Accountability, Backups and Risk - Cyber Security Informer

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Veeam Backup and Replication vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8) impacting Veeam Backup & Replication (VBR).

Backups

Backups VPN Ransomware Authentication

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Gen AI threats and quantum computing exposures must be accounted for. Businesses must adopt tools and automation capable of invoking immediate action, even at the risk of false positives. Raising security baselines across industries is essential, with risk mitigationnot acceptancebecoming the standard.

Cyber threats

Cyber threats CISO IoT Phishing

Apple ordered to grant access to users’ encrypted data

Malwarebytes

FEBRUARY 11, 2025

Last week, an article in the Washington Post revealed the UK had secretly ordered Apple to provide blanket access to protected cloud backups around the world. However, Apple itself doesn’t have access to it at the moment, only the holder of the Apple account can access data stored in this way. Tap your name, then tap iCloud.

Encryption

Encryption Backups Government Accountability

When Security Locks You Out of Everything

Schneier on Security

JUNE 28, 2022

And even if I could convince the cloud provider to bypass that and let me in, the backup is secured with a password which is stored in—you guessed it—my Password Manager. It’s a one-in-a-million story, and one that’s hard to take into account in system design. And, thus, get access to my accounts.

Passwords

Passwords Password Management Backups Risk

“Can you try a game I made?” Fake game sites lead to information stealers

Malwarebytes

JANUARY 3, 2025

The archives are offered for download on various locations like Dropbox, Catbox, and often on the Discord content delivery network (CDN), by using compromised accounts which add extra credibility. One of the main interests for the stealers seem to be Discord credentials which can be used to expand the network of compromised accounts.

Scams

Scams Identity Theft Media Accountability

Anti-Ransomware Company Exagrid Pays $2.6 Million Ransom

Adam Levin

JUNE 4, 2021

You would think that ExaGrid, a backup appliance and anti-ransomware service might know how to avoid ransomware, but it was hit. . Practice the 3Ms: Minimize your risk of exposure: Don’t take unnecessary risks and invest in cyber defenses and education. We are in the midst of an ongoing ransomware epidemic.

Ransomware

Ransomware Backups Insurance Healthcare

Dental group lied through teeth about data breach, fined $350,000

Malwarebytes

JANUARY 6, 2025

Westend Dental agreed to settle several violations of the Health Insurance Portability and Accountability Act (HIPAA) in a penalty of $350,000. Nothing showed evidence that a HIPAA-compliant risk analysis had ever been conducted (lists of usernames and passwords in plain text on the compromised server).

Data breaches

Data breaches Ransomware Passwords Insurance

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Let’s walk through some practical steps organizations can take today, implementing zero trust and remote access strategies to help reduce ransomware risks: •Obvious, but difficult – get end users to stop clicking unknown links and visiting random websites that they know little about, an educational challenge. Best practices.

Ransomware

Ransomware Risk Internet Internet

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

This data reportedly includes everything from names and addresses to Social Security numbers and bank account details. The stolen data reportedly includes highly personal information — names, dates of birth, Social Security numbers, bank account details, and even records of residents’ interactions with city services.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

The Last Watchdog

MARCH 6, 2021

It is essential to ensure that all accounts are protected with strong passwords. To this day, a significant amount of people still use the password across multiple accounts, which makes it much simpler for a cybercriminal to compromise a password and take over accounts. Keep an eye out for phishing emails.

VPN

VPN Passwords Firewall Risk

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 8, 2023

US CISA has added Veritas Backup Exec flaws, which were exploited in ransomware attacks, to its Known Exploited Vulnerabilities catalog. Unlike other ALPHV affiliates, UNC4466 doesn’t rely on stolen credentials for initial access to victim environments.

Backups

Backups Spyware Ransomware Education

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

Tripwire’s tips for all organizations on avoiding ransomware attacks include: Making secure offsite backups. Using hard-to-crack unique passwords to protect sensitive data and accounts, as well as enabling multi-factor authentication. Encrypting sensitive data wherever possible. Encrypting sensitive data wherever possible.

Healthcare

Healthcare Backups Ransomware Insurance

Healthcare Now Third-Most Targeted Industry for Ransomware

SecureWorld News

NOVEMBER 14, 2024

Significant Financial and Operational Costs: Healthcare providers, faced with potential HIPAA fines and the risk of service interruptions, may feel pressured to pay ransom demands. This stolen data is often exposed on both the clear and dark web, heightening risks of identity theft and further perpetuating cybercrime.

Healthcare

Healthcare Ransomware Identity Theft Data breaches

12 Online Resolutions for 2021

Adam Levin

DECEMBER 16, 2020

Don’t re-use passwords: Yes, keeping track of passwords for all of your accounts can be a chore, but using the same password means that one breached account can be used to others that use the same user credentials. It’s not worth the risk. Always check your credit for new accounts or unusual activity.

VPN

VPN Antivirus Passwords Backups

World Backup Day on March 31 Seeks to Protect Data Before It's Gone

SecureWorld News

MARCH 30, 2023

However, data is as vulnerable as it is valuable, and World Backup Day on Friday, March 31st, is a welcome reminder of the need to have a well thought out data protection strategy in place. The campaign began in 2011 as World Backup Month and was changed to World Backup Day later.

Backups

Backups Insurance Cyber Attacks CISO

Google Authenticator now supports Google Account synchronization

Google Security

APRIL 24, 2023

Christiaan Brand, Group Product Manager We are excited to announce an update to Google Authenticator , across both iOS and Android, which adds the ability to safely backup your one-time codes (also known as one-time passwords or OTPs) to your Google Account. It’s also the primary entry point for risks, making it important to protect.

Authentication

Authentication Accountability Password Management Passwords

Your Phone May Soon Replace Many of Your Passwords

Krebs on Security

MAY 7, 2022

Sampath Srinivas , director of security authentication at Google and president of the FIDO Alliance, said that under the new system your phone will store a FIDO credential called a “passkey” which is used to unlock your online account. “I worry about forgotten password recovery for cloud accounts.”

Passwords

Passwords Authentication Accountability Mobile

News alert: DataPivot delivers innovative data backup, recovery services to healthcare sector

The Last Watchdog

OCTOBER 25, 2023

25, 2023— DataPivot Technologies , a prominent provider of Data Center, Cloud and Data Protection Solutions, understands that healthcare providers today are scrambling to solve complex clinical, operational and patient data backup & recovery challenges. North Andover, Mass.,

Backups

Backups Healthcare Technology Architecture

SEC X account hacked to hawk crypto-scams

Malwarebytes

JANUARY 10, 2024

We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs). The @SECGov X account was compromised, and an unauthorized post was posted. .” You’re all set.

Accountability

Accountability Scams Hacking Cryptocurrency

How to back up your Windows 10/11 PC to OneDrive

Malwarebytes

MARCH 29, 2024

They say the only backup you ever regret is the one you didn’t make. First, you’ll need to sign in with your Microsoft account Go to Start > Settings > Accounts > Your info. First, you’ll need to sign in with your Microsoft account Go to Start > Settings > Accounts > Your info.

Backups

Backups Accountability Risk Cybersecurity

Is your whole digital life protected? 4 ways to address common vulnerabilities

Webroot

FEBRUARY 21, 2025

Its a top-end, true all-in-one offering based on a new platform that combines antivirus, password manager, identity protection, VPN, backup, and parental controls. The flip side to this convenience, however, is that we risk losing control over who can access our personal information. Adjust spam filter settings to your preferences.

Identity Theft

Identity Theft Backups Antivirus Encryption

Types of Risk Assessment Methodologies: Choosing the Right Approach for Your Needs

Centraleyes

MARCH 17, 2025

Every organization faces risks that threaten its objectives, assets, and operations. A risk assessment is the foundation for identifying, analyzing, and prioritizing these risks. Understanding the basics of risk assessment is the first step in building a resilient and proactive strategy to mitigate risks and vulnerabilities.

Risk

Risk Insurance Small Business Cybersecurity

iNSYNQ Ransom Attack Began With Phishing Email

Krebs on Security

AUGUST 9, 2019

A great many iNSYNQ’s customers are accountants, and when the company took its network offline on July 16 in response to the ransomware outbreak, some of those customers took to social media to complain that iNSYNQ was stonewalling them. And that posed risks based on what we did say publicly while the ransom negotiations were going on.

Phishing

Phishing Backups Ransomware Encryption

Privileged account management challenges: comparing PIM, PUM and PAM

CyberSecurity Insiders

NOVEMBER 18, 2021

He is also looking for opportunities to collect additional access parameters (usernames and passwords), elevate privileges, or use already existing compromised accounts for unauthorized access to systems, applications, and data. This includes the ability to install software, change its settings, manage backup operations, and more.

Accountability

Accountability Passwords Authentication Social Engineering

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

The Last Watchdog

SEPTEMBER 25, 2023

Nonprofits are equally at risk, and often lack cybersecurity measures. Given the risk involved, small businesses and nonprofits must consider prioritizing cybersecurity policies and practices to stay protected, retain customers, and remain successful. The average cost of a cybersecurity breach was $4.45 Adequate IT compliance.

Small Business

Small Business Cybersecurity Technology Accountability

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

Implementing Security Measures Taking proactive steps can significantly reduce your risk of falling victim to ClickFix attacks: Use updated security software: Ensure your antivirus and anti-malware programs are up-to-date. Enable multi-factor authentication (MFA): Implementing MFA adds layer of security to your accounts.

Scams

Scams Malware Phishing Social Engineering

1 in 10 people do nothing to stay secure and private on vacation

Malwarebytes

MARCH 17, 2025

The findings reveal that the public approaches cybersecurity as a patchwork quilt, implementing some best practices while forgoing others, and engaging in a few behaviors that carry significant risk online. For instance, 63% said they check that [their] security software is up to date, while 53% said they backup [their] data.

VPN

VPN Passwords Scams Backups

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

The growing risks to your data During the third quarter of 2024, data breaches exposed more than 422 million records worldwide. Millions of customers were put at risk when their social security numbers, phone numbers, and other sensitive personal information were leaked. Document disposal Shred sensitive documents.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Relationship broken up? Here’s how to separate your online accounts

Malwarebytes

SEPTEMBER 23, 2024

With couples today regularly sharing access to one another’s email accounts, streaming services, social media platforms, online photo albums, and more, the risk of a bad breakup isn’t just heartache. The use of multifactor/two-factor authentication on every sensitive account that allows it. The internet has made it harder.

Accountability

Accountability Passwords Media Banking

How Secure Is Cloud Storage? Features, Risks, & Protection

eSecurity Planet

JANUARY 18, 2024

When assessing the overall security of cloud storage and choosing a solution tailored to your business, it helps to determine its features, potential risks, security measures, and other considerations. CSP collaboration improves the security environment where there’s a need to mitigate the emerging risks quickly and comprehensively.

Risk

Risk Backups Encryption DDOS

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

“Experience in backup, increase privileges, mikicatz, network. was also used to register an account at the online game stalker[.]so The above accounts, as well as the email address semen_7907@mail.ru , were all registered or accessed from the same Yekaterinburg Internet address mentioned previously: 31.192.175.63.

Ransomware

Ransomware Accountability Cybercrime Backups

Top 7 Cloud Storage Security Issues & Risks (+ Mitigations)

eSecurity Planet

JANUARY 30, 2024

Cloud storage risks involve potential external threats and vulnerabilities that jeopardize the security of stored data. Risks can lead to issues, but at the same time, you can prevent the risks by addressing these issues. Migration challenges result in incomplete transfers, which expose critical information to risk.

Risk

Risk DDOS Data breaches Encryption

Microsoft Patch Tuesday, August 2021 Edition

Krebs on Security

AUGUST 10, 2021

. “CVE-2021-36948 is a privilege escalation vulnerability – the cornerstone of modern intrusions as they allow attackers the level of access to do things like hide their tracks and create user accounts,” said Kevin Breen of Immersive Labs. However, we strongly believe that the security risk justifies the change.

Software

Software Internet Internet Backups

How to back up your iPhone to iCloud

Malwarebytes

MARCH 29, 2024

They say the only backup you ever regret is the one you didn’t make. iPhone backups can be used to easily move your apps and data to a new phone, to recover things you’ve lost, or to fix things that have failed. The most convenient way to backup your iPhone is to have it backup to iCloud.

Backups

Backups Mobile Media Accountability

Data leak at fintech giant Direct Trading Technologies

Security Affairs

JANUARY 31, 2024

Direct Trading Technologies, an international fintech company, jeopardized over 300K traders by leaking their sensitive data and trading activity, thereby putting them at risk of an account takeover. The leak poses a variety of risks, expanding from identity theft to takeover and cashing-out accounts of traders.

Technology

Technology Identity Theft Backups Passwords

NEW TECH: CloudKnox takes aim at securing identity privileges for humans — and non-humans

The Last Watchdog

APRIL 3, 2019

Arguably even more vital is the granting of access privileges to thousands more non-human identities – the service accounts that connect modular coding components, like the microservices, software containers and APIs that make up the stretchable fabric of cloud services. Proper accounting and attribution,” he told me. “It

Accountability

Accountability Backups Risk Software

Critical Actions Post Data Breach

SecureWorld News

DECEMBER 30, 2024

This may involve identifying compromised servers, web applications, databases, or user accounts. Disable compromised accounts or restrict their permissions immediately, update passwords for authorized users to prevent further unauthorized access. Introduce MFA for all corporate accounts.

Data breaches

Data breaches Social Engineering Passwords Accountability

Report: Brazil must do more to encrypt, back up data

Malwarebytes

JULY 8, 2022

It outlines multiple key areas of concern across 29 key areas of risk. One of the biggest problems in the cybercrime section of the report relates to backups. Specifically: The lack of backups when dealing with hacking incidents. Backups in Brazil: An uphill struggle. The most obvious one of those would be ransomware.

Encryption

Encryption Backups Ransomware Cybercrime

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

APRIL 14, 2023

Markus said he isn’t aware of any public accounts of juice jacking kiosks being found in the wild, and said he’s unsure what prompted the recent FBI alert. But Markus said juice jacking is still a risk because it is far easier and cheaper these days for would-be attackers to source and build the necessary equipment.

Mobile

Mobile Software Backups Technology

Hidden Costs of Cybersecurity: Balancing Risk, Complexity & Efficiency

SecureWorld News

OCTOBER 21, 2024

In contrast, more mature organizations quantify risk, comparing the original risk against the cost of the solution and the residual risk after deployment to decide whether to proceed with the purchase. Some focus on the solution's problem-solving capabilities, suitability, and efficacy.

Risk

Risk Cybersecurity Antivirus Authentication

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches Cryptocurrency Artificial Intelligence Cybercrime

Prevention Maintenance: Strategies To Bolster Your Organisation’s Cybersecurity

IT Security Guru

MAY 20, 2024

Here are some tips for creating an effective security policy: Assess security needs: Evaluate your current security landscape and identify potential risks. Implement Multi-Factor Authentication Multi-factor authentication (MFA) requires multiple verification methods to access an account online, significantly enhancing protection.

Cybersecurity

Cybersecurity Backups Cyber threats Mobile

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

JANUARY 6, 2020

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. Multiple personal and business banking portals; -Microsoft Office365 accounts. Shipping and postage accounts.

Passwords

Passwords Ransomware Password Management Malware

Guest Blog: Ox Security on learning from the Recent GitHub Extortion Campaigns

IT Security Guru

JUNE 13, 2024

This is an urgent notice to inform you that your data has been compromised, and we have secured a backup.” Our data shows that between 93-97% of OX Security users have activated two-factor authentication (2FA), which helps keep accounts, data, and secrets private.

Backups

Backups Authentication Data breaches Social Engineering

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Trending Sources

Apple ordered to grant access to users’ encrypted data

When Security Locks You Out of Everything

“Can you try a game I made?” Fake game sites lead to information stealers

Anti-Ransomware Company Exagrid Pays $2.6 Million Ransom

Dental group lied through teeth about data breach, fined $350,000

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

New Ransom Payment Schemes Target Executives, Telemedicine

Healthcare Now Third-Most Targeted Industry for Ransomware

12 Online Resolutions for 2021

World Backup Day on March 31 Seeks to Protect Data Before It's Gone

Google Authenticator now supports Google Account synchronization

Your Phone May Soon Replace Many of Your Passwords

News alert: DataPivot delivers innovative data backup, recovery services to healthcare sector

SEC X account hacked to hawk crypto-scams

How to back up your Windows 10/11 PC to OneDrive

Is your whole digital life protected? 4 ways to address common vulnerabilities

Types of Risk Assessment Methodologies: Choosing the Right Approach for Your Needs

iNSYNQ Ransom Attack Began With Phishing Email

Privileged account management challenges: comparing PIM, PUM and PAM

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

Deceptive Google Meet Invites Lures Users Into Malware Scams

1 in 10 people do nothing to stay secure and private on vacation

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Relationship broken up? Here’s how to separate your online accounts

How Secure Is Cloud Storage? Features, Risks, & Protection

A Closer Look at the Snatch Data Ransom Group

Top 7 Cloud Storage Security Issues & Risks (+ Mitigations)

Microsoft Patch Tuesday, August 2021 Edition

How to back up your iPhone to iCloud

Data leak at fintech giant Direct Trading Technologies

NEW TECH: CloudKnox takes aim at securing identity privileges for humans — and non-humans

Critical Actions Post Data Breach

Report: Brazil must do more to encrypt, back up data

Why is ‘Juice Jacking’ Suddenly Back in the News?

Hidden Costs of Cybersecurity: Balancing Risk, Complexity & Efficiency

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Prevention Maintenance: Strategies To Bolster Your Organisation’s Cybersecurity

The Hidden Cost of Ransomware: Wholesale Password Theft

Guest Blog: Ox Security on learning from the Recent GitHub Extortion Campaigns

Stay Connected