With cyber threats constantly on the rise, staying informed about the latest news and developments in the field is essential for maintaining digital safety. Because of this, cybersecurity remains a critical concern for organisations, governments, and individuals. In this blog post, we will explore the top cybersecurity news stories from this week, shedding light on significant events, and noteworthy security incidents.
This week’s top stories include news of a Verizon insider data breach, new research that found ransomware victim numbers are on the rise, and news of a BEC scam that stole $3m from a North Carolina housing authority.
Verizon insider data breach hits over 63,000 employees
Verizon Communications has issued a cautionary notice regarding an internal data breach that affects nearly half of its staff, resulting in the exposure of sensitive employee information. As a prominent American telecommunications and mass media corporation, Verizon delivers cable TV, telecommunications, and internet services to a vast customer base exceeding 150 million subscribers nationwide and has a workforce exceeding 117,000 employees.
Allegedly, a Verizon employee gained unauthorised access to a file containing sensitive employee information last September. Privileged access tools can reduce the risk of authorised access.
Ransomware victim numbers rose by 50% in 2023
According to an analysis conducted by researchers at Palo Alto Networks, the count of victims showcased on data leak sites by ransomware groups surged by 50% in the past year. Additionally, twenty-five new groups emerged during the same period, although some of them had a brief existence before disbanding or undergoing rebranding.
Ransomware is one of the biggest cyber threats facing modern businesses.
AnyDesk revokes signing certs, portal passwords after crooks sneak into systems
AnyDesk has admitted to an IT security "incident" wherein unauthorised individuals gained access to the production systems of the remote-desktop software company. Acknowledging the breach in a statement on its website issued late on Friday, AnyDesk, with over 170,000 customers globally, has informed users to anticipate disruptions as it works to secure its infrastructure. The company clarified that the breach is "not related to ransomware."
Patched Critical Flaw Exposed JetBrains TeamCity Servers
On Tuesday, JetBrains released a crucial security advisory for its TeamCity On-Premises software, highlighting a vulnerability that could potentially provide attackers with administrative control over the impacted servers. Identified as CVE-2024-23917, this flaw has been assigned a CVSS rating of 9.8. All versions from 2017.1 to 2023.11.2 are susceptible to this security risk.
Attack surface management is critical when it comes to discovering, prioritising and remediating vulnerabilities like this one.
Secret Service recovers nearly $3 million stolen from North Carolina housing authority in BEC scam
In the past year, a state agency in North Carolina responsible for overseeing a fund aimed at aiding homeowners facing housing-related financial challenges suffered a loss of almost $3 million in a business email compromise (BEC) scam. Court documents reveal that a special agent from the United States Secret Service seized the stolen funds in September. The North Carolina Housing Finance Agency (NCHFA) is entrusted with managing the $273 million allocated to the state through the Homeowner Assistance Fund, established under the American Rescue Plan Act of 2021 to prevent pandemic-related displacements. BEC scams are on the rise, email security is becoming increasingly more essential.
Saying well-informed about the latest advancements in the industry remains incredibly important in the fight against cybercrime. By staying up to date with relevant news, leaders can make informed decisions, proactively implement security measures, and effectively shield their organisations from cyberattacks. Maintaining a vigilant mindset, embracing best practices, and leveraging cutting-edge technologies are all crucial components in building a secure digital future. Let's embrace these principles to safeguard our digital assets and pave the way for a safer tomorrow.