Industry News: ESG5

The Target: Washington National Insurance and Bankers Life, both subsidiaries of the CNO Financial Group

The Take: Personal information including names, social security numbers, dates of birth, and policy numbers.

The Vector: SIM-swapping attacks involve fraudsters tricking customer support staff at a cellphone operator into giving them control of someone else's phone number. This allows the fraudster to receive the victim's phone calls and SMS messages, including two-factor authentication tokens.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

2024-02-13

Forbes: Enterprise security teams continually assess shifting security concerns and implement mitigating controls to reduce the organization's risk. However, with the pressing need to respond to threats, many organizations have implemented specific controls to mitigate single risks, creating the potential for dangerous gaps in coverage.

Read more...

2024-02-13

SecurityWeek: At least six major technology companies are planning to sign an agreement this week that would guide how they try to put a stop to the use of artificial intelligence tools to disrupt democratic elections. The upcoming event at the Munich Security Conference in Germany comes as more than 50 countries are due to hold national elections in 2024.

Read more...

2024-02-13

BNN Bloomberg: Prudential Financial Inc. said hackers it believes to be part of a cyber-crime group gained access to some of its information-technology systems and a small percentage of user accounts associated with employees and contractors.

Read more...

2024-02-13

Dark Reading: Here's what's clear about the current cybersecurity state of Ivanti's VPN appliances — they have been widely vulnerable to cyberattack, and threat actors are onto the possibilities. It's up to enterprise cyber teams to decide what comes next.

Read more...

2024-02-13

SecurityWeek: Aircraft parts dealer Willis Lease Finance Corporation (WLFC) has informed the US Securities and Exchange Commission (SEC) that it fell victim to a cyberattack. According to the SEC filing, the incident was flagged on January 31, when unauthorized activity was detected on portions of its systems.

Read more...

2024-02-12

Bleeping Computer: Bank of America is warning customers of a data breach exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was hacked last year.

Read more...

2024-02-12

CBC: The number of  "high impact" cyber incidents reported by Canada's banks nearly tripled last year, according to the industry's watchdog. The increase comes as a federal bill meant to protect Canada's critical systems — including financial systems — has been sitting idle in parliamentary limbo for months.

Read more...

The Target: Verizon is an American telecommunications and mass media company providing cable TV, telecommunications, and internet services to over 150 million subscribers across the U.S.

The Take: The data that was exposed varies per employee but could include: full name, physical address, social security number (SSN), National ID, gender, union affiliation, date of birth, compensation information.

The Vector: A data breach notification shared with the Office of the Maine Attorney General revealed that a Verizon employee gained unauthorized access to a file containing sensitive employee information on September 21, 2023.

This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

2024-02-07

Bleeping Computer: Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs.

Read more...