The Intercontinental Exchange agreed to pay a $10 million fine to settle charges that it caused nine wholly-owned subsidiaries - including the New York Stock Exchange which it owns - to violate a rule which required them to notify the Securities and Exchange Commission of a "cyber intrusion" within 24 hours unless it was immediately determined that the act would have no or a "de minimis" impact on operations or market participants, the SEC announced Wednesday. READ MORE...
Prescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack. A&A Services, doing business as Sav-RX, is a pharmacy benefit management (PBM) company that provides prescription drug management services to employers, unions, and other organizations across the U.S. READ MORE...
Auction house Christie's has confirmed suffering a data breach after a ransomware group on Monday threatened to leak information stolen from the company. Christie's website went offline earlier this month due to what the company described at the time as a "technology security incident". The cyberattack was launched just as the auction house was attempting to sell high-value items worth an estimated $840 million. READ MORE...
Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services. Cencora, formerly AmerisourceBergen, is a pharmaceutical services provider specializing in drug distribution, specialty pharmacy, consulting, and clinical trial support. The Pennsylvania-based firm, with a presence in 50 countries, employs 46,000 people and has a revenue (2023) of $262 billion. READ MORE...
The Federal Trade Commission (FTC) has shared data on the most impersonated companies in 2023, which include Best Buy, Amazon, and PayPal in the top three. The federal agency detailed the top ten companies scammers impersonate and how much they make depending on the impersonation. By far the most impersonated corp was Best Buy and its repair business Geek Squad, with a total of 52k reports. Amazon impersonators came in second place with 34k reports, and PayPal a distant third with 10,000. READ MORE...
An aggressive, nebulous ring of young cybercriminals linked to a string of recent high-profile breaches is made up of approximately 1,000 people, a senior FBI official said Friday. In remarks Friday at the cybercrime-focused Sleuthcon conference, Bryan Vorndran, assistant director of the FBI's Cyber Division, described the group best known as Scattered Spider as a "very, very large, expansive, disbursed group of individuals," many of whom don't know each other directly. READ MORE...
A previously unknown piece of ransomware, dubbed ShrinkLocker, encrypts victim data using the BitLocker feature built into the Windows operating system. BitLocker is a full-volume encryptor that debuted in 2007 with the release of Windows Vista. Users employ it to encrypt entire hard drives to prevent people from reading or modifying data in the event they get physical access to the disk. READ MORE...
Attackers are trying to gain access to Check Point VPN devices via local accounts protected only by passwords, the company has warned on Monday. Their ultimate goal is to use that access to discover and pivot to other enterprise assets and users, and gain persistence in enterprise environments. In mid-April 2024, Cisco Talos warned about a global increase in brute-force attacks against VPN services, web application authentication interfaces and SSH services. READ MORE...