Cyber Monday Kicks Off Holiday Shopping Season With E-Commerce Security Risks

Following a hiatus, the Cybersecurity Insurance and Data Analysis Working Group will relaunch in December to determine which security measures are most effective to reduce risk.

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account.

Data theft and data exfiltration are often used interchangeably, but they shouldn’t be. Understanding what each term refers to is important for anyone responsible for protecting an organization’s data. The distinction clarifies the scope and range of options for different approaches to protecting data.

Since at least February 2023, a service advertised on Telegram called USiSLookups has operated an automated bot that allows anyone to look up the SSN or background report on virtually any American. For prices ranging from $8 to $40 and payable via virtual currency, the bot will return detailed consumer background reports automatically in just a few moments.

A cloud migration backlash, of sorts, is playing out. Many companies, indeed, are shifting to cloud-hosted IT infrastructure, and beyond that, to containerization and serverless architectures. However, a “back-migration,” as Michiel De Lepper, global enablement manager, at London-based Runecast, puts it, is also ramping up. This is because certain workloads are proving to be too costly to run in the cloud — resource-intensive AI modeling being the prime example.

The U.S. Securities and Exchange Commission in late October charged SolarWinds and its CISO with fraud and internal control failures. Many organizations are reckless in making statements to the market to preserve their company's stock prices, not realizing the potential for regulatory action, said Paul Dunlop, COO at Fraud Doctor, and Steve Hindle, founder of Achilles Shield.

Ransomware resilience relies not on a single tool, but on several layered protections. Offline backups are a critical layer in a ransomware protection strategy.

As artificial intelligence (AI) technology continues to evolve, cybercriminals are beginning to explore the full potential of these advances. Previously, some of the gating factors of ransomware were around the expertise and volume of work required to launch a successful attack. Even though ransomware-as-a-service (RaaS) existed where some or all the ransomware attack could be jobbed out to a ransomware provider, that meant a would-be ransomware attacker would have to trust another criminal, the RaaS provider. For ransomware attackers that were able to do the work themselves, there was a lot of manual work required, which limited the scope, effectiveness, and volume of the attacks. With AI in the picture, many of these limitations are lifted. 

A cyberattack on a shared IT services organization is forcing five member hospitals in Ontario to cancel or reschedule patient appointments and steer nonemergency patients to other facilities.