Sign up for Scout Insight's free trial today! Get immediate insights into threats, search any IP with no training required, and enjoy intuitive graphical results. Whether you need to identify compromised hosts or enrich Splunk queries, Scout Insight has you covered. Don’t wait – accelerate your threat response now. Visit team-cymru.com/cyberwire to start your free trial!
This groundbreaking report leverages skills data from the professional members of Women in CyberSecurity (WiCyS), and establishes a new benchmark for understanding the capabilities and potential of women in cybersecurity. For more information on the Cyber Talent Study and to access the full report, please visit www.n2k.com/wicys.
Financial technology company Affirm has disclosed that some of its customer data was breached during a LockBit attack against Evolve Bank, the Register reports. Affirm said in an SEC filing, "Because the Company shares the Personal Information of Affirm Card users with Evolve to facilitate the issuance and servicing of Affirm Cards, the Company believes that the Personal Information of Affirm Card users was compromised as part of Evolve’s cybersecurity incident. However, the Company’s information systems were not compromised, nor was the ability for Affirm Card holders to continue using their Affirm Card. This incident has not impacted any other part of the Company’s business or operations."
Evolve has shared additional information on the incident, stating that the attack began when an employee clicked on a malicious link. The company added, "There is no evidence that the criminals accessed any customer funds, but it appears they did access and download customer information from our databases and a file share during periods in February and May. The threat actor also encrypted some data within our environment. However, we have backups available and experienced limited data loss and impact on our operations. We refused to pay the ransom demanded by the threat actor. As a result, they leaked the data they downloaded. They also mistakenly attributed the source of the data to the Federal Reserve Bank."
Last year alone, SpyCloud researchers and data scientists recaptured and analyzed more than 43.7 billion distinct identity records. Use our free tool to see your organization’s darknet footprint, including breach exposures and malware-exfiltrated data that puts your business at risk of account takeover and ransomware. Simply enter your business email to reveal PII, credentials, breach exposures, stolen session cookies, and more. Check your exposure now to see what criminals know about your business.
The LockBit ransomware gang has claimed responsibility for an attack against the University Hospital Centre in Zagreb, Croatia's largest hospital, on the night of June 24th, the Record reports. The attack forced the hospital to revert to manual processes. LockBit claims to have stolen a wide range of patients' personal and health information, and has set a ransom deadline for July 18th.
Patelco Credit Union sustained a ransomware attack that caused it to shut down several of its customer-facing banking systems, BleepingComputer reports. The credit union stated, "On June 29, 2024, Patelco Credit Union experienced a ransomware attack. Our priority is the safe and secure restoration of our banking systems. We continue to work alongside leading third-party cybersecurity experts in support of this effort. We have also been cooperating with regulators and law enforcement."
Patelco added, "To our valued members – please know that if you incur a late payment fee because of this outage, rest assured we will reimburse you for those fees. If any of our members have concerns about late payments impacting their credit score, we will write letters on your behalf. We will also waive any Patelco overdraft, late payment, or ATM fees until we are back up and running."
Modernize your identity infrastructure and get rid of technical debt without sacrificing your complex access policies. Use Strata to integrate non-standard apps with any identity service while using any vendor, standard, or app architecture. Or use it to migrate away from outdated identity providers and consolidate IDPs. It’s seamless, simple and code-free. Share your top identity security priorities, and receive a pair of complimentary AirPods Pro.
Bishop Fox has disclosed two vulnerabilities impacting Traeger WiFi-connected grills. The vulnerabilities affect the Traeger Grill D2 Wi-Fi Controller, an embedded device that allows users to control their grills via a mobile device. The researchers explain, "Specifically, the API responsible for grill registration lacked sufficient authorization controls to prevent users from registering other users’ existing grills if an attacker obtained the grills’ 48-bit identifiers. Consequently, an attacker could leverage this finding to control another user’s grill and carry out sensitive operations such as changing the temperature during a cooking cycle."
Traeger has already pushed automatic firmware updates to patch the flaws.
Subscribe to N2K's monthly News2Knowledge Letter to stay on top of the latest training product releases and exam retirements, get certification and career development resources to support your learning journey, and keep up with the latest industry news and research on workforce development. You’ll also be the first to get our exclusive product promotions and discounts.
Today's issue includes events affecting , and Croatia the United States.
The CyberWire will be on hiatus for the rest of the week to celebrate the Fourth of July. We'll be back as usual on Monday.
Patelco shuts down banking systems following ransomware attack (BleepingComputer) Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact.
Prudential said 36,000 people were affected in a February data breach – it just revised that number to 2.5 million (ITPro) Prudential has revised its initial data breach victim count from just over 36,000 to a whopping 2.5 million
Traeger Grill D2 Wi-Fi Controller, Version 2.02.04 Advisory (Bishop Fox) Discover critical vulnerabilities in the Traeger Grill D2 Wi-Fi Controller that could impact your grill's security. Read our advisory.
CISA updates MTS Guide with enhanced tools for resilience assessment in maritime infrastructure (Industrial Cyber) CISA updates the MTS Guide with enhanced tools for resilience assessment across maritime infrastructure amidst escalating threat landscape.
US Supreme Court ruling will likely cause cyber regulation chaos (CSO Online) The ruling could weaken almost all US federal cybersecurity regulations, including SEC incident reporting, FCC data breach reporting, and CISA cyber incident reporting rules.
Feds Hit Health Entity With $950K Fine in NotPetya Attack (GovInfoSecurity) The U.S. Department of Health and Human Services has hit a Pennsylvania-based healthcare system with a $950,000 settlement for potential HIPAA violations found
Dozens of Arrests Disrupt €2.5m Vishing Gang (Infosecurity Magazine) Police have arrested 54 suspected members of a vishing group who stole the life savings of scores of victims
Stolen credentials could unmask thousands of darknet child abuse website users (The Record) By querying databases of credentials, researchers were able to identify approximately 3,300 unique users with accounts on sites for the sharing of child sex abuse material.
For a complete running list of events, please visit the Event Tracker.
SANSFIRE Washington, DC 2024 (Washington (or virtual), DC, USA, Jul 15 - 20, 2024) At SANSFIRE Washington, DC 2024, choose from 48 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!
