.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Bleeping Computer: Italian authorities are investigating claims made by the LockBit ransomware gang that they breached the network of the Italian Internal Revenue Service (L'Agenzia delle Entrate).
BNN Bloomberg: Cybersecurity provider Acronis raised $250 million in new funding from institutional investors earlier this year to expand its business, including through acquisitions and hiring.
Coin Telegraph: New research shows that despite falling digital asset prices, cryptojacking has reached record levels in the first half of 2022.
Bleeping Computer: System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed.
CNN: T-Mobile has agreed to pay $350 million to settle multiple class-action suits stemming from a data breach disclosed last year affecting tens of millions of people.
The Target: Morgan Hunt, a British recruitment agency.
The Take: Exposure of Personally Identifiable Information including: names, contact details, identity documents, proof address documents (bank or building statements, national insurance number, and date of birth.
The Vector: The attackers breached a third-party software developer of Morgan Hunts who were storing access credentials to their database with no authentication or access controls.
This breach is a stark reminder that authentication controls are a critical piece in an overall robust cybersecurity posture. Furthermore, all steps should be taken by a firm to ensure any third-party vendor who can access their data is employing the requisite methods. Enforcing multi-factor authentication, reasonably regular forced password resets, and password length and complexity rules are all effective strategies to mitigate these kinds of breaches to protect a firm’s customer base.
Tech Radar: As the number of different digital touchpoints grows exponentially as hybrid working(opens in new tab) cements itself, so too have the number of attack surfaces available for cybercriminals to exploit. In a world where cybercrime is evolving at a rapid pace and the threat landscape remains unpredictable and constantly shifting, one thing is clear: data increasingly underpins future security.
CNN: China’s cyberspace regulator fined Didi Global just over 8 billion yuan ($1.2 billion) for violating cybersecurity and data laws, putting an end to a yearlong investigation into the ride-hailing giant.
Portfolio Adviser: Hackers have infiltrated a London-based fund administrator and custodian’s IT system, potentially putting customers’ personal data at risk. Mainspring notified clients earlier this week it had suffered a data breach, following a targeted ransomware attack on the morning of 12 July.
IT News: Australia’s competition watchdog has partnered with the corporate regulator to trial automated takedowns of websites hosting phishing and other scams.
