Industry News: ESG5

The Target: MediSecure, an Australian electronic prescription provider.

The Take: The impacted data included personal information including full names, titles, dates of birth, gender, email addresses, phone numbers, and individual healthcare identifiers (IHI).

The Vector: An early forensic investigation by the company into the relevant impact of the incident indicated that 6.5TB of data stored on a database server was likely exfiltrated by a malicious third-party actor, although, encrypted servers couldn’t be examined for further details.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

2024-07-24

BNN Bloomberg: CrowdStrike Holdings Inc., the cybersecurity company at the center of massive global IT outages, said that a bug in a safety mechanism allowed flawed data to go out to customers in a botched update, causing last week’s meltdown.

Read more...

2024-07-24

Tech Funding News: Protexxa, one of the fastest-growing cybersecurity companies in Canada has closed a $10 million Series A funding round. 

Read more...

2024-07-24

Yahoo Finance: Optiv, the cyber advisory and solutions leader, has published its 2024 Threat and Risk Management Report, which examines how organizations' cybersecurity investments and governance priorities are keeping up with the evolving threat landscape.

Read more...

2024-07-23

The Guardian: The cybersecurity firm Wiz has turned down a $23bn (£18bn) takeover bid from Google’s parent, Alphabet, spurning what would have been the tech company’s biggest ever acquisition and seeking a stock market flotation instead.

Read more...

2024-07-23

CFO Dive: A recent ruling in the Securities Exchange Commission’s lawsuit against Austin, Texas-based software provider SolarWinds has dealt a significant blow to the agency’s aggressive cybersecurity enforcement posture, legal analysts said.

Read more...

2024-07-23

Yahoo Finance/Reuters: Hackers have leaked internal documents stolen from Leidos Holdings Inc, one of the largest IT services providers to the U.S. government, Bloomberg News reported, citing a person familiar with the matter.

Read more...

2024-07-23

Dark Reading: Tony Bradley, a seasoned communications professional in the cybersecurity industry, was blindsided when he was recently laid off from his role as a marketing director.

Read more...

The Target: Trello is an online project management tool owned by Atlassian. Businesses commonly use it to organize data and tasks into boards, cards, and lists.

The Take: The leaked data includes email addresses and public Trello account information, including the user's full name.

The Vector: While Atlassian, the owner of Trello, did not confirm at the time how the data was stolen, emo (the threat actor) said it was collected using an unsecured REST API that allowed developers to query for public information about a profile based on users' Trello ID, username, or email address.

As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

Read more...

2024-07-18

Tech Radar: The King has unveiled the newly-elected Labour government’s first drafted bills and legislation to the UK Parliament, including several pieces relating to technology.

Read more...