IT Security Newsletter - 7/28/2021
University of San Diego Health Says Personal Information Stolen in Data Breach
University of San Diego Health this week revealed that personal information was accessed in a data breach involving unauthorized access to some employee email accounts. In a substitute notification, UC San Diego Health revealed that an unknown threat actor accessed or acquired the affected data between December 2, 2020 and April 8, 2021. However, the healthcare organization was initially alerted to suspicious activity on March 12, when it launched an investigation into the claim. READ MORE...
IBM: Average Cost of Data Breach Exceeds $4.2 Million
A global study commissioned by IBM Security shows that the average cost of a data breach exceeded $4.2 million during the coronavirus pandemic, which the company pointed out is the highest in the 17-year history of its "Cost of a Data Breach" report. The report is based on information collected from 500 organizations worldwide between May 2020 and March 2021. READ MORE...
Haron and BlackMatter are the latest groups to crash the ransomware party
July has so far ushered in at least two new ransomware groups. Or maybe they're old ones undergoing a rebranding. Researchers are in the process of running down several different theories. Both groups say they are aiming for big-game targets, meaning corporations or other large businesses with the pockets to pay ransoms in the millions of dollars. READ MORE...
FBI reveals top targeted vulnerabilities of the last two years
A joint security advisory issued today by several cybersecurity agencies from the US, the UK, and Australia reveals the top 30 most targeted security vulnerabilities of the last two years. CISA, the Australian Cyber Security Centre (ACSC), the United Kingdom's National Cyber Security Centre (NCSC), and the Federal Bureau of Investigation (FBI) also shared mitigation to help private and public sector organizations counter these vulnerabilities READ MORE...
Google revamps bug bounty program
Google has revealed that its bug bounty program - which it styles a "Vulnerability Reward Program" - has paid out for 11,055 bugs found in its services since 2010. 11,055 bugs seems like a lot, but it's not out of step with other vendors. Microsoft's monthly Patch Tuesday packages regularly fix over 100 flaws, while Oracle's quarterly patch collections often contain well more than 300 pieces of corrective code. Across 11 years, the two abovementioned vendors would also produce over 11,000 bugs. READ MORE...
Zimbra Server Bugs Could Lead to Email Plundering
Zimbra webmail server has two flaws that could let an attacker paw through the inbox and outbox of all the employees in all the enterprises that use the immensely popular collaboration tool, researchers say. In a Tuesday writeup, SonarSource called it a "drastic" situation, given Zimbra's popularity and the highly sensitive nature of the scads of messages that it handles. According to Zimbra's site, its email and collaboration tools are used by over 200,000 businesses. READ MORE...
- ...in 1866, English children's writer and illustrator Beatrix Potter ("The Tale of Peter Rabbit") is born in London.
- ...in 1868, the 14th Amendment to the U.S. Constitution is adopted, granting citizenship to all persons born in the U.S., as well as due process and equal protection under the law.
- ...in 1929, First Lady and publishing editor Jacqueline Kennedy Onassis (nee Jacqueline Bouvier) is born in Southampton, NY.
- ...in 1984, the 23rd Summer Olympics officially opens in Los Angeles.