these laptops could potentially contain pre-installed malware aimed at spying on users in Western countries. While currently, this is only an alert generating media attention, it has the potential to gain momentum rapidly, as any connection to China and data security tends to trend on Google within days.
Microsoft recently conducted a study that led to the conclusion that the trend of BYOD (Bring Your Own Device) should be renamed “bring your own disaster.” The study found that a significant percentage of these devices were responsible for causing issues within corporate computer networks. Microsoft’s research revealed that 80-90% of ransomware attacks in the past year originated from unmanaged devices. These findings were detailed in Microsoft’s Digital Defense Report for 2023, and it anticipates a global increase of such attacks by 200%.
According to a threat report released by SecureWorks, ransomware groups have become more efficient in deploying file-encrypting malware within just 24 hours of hacking their targets. This marks a significant reduction from the previously estimated period of 6-7 days, and it’s attributed to the increased sophistication of malware developed by cybercriminals.
BlackBaud, a South Carolina-based cloud computing company, has agreed to pay $49.6 million to approximately 13,000 customers across 49 states and the District of Columbia to settle litigation stemming from a 2020 ransomware attack. During this breach, hackers managed to access customer data, including social security numbers and bank account information. Notably, this settlement includes a $3 million payment to the Security Exchange Services (SEC) and $900,000 to Massachusetts.
In an alarming revelation, the United States Department of State has admitted to being unaware of the extent of its in-house cybersecurity risks. The federal agency attributes this lack of awareness to outdated hardware and software systems. It also raises concerns about Chinese vendors supplying equipment through cross-linked trade treaties with countries like Malaysia and Singapore. This means that Chinese products could enter the American market with different labels, linking them to companies in Singapore and Malaysia but ultimately part of China’s trade consortium.
According to a report by internet security company WatchGuard Technologies, there has been a decline in malware infections despite an increase in campaigns aimed at spreading malware. The report emphasizes that while malware distribution has decreased, the sophistication of attacks has risen to new heights.
The post Cybersecurity news headlines trending on Google appeared first on Cybersecurity Insiders.