The number of SolarWinds victims will likely grow in the upcoming months, but direct insured costs should remain close to the current estimate since many of the organizations hit – particularly federal agencies – do not carry insurance against cyber risks.
IoT networking device vendor Ubiquiti experienced a breach of a web portal it uses to manage remote devices and as a support portal. The web servers stored information pertaining to user profiles for the account.ui.com portal that Ubiquiti makes available to customers who bought one of its router or webcam products, a ZDNet report said.…
SC Media spoke to author and former CISO Neil Daswani about his upcoming new book “Big Breaches: Cybersecurity Lessons for Everyone.”
News that source code of Nissan North America tools leaked online because of a misconfigured Git server spurs questions not only about potential cyberattacks by bad actors, but also whether competitors could use the sensitive data against the automobile giant.
The agency has found evidence of authentication token abuse in networks infected with corrupted versions of Orion software and say restoring integrity will require a full network rebuild in certain cases.
The incident, as well as the response among those on Capitol Hill tasked with securing government technology assets, serves as a dramatic and evolving case study for public and private sector entities on the scope of the cybersecurity risk tied to a physical breach.
The poor record raises questions about whether the mobile carrier’s massive merger with Sprint left the combined company more vulnerable.
In the course of investigating the impacts of the SolarWinds breach, Microsoft security specialists discovered “unusual activity” within a number of internal accounts, including one that was used to view the company’s internal source code.
An exposed AWS bucket left hundreds of thousands of student-related records exposed to the internet, but officials from the non-profit say most of the data was old and obsolete.
What might go down as the most consequential story of the year for the cybersecurity community only surfaced in December. And yet, experts predict years of clean up, both physical and political, and potential shifts in how the nation secures the supply chain.
Ticketmaster tried to steal both a client and design ideas from a competitor by logging into the back-end system with a former employer’s login credentials.
Of particular concern among some cybersecurity experts is the fact that the company took several months to report to the incidents, which stemmed from unauthorized access to servers from overseas offices.
Communicating with the public, working with stakeholders and convincing insurers that root security failures have been addressed are all part of how companies come back from a bad breaches. But it still may not be enough.
The SolarWinds supply chain attack will likely prompt scores of compromised companies to send critical data breach notifications to their customers. But steps may be required to ensure these and other critical messages don’t get ignored, bounced or quarantined.
Noteworthy is the combination of the targets, which adds up to what one researcher described as attacks against the backbone of the nation’s critical infrastructure.
Smith suggested a three-point plan he believed would prevent further supply chain attacks: Increasing intelligence sharing between government and the private sector, developing stronger international norms for acceptable behavior in cyberespionage, and finding harsher ways to hold governments accountable.
SolarWinds customers – over 300,000 of them, including most of the Fortune 500 – must determine what was breached, mitigate the damage before using the software again, and explore new supply chain safeguards.
The vulnerability may have inadvertently exposed Spotify account registration information, which potentially included email addresses, preferred display names, passwords, genders and dates of birth.
The vast majority of that 85 percent are malicious insiders and the rest are caused by employee carelessness.
The European Medicines Agency reported Wednesday that it was the focus of a cyberattack involving some of the data around the first COVID-19 vaccine that’s being distributed in Europe. In a brief statement yesterday, the EMA – which assesses medicines and vaccines for the European Union – only said it was the subject of a…