Dive Brief: Cyberattacks and data breaches are exposing personal data at an ever-growing rate, according to an Apple-commissioned study conducted by Stuart Madnick, professor of IT at Massachusetts Institute of Technology, published Thursday. More than 2.6 billion personal records were compromised in 2021 and 2022, and the number of records breached jumped 36% in 2022 […]
Dive Brief: Progress Software disclosed two new high-severity vulnerabilities in the beleaguered MOVEit file-transfer service last week. A privilege escalation path vulnerability, CVE-2023-6218, and a cross-site scripting vulnerability, CVE-2023-6217, were disclosed and patched Nov. 29. The additional set of vulnerabilities brings the total number of CVEs in MOVEit to eight since a zero-day vulnerability, CVE-2023-34362, […]
Dive Brief: The Cybersecurity and Infrastructure Security Agency said it is making progress toward reducing security risk since the October 2022 release of its cybersecurity performance goals program, the agency said Tuesday. Since the release of the CPG program, organizations enrolled in the agency’s vulnerability scanning service have reduced their average number of known exploited […]
Dive Brief: Accounts payable software vendor Tipalti said it’s investigating a ransomware attack that prolific threat group AlphV claimed responsibility for on Saturday. “Over the past weekend, a ransomware group claimed that they allegedly gained access to confidential information belonging to Tipalti and its customers,” Tipalti said in a Monday post on X, the social […]
Dive Brief: Ahead of the Thanksgiving holiday and Black Friday weekend, retailers are bracing for a surge in cyber activity as threat groups look to disrupt critical supply chains and lure customers in search of deep discounts. Retailers are facing an increased threat from phishing as an initial intrusion vector; threat groups are using social […]
Dive Brief: Henry Schein, a medical and dental supplies company, is still recovering from a cybersecurity incident last month that took some of its systems offline. In a letter to its customers, the company disclosed on Monday that a data breach occurred, but “we do not have all the details of what data may have been […]
Dive Brief: Card network company Visa said Thursday it has launched a payments learning program in response to a need for skilled cybersecurity workers, according to a company press release. The program aims to equip workers, students and military members with training in the field through online courses and certifications to create a pipeline of diverse […]
Dive Brief: Nearly 5,000 current and former employees at Okta had their sensitive health information exposed by a cyberattack at Rightway Healthcare, a third-party vendor for the identity and access management provider, according to data breach notices filed Wednesday in California and Maine. The third-party breach did not impact Okta services, which remain secure, and […]
Dive Brief: Distributed denial of service attacks escalated during the third quarter, as a novel zero-day vulnerability led to a series of record-breaking attacks that continued into the month of October, according to a report released Thursday by Cloudflare. Exploits of the HTTP/2 Rapid Reset vulnerability led to record breaking incidents, as Cloudflare reported 89 […]