4.5% of breaches now extend to fourth parties
Security teams can no longer afford to treat third-party security as a compliance checkbox, according to SecurityScorecard. Traditional vendor risk assessments, conducted annually or quarterly, are too slow to detect active threats. 35.5% of all breaches in 2024 were third-party related, a 6.5% increase from 2023. This figure is likely conservative due to underreporting and misclassification. READ MORE...
Adidas warns of data breach after customer service provider hack
German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. "adidas recently became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider," the company said. "We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts." READ MORE...
Russian Laundry Bear cyberspies linked to Dutch Police hack
?A previously unknown Russian-backed cyberespionage group tracked as Laundry Bear has been linked to a September 2024 Dutch police security breach. As the Dutch national police (Politie) revealed last year, the attackers stole work-related contact information of multiple officers, including names, email addresses, phone numbers, and, in some cases, private details. READ MORE...
Cybercrime is 'orders of magnitude' larger than state-backed ops, says ex-White House advisor
Uncle Sam's cybersecurity apparatus can't only focus on China and other nation-state actors, but also has to fight the much bigger damage from plain old cybercrime, says former White House advisor Michael Daniel. And the Trump administration's steep cuts to federal government staff are making that a lot harder. Daniel currently leads the Cyber Threat Alliance, a nonprofit threat-intel-sharing organization. READ MORE...
Ransomware scum leaked Nova Scotia Power customers' info
Nova Scotia Power on Friday confirmed it had been hit by a ransomware attack that began earlier this spring and disrupted certain IT systems, and admitted the crooks leaked data belonging to about 280,000 customers online. The stolen info may have included billing details and, for those on autopay, bank account numbers. Ransomware criminals are increasingly targeting utilities and other critical infrastructure, and often focus on the systems between core IT and operations, where defenses are weaker and utilities are more likely to pay. READ MORE...
Law Firms Warned of Silent Ransom Group Attacks
The FBI is cautioning US law firms that they have become frequent targets of the Silent Ransom Group (SRG) extortion gang. Also known as Chatty Spider, Luna Moth, and UNC3753, SRG has been active since 2022, historically relying on callback phishing emails as its initial attack vector. After the victim makes contact by phone, SRG cybercriminals email a link that leads to remote access software, providing the threat actor with access to a device or system. READ MORE...
Why layoffs increase cybersecurity risks
A wave of layoffs has swept through the tech industry, leaving IT teams in a rush to revoke all access those employees may have had. dditionally, 54% of tech hiring managers say their companies are likely to conduct layoffs within the next year, and 45% say employees whose roles can be replaced by AI are most likely to be let go, according to General Assembly. READ MORE...
- ...in 1897, Bram Stoker's vampire novel "Dracula" is published.
- ...in 1927, the last Model-T rolls off the assembly line.
- ...in 1937, San Francisco's Golden Gate Bridge opens.
- ...in 1941, the British Navy sinks the German battleship Bismarck.
