Steve Zurier reports: Researchers on Tuesday reported that this past August they identified an attack path that lets malicious actors with file system access to steal credentials for any Microsoft Teams user who’s logged-on. In a Sept. 13 blog post, the Vectra Protect team said because attackers do not require elevated permissions to read these…
Category: Commentaries and Analyses
The Great Resignation linked to a great data theft
Ian Barker reports: We’ve all heard of the Great Resignation, a pandemic-driven shift in people’s work preferences. But new research from Cyberhaven suggests that this has gone hand-in-hand with a huge stealing of data. Based on anonymized details from over 1.4 million workers and spanning 360,000 data exfiltration incidents and a broad sample of companies, including…
Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses
IC3.gov PIN 20220914-001 14 September 2022 TLP: WHITE Summary The FBI has received multiple reports of cyber criminals increasingly targeting healthcare payment processors to redirect victim payments. In each of these reports, unknown cyber criminals used employees’ publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files, healthcare…
OIG Warns USCIS Over Unauthorized Access to Systems and Information
Kylie Bielby reports: The Office of Inspector General (OIG) says U.S. Citizenship and Immigration Services (USCIS) did not apply the access controls needed to restrict unnecessary access to its systems, networks, and information. Access controls help to limit individuals from gaining inappropriate access to systems or data. But an OIG audit has found that USCIS…
Federal Court holds nonprofit health center is immune from data breach class action
Daniel Rockey of Bryan Cave Leighton Paisner writes: In a case of first impression, the United States District Court for the Southern District of California granted the motion of Defendant Neighborhood Healthcare seeking order compelling the United States to defend a putative class action lawsuit alleging that Neighborhood failed to ensure the confidentiality of her…
Twitter’s cybersecurity flaws pose national security risk, whistleblower tells Congress
Kelsey Reichmann reports: Cybersecurity failures at Twitter are endangering users’ data and putting national security at risk, the company’s former security chief, Peiter “Mudge” Zatko, told lawmakers at a hearing on Tuesday. Zatko appeared before the Senate Judiciary Committee to testify about allegations he made against the social media giant earlier this year. In reports…