Reading view
Niconico Confirms Cyberattack: Here is How the Breach Impacts Users, Business Partners
Niconico, the Japanese video-sharing website, and its parent company KADOKAWA Inc. have provided crucial updates regarding the significant cyberattack they experienced earlier in June 2024. The Niconico cyberattack, identified as a ransomware assault, has raised substantial concerns about data security and user privacy.
Here’s a comprehensive look at the current situation after the cyberattack on Niconico, including the steps taken by the companies, the nature of the leaked information, and recommendations for users.
Source: Niconico X account[/caption]
The data breach affected various types of information held by Niconico and KADOKAWA Inc. Notably, the Niconico data breach included:
Niconico Cyberattack: Incident Overview
Niconico and KADOKAWA Inc. discovered the ransomware attack on their data center servers and immediately initiated a response plan. A specialized task force, along with external cybersecurity experts, was deployed to investigate the Niconico cyberattack and assess the extent of the data compromise. The attackers claimed to have exfiltrated sensitive information, a claim which has been substantiated by the initial findings of the investigation. [caption id="attachment_79668" align="aligncenter" width="631"]![Niconico cyberattack](https://thecyberexpress.com/wp-content/uploads/Niconico-cyberattack.webp)
- Business Partner Information: This includes contracts, quotations, and other documents related to business dealings.
- Personal Information of Creators: Creators using music monetization services (NRC) were impacted, with their personal details being leaked.
- Employee Information: Personal data of all employees, including contract employees, temporary workers, part-time staff, and even some retired employees of Dwango Inc., were compromised.
- Internal Documents: Various internal documents, potentially containing sensitive operational details, were also accessed.
Password Security and Credit Card Information
Niconico has assured its users that account passwords are stored in an encrypted format using cryptographically secure methods known as hashing. This measure significantly reduces the risk of passwords being immediately misused if they are leaked. However, Niconico advises users to change their passwords, especially if they use the same password across multiple services. Importantly, Niconico has confirmed that no credit card information was compromised during the attack. The company does not store such data within its systems, thus eliminating the risk of credit card information leakage.Immediate Actions and Recommendations
In light of the breach, Niconico and KADOKAWA Inc. have taken several critical steps:- Task Force Deployment: A specialized team was formed to handle the situation, investigate the breach, and mitigate further risks.
- External Investigation: External cybersecurity agencies have been engaged to conduct a thorough investigation, the results of which are expected by the end of July 2024.
- Law Enforcement Collaboration: The companies have reported the incident to the police and relevant authorities and are cooperating fully with ongoing investigations.
- User Notifications: Individual notices and apologies are being sent to all affected parties, including external creators, business partners, and former employees. For those who cannot be contacted individually, the public announcement serves as a notification.
Precautionary Measures for Users
Given the potential for personal information misuse, Niconico and KADOKAWA Inc. urge users to be vigilant against phishing attempts and other suspicious activities. Users are advised to:- Change Passwords: Update passwords for their Niconico accounts and any other services where the same password might be used.
- Monitor Communications: Be cautious of unsolicited emails, especially those requesting personal information or directing to unfamiliar websites.
- Report Suspicious Activity: Utilize the dedicated contact point set up by Niconico for inquiries and to report any suspicious activities or potential breaches related to this incident.
Evolve Bank Confirms Data Breach, Customer Information Exposed
Details of the Evolve Bank Data Breach
There were reports that the Russian hacker group LockBit was responsible for the ransomware attack and data breach at Evolve Bank. LockBit had claimed to possess Federal Reserve data and, when their demands were not met, released approximately 33 terabytes of data from Evolve's systems. The group had allegedly touted their cache of Federal Reserve data, which was used to pressure the bank into meeting their demands. In response to the reports surfacing about the Evolve data breach, Evolve Bank & Trust is actively informing affected individuals about the breach. The bank has started reaching out to impacted customers and financial technology partners' customers through emails sent from notifications@getevolved.com. The communication includes detailed instructions on how to enroll in complimentary credit monitoring and identity theft detection services.![Evolve Bank Data Breach](https://thecyberexpress.com/wp-content/uploads/Evolve-Bank-Data-Breach-609x1024.webp)
Steps Taken by Evolve Bank & Trust
The bank is undertaking a comprehensive response to this incident, which includes:- Engagement with Law Enforcement: Evolve has involved appropriate law enforcement authorities to aid in the investigation and response efforts.
- Customer Communication: Direct communication with affected customers and financial technology partners' customers is ongoing to ensure they are informed and can take necessary protective measures.
- Credit Monitoring Services: Impacted individuals are being offered complimentary credit monitoring and identity theft detection services.
- Continuous Monitoring: Evolve is closely monitoring the situation and will provide updates as necessary to keep customers informed.
Recommendations for Affected Customers
Evolve Bank & Trust advises all retail banking customers and financial technology partners' customers to remain vigilant by:- Monitoring Account Activity: Regularly check bank accounts and report any suspicious activity immediately.
- Credit Report Checks: Set up free fraud alerts with nationwide credit bureaus—Equifax, Experian, and TransUnion. Customers can also request and review their free credit report through Freecreditreport.com.
- Reporting Suspicious Activity: Contact the bank immediately if any fraudulent or suspicious activity is detected. Additionally, individuals can file a report with the Federal Trade Commission (FTC) or law enforcement authorities if they suspect identity theft or fraud.
Don’t Fall for Fake Recovery: FBI Warns of Cryptocurrency Scam
Cryptocurrency Scam: Emerging Criminal Tactic
The FBI's announcement aims to inform the public about a new criminal tactic designed to exploit cryptocurrency scam victims further. Using social media and other messaging platforms, fraudsters posing as lawyers from fictitious law firms are contacting scam victims and offering their services. These "lawyers" claim they have the authority to investigate fund recovery cases and often assert that they are working with, or have received information from, the FBI, Consumer Financial Protection Bureau (CFPB), or other government agencies to validate their legitimacy. In some instances, victims have reached out to these scammers through fake websites that appear legitimate, hoping to recover their lost funds. The scammers use various methods to further the recovery scam, including:- Verification Requests: They ask victims to verify their identities by providing personal identifying information or banking details.
- Judgment Amount Requests: They request that victims provide a judgment amount they are seeking from the initial fraudster.
- Upfront Fees: They demand a portion of the fees upfront, with the balance due upon recovery of the funds.
- Additional Payments: They direct victims to make payments for back taxes and other fees purportedly necessary to recover their funds.
- Credibility Building: They reference actual financial institutions and money exchanges to build credibility and further their schemes.
Tips to Protect Yourself
The FBI offers several tips to help individuals protect themselves from falling victim to these scams:- Be Wary of Advertisements: Be cautious of advertisements for cryptocurrency recovery services. Research the advertised company thoroughly and be suspicious if the company uses vague language, has a minimal online presence, and makes unrealistic promises about its ability to recover funds.
- Do Not Release Information: If an unknown individual contacts you claiming to be able to recover stolen cryptocurrency, do not release any financial or personal identifying information, and do not send money.
- No Fees from Law Enforcement: Remember that law enforcement does not charge victims a fee for investigating crimes. If someone claims an affiliation with the FBI, contact your local FBI field office to confirm their legitimacy.
Victim Reporting
The FBI urges victims to file a report with the Internet Crime Complaint Center. When filing a report, try to include the following information:- Contact Information: Details about how the individual initially contacted you and how they identified themselves, including name, phone number, address, email address, and username.
- Financial Transaction Information: Details such as the date, type of payment, amount, account numbers involved (including cryptocurrency addresses), name and address of the receiving financial institution, and receiving cryptocurrency addresses.
From Childhood Challenges to Cybersecurity Excellence: Yana Li’s Inspiring Journey
Early Challenges and Discovering Passion
Yana's childhood was marked by financial hardship and the absence of familial support. Emerging from a modest upbringing in Russia, she navigated childhood challenges with an independent spirit and unwavering resolve. Opportunities are to be seized," Yana reflects, recalling how she secured a full scholarship for Computer Science and Engineering studies in the United States, setting the stage for her remarkable journey through the realms of IT and cybersecurity. Her career trajectory initially flourished in technical support and project management, roles that equipped her with a profound understanding of IT infrastructures. However, it was a pivotal security project that ignited Yana's passion for cybersecurity. "It's not merely a project," she realized; "it opens doors to a whole new world." This revelation spurred her to further her education, including a transformative semester at Harvard focused on cybersecurity, where she engaged with industry leaders and broadened her expertise significantly.Yana Li Breaking Barriers in a Male-Dominated Field
Entering the IT field in 2013, particularly in Russia, Yana confronted a stark reality of gender disparity. The industry was predominantly male, and discouragement was a constant companion. "They tried to tell you that you don't have it," Yana recalls, referring to the discouragement she faced early in her career. Despite these obstacles, Yana persevered, buoyed by a growing network of supportive communities and initiatives aimed at empowering women in cybersecurity. "There's so much support now," she emphasizes, citing numerous organizations and communities dedicated to mentoring and guiding aspiring female professionals.Championing Diversity and Mentorship
Reflecting on her journey, Yana is keenly aware of the importance of mentorship and advocacy. As an ambassador for Google's Women Techmakers initiative, she actively champions diversity and inclusivity in tech fields. "I want to be the person I needed when I was younger," she affirms, emphasizing the need for aspiring professionals to believe in their capabilities and seek out mentors who can offer guidance and support. Her message resonates deeply: "If your dreams don't scare you, they're not big enough." Yana emphasizes the importance of seeking mentorship, leveraging community resources, and believing in the limitless potential within oneself. In addressing the persistent gender gap in cybersecurity, Yana stresses the abundance of resources available today. From women-focused cybersecurity councils to mentorship programs offered by tech giants like Amazon, Google, and Microsoft, opportunities for growth and support abound. "Don't be shy," she encourages, urging women to leverage these resources and reach out for assistance when needed. "We've all been there," she reassures, highlighting the collective experience and solidarity within the community. "Just ask for help and believe that anything is possible."Advice for Aspiring Women in Cybersecurity
Looking ahead, Yana remains optimistic about the future of cybersecurity and the role women will play in shaping its landscape. With increasing awareness and concerted efforts to foster diversity, she believes the field is ripe for innovation and transformation. "Anything in this world is possible," she asserts, a testament to her own journey and the limitless potential she sees in aspiring cybersecurity professionals. In conclusion, Yana Li's story is not just one of personal triumph but a testament to the transformative power of passion and perseverance in cybersecurity. As women continue to carve out their place in this critical field, Yana stands as a role model, advocating for inclusivity, empowerment, and excellence. Her journey reminds us that with dedication and support, barriers can be overcome, and dreams can be realized. For those embarking on similar paths, Yana's story offers guidance, encouragement, and a steadfast belief in the limitless possibilities within cybersecurity.Millions of Americans Affected: Change Healthcare Reveals Data Stolen in Cyberattack
Stolen Data Information in CHC Cyberattack
The Change Healthcare data breach notification provided a comprehensive overview of the types of information that may have been affected. Although CHC cannot confirm exactly what data was compromised for each individual, the exposed information may include:- Contact Information: Names, addresses, dates of birth, phone numbers, and email addresses.
- Health Insurance Information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers.
- Health Information: Medical record numbers, providers, diagnoses, medicines, test results, images, and details of care and treatment.
- Billing, Claims, and Payment Information: Claim numbers, account numbers, billing codes, payment card details, financial and banking information, payments made, and balances due.
- Other Personal Information: Social Security numbers, driver’s license or state ID numbers, and passport numbers.
Cyberattack on Change Healthcare: What Exactly Happen?
The Change Healthcare cyberattack occurred when a cybercriminal gained unauthorized access to the CHC computer system on February 21, 2024. Upon discovering the ransomware deployment, CHC immediately took steps to halt the activity, disconnected and shut down systems to prevent further impact and initiated an investigation. Law enforcement was contacted, and CHC's security team, along with several top cybersecurity experts, worked tirelessly to address the breach and understand its scope. The investigation revealed that a significant amount of data was exfiltrated from CHC’s environment between February 17, 2024, and February 20, 2024. By March 7, 2024, CHC confirmed the data exfiltration and began analyzing the compromised files. On April 22, 2024, CHC publicly confirmed that the impacted data could affect a substantial proportion of the American population. As of June 20, 2024, CHC began notifying customers whose data was identified as compromised. When CHC learned about the activity, CHC immediately began an investigation with support from leading cybersecurity experts and law enforcement. In response to this incident, CHC immediately took action to shut down systems and sever connectivity to prevent further impact," informed Change Healthcare official release "CHC has also reinforced its policies and practices and implemented additional safeguards in an effort to prevent similar incidents from occurring in the future. CHC, along with leading external industry experts, continues to monitor the internet and dark web.What Steps Affected Individuals Can Take
While the investigation continues, individuals who suspect their information may have been compromised can take several steps to protect themselves:- Enroll in Credit Monitoring and Identity Protection: CHC is offering two years of complimentary credit monitoring and identity protection services.
- Monitor Statements and Reports: Regularly check explanations of benefits from health plans, statements from healthcare providers, bank and credit card statements, credit reports, and tax returns for any unfamiliar activity.
- Report Unfamiliar Health Services: If any unauthorized healthcare services are found on an explanation of the benefits statement, contact the health plan or doctor.
- Alert Financial Institutions: Immediately contact financial institutions or credit card companies if suspicious activity is detected on bank or credit card statements or tax returns.
- File a Police Report: Contact local law enforcement if you believe you are a victim of a crime.
Allcargo’s ECU Worldwide Appoints Rajneesh Garg as the Chief Information Officer
Rajneesh Garg Extensive Background
Garg brings over 20 years of leadership experience across various sectors, including banking, insurance, travel, hospitality, manufacturing, energy resources, and retail. Before joining ECU Worldwide, he was Vice President of Information Technology at Capgemini, overseeing regional delivery and growth for consumer products and retail accounts in the Nordic region. Garg holds a postgraduate degree in computer science from Moscow State University in Russia and has also worked in senior leadership roles at Tata Consultancy Services for over two decades. "With his extensive and diversified leadership experience in various sectors, Rajneesh will be instrumental in driving our technology transformation forward. His strategic vision aligns with our efforts to fortify ECU Worldwide's IT division as we pursue our ambitious growth and expansion strategies. We are confident that under Garg's leadership, our IT division will continue to break new ground in offering superior customer experience. We look forward to working with him as we embark on the next phase of growth,’’ said Kapil Mahajan, Global Chief Information Officer, Allcargo Group.Way Forward
Founded in 1987, ECU Worldwide is a wholly-owned global subsidiary of Allcargo Logistics. The company is a major player in multi-modal transport and a leader in LCL consolidation. ECU Worldwide operates with a digital-first approach and is supported by leaders with expertise in logistics, data science, and technology. The appointment of Garg as CIO is a significant step for ECU Worldwide. His extensive experience and strategic approach are expected to drive the company’s technology initiatives and support its growth in the global LCL market. Garg's collaboration with the Allcargo Group leadership aims to bring technological advancements and improvements to ECU Worldwide's services and operations.Biden Bans Kaspersky for Good: How It Started and What It Means for Cybersecurity Companies in US
US vs Kaspersky: A Timeline of Cybersecurity Actions
![US banning Kaspersky](https://thecyberexpress.com/wp-content/uploads/Timeline-of-Key-Actions-Against-Kaspersky-2-1-854x1024.jpg)
2017
September- The Trump Administration’s heightened scrutiny of Kaspersky began. The Department of Homeland Security (DHS) issued a Binding Operational Directive (BOD 17-01) that mandated removing and discontinuing Kaspersky products from all federal information systems. This directive followed mounting evidence suggesting that the Russian government could use Kaspersky’s products to infiltrate U.S. networks. December- The National Defense Authorization Act (NDAA) for Fiscal Year 2018 cemented these concerns into law by prohibiting the use of Kaspersky software across all federal agencies. This legislative action reflected a bipartisan consensus on the potential risks posed by the Russian firm.2022
March- The Federal Communications Commission (FCC) added Kaspersky to its “List of Communications Equipment and Services that Pose a Threat to National Security.” This action was part of a broader effort to secure the nation’s communications networks from foreign influence and control.2024
June - Today’s Final Determination by the BIS represents the culmination of a thorough investigation by the Office of Information and Communications Technology and Services (OICTS). This office, established to assess whether certain information and communications technology (ICT) transactions pose unacceptable national security risks, has found Kaspersky’s operations in the U.S. untenable.US Banning Kaspersky: The Context and Implications of BIS’s Final Determination
The BIS’s decision comes after a comprehensive investigation revealed that Kaspersky’s operations in the United States posed an undue or unacceptable national security risk. The key concerns highlighted include:- Jurisdiction and Control by the Russian Government: Kaspersky is subject to Russian laws requiring cooperation with intelligence agencies. This legal framework gives the Russian government potential access to data managed by Kaspersky’s software. Therefore, Kaspersky is subject to Russian laws, requiring it to comply with requests for information that could compromise U.S. national security.
- Access to Sensitive Information: Kaspersky’s software has extensive administrative privileges over customer systems, creating opportunities for data exploitation.
- Potential for Malicious Activities: Kaspersky could theoretically introduce malware or withhold crucial security updates, compromising U.S. cybersecurity.
- Third-Party Integrations: Integrating Kaspersky products into third-party services further complicates the risk, as the source code might be obscured, increasing vulnerability in critical U.S. systems.
Transition Period and Recommendations
While users won’t face legal penalties for continued use of Kaspersky products during this period, they assume all associated cybersecurity risks. This grace period is crucial for minimizing disruptions and ensuring a smooth transition to secure alternatives. The Department of Commerce, along with DHS and DOJ, is actively working to inform and assist users in transitioning to alternative cybersecurity solutions. “The actions taken today are vital to our national security and will better protect the personal information and privacy of many Americans. We will continue to work with the Department of Commerce, state and local officials, and critical infrastructure operators to protect our nation’s most vital systems and assets,” said Secretary of Homeland Security Alejandro N. Mayorkas. runZero, meanwhile, released tools to detect Kaspersky products on in most Windows installations, which also work with the company's free community edition.Historical Background: From Trump to Biden
The determination against Kaspersky is part of a broader U.S. strategy to safeguard its information and communications technology infrastructure. The roots of this policy can be traced back to Executive Order 13873, “Securing the Information and Communications Technology and Services Supply Chain,” which empowers the Commerce Department to evaluate and act against risks posed by foreign ICTS transactions. The scrutiny of Kaspersky began during the Trump administration, amid growing concerns about Russia's cyber capabilities and potential espionage activities. The Trump-era directives and legislative actions laid the groundwork for stricter controls, reflecting a bipartisan consensus on the threat posed by foreign cyber interference. Under the Biden administration, the approach has evolved into a more comprehensive and coordinated effort. The establishment of the OICTS within BIS and the issuance of the Final Determination represents a significant escalation in the U.S. government's efforts to protect its digital infrastructure. The Biden administration's emphasis on a “whole-of-government” strategy underscores the critical importance of cybersecurity in national defense. The U.S. government has taken a coordinated approach to implementing this determination. Commerce Secretary Gina Raimondo emphasized the commitment to national security and innovation, stating that this action is a clear message to adversaries. “Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive U.S. information, and we will continue to use every tool at our disposal to safeguard U.S. national security and the American people. Today’s action, our first use of the Commerce Department’s ICTS authorities, demonstrates Commerce’s role in support of our national defense and shows our adversaries we will not hesitate to act when they use their technology poses a risk to the United States and its citizens,” said Raimondo.The Future of U.S. Cybersecurity Policy
The inclusion of Kaspersky and related entities on the Entity List highlights the U.S. government’s proactive stance. This list, maintained under the Export Control Reform Act of 2018, identifies entities engaged in activities contrary to U.S. national security interests. Additions to this list involve rigorous interagency review, ensuring that actions are based on concrete, specific evidence of risk. “With today’s action, the American cyber ecosystem is safer and more secure than it was yesterday,” said Under Secretary for Industry and Security Alan Estevez. “We will not hesitate to protect U.S. individuals and businesses from Russia or other malign actors who seek to weaponize technology that is supposed to protect its users.” As the September deadline approaches, businesses and individuals alike must stay informed and take necessary steps to secure their digital environments. The U.S. government's decisive action against Kaspersky highlights the critical importance of vigilance and proactive measures in the ever-evolving landscape of cybersecurity.Chris Pashley Joins ARPA-H as Chief Information Security Officer
![Chris Pashley](https://thecyberexpress.com/wp-content/uploads/Chris-Pashley.webp)
Chris Pashley's Background and Experience
Before joining ARPA-H, Pashley played a key role at CISA, where he supported efforts to strengthen the agency’s internal cybersecurity program. He worked closely with CISA’s CISO and Chief Information Officer to enhance the agency’s cybersecurity posture, ensuring that its systems and data were well-protected against the ever-evolving landscape of cyber threats. Prior to his tenure at CISA, Pashley led the Cyber Threat Intelligence (CTI) team within the Security Operations Division at U.S. Customs and Border Protection (CBP). In this capacity, he focused on establishing the foundational elements of the CTI team, including its vision, mission, structure, and performance management. He also improved the team’s integration with and support to CBP’s Security Operations Center (SOC), providing senior leadership with critical updates on cyber threat activity. Pashley’s move to the government sector in 2017 was preceded by a nearly seven-year stint at Booz Allen Hamilton, where he served as an associate. His work there laid the groundwork for his subsequent roles in government cybersecurity, equipping him with the skills and experience needed to navigate the complex and high-stakes environment of federal cybersecurity operations. Pashley’s expertise will be instrumental in developing and implementing comprehensive cybersecurity measures across ARPA-H. His approach will likely involve a combination of proactive threat intelligence, rigorous security protocols, and continuous monitoring to protect the agency’s digital assets. .With his extensive background in cybersecurity and proven leadership, Pashley is well-equipped to guide ARPA-H in protecting its vital research and operations. As the agency continues to push the boundaries of health innovation, robust strong cybersecurity measures will be crucial in ensuring the success and integrity of its groundbreaking work.Europe Union Tightens Cybersecurity Grip with NIS and DORA Regulations
The European Union has introduced two critical regulatory frameworks: the Network and Information Security (NIS) Directive and the Digital Operational Resilience Act (DORA). These measures aim to ensure that businesses of all sizes implement strong cybersecurity practices to protect sensitive information.
However, industry experts suggest that the regulations’ full potential might only be realized with the involvement of third-party cybersecurity specialists.
The Growing Cyber Threat Landscape
As businesses increasingly depend on digital infrastructure to connect with clients, customize products, and enhance customer experiences, they simultaneously face heightened risks of cyberattacks. Cybercrime is projected to cost the global economy $9.5 trillion in 2024, escalating by 15% annually to reach $10.5 trillion by 2025, according to Cybersecurity Ventures. Even the most advanced cybersecurity systems can be compromised, as evidenced by a recent data breach of the United Kingdom’s Ministry of Defence payroll system, exposing the names and banking details of both current and former armed forces members.European Union's Response: NIS and DORA
Recognizing the urgent need for stronger cybersecurity measures, the Europe Union has implemented the NIS Directive and DORA. These regulations aim to standardize and enhance cybersecurity practices across member states. NIS Directive: The NIS Directive focuses on establishing high-level, common cybersecurity best practices. It strengthens system security requirements, addresses supply chain vulnerabilities, streamlines reporting, and introduces stringent supervisory measures with potential sanctions for non-compliance. The directive was initiated in the fall of 2021 and formalized in May 2022, and businesses were given until October 2024 to comply with the new standards. DORA: DORA targets the financial sector, mandating periodic digital operational resilience testing and the implementation of management systems to monitor and report significant ICT-based incidents to relevant authorities. This regulation aims to ensure that financial entities like banks, insurance companies, and investment firms can maintain operational resilience during severe disruptions. The development of DORA involved three European Supervisory Authorities: the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA). They established mandatory incident reporting requirements and encouraged cooperation and information sharing among financial entities and regulators to respond effectively to cybersecurity threats.The Importance of Third-Party Assessments
Darren Humphries, Group CISO & CTO-Partner at Acora, emphasizes the need for continuous measurement of cybersecurity practices. “Risk management is moving away from art to science,” Humphries explains, highlighting the importance of metrics and documentation in meeting regulatory guidelines. He criticizes the effectiveness of self-attestation, noting that the Ministry of Defence breach partly occurred due to reliance on self-service attestation from suppliers. Instead, Humphries advocates for third-party cybersecurity specialists to evaluate and verify processes, minimizing the risk of oversight. The evolving threat landscape demands that corporations, especially those in the financial sector, become proactive in addressing potential security vulnerabilities. The new EU regulations push businesses in this direction, but they also need to leverage third-party expertise to thoroughly examine and fortify their cybersecurity frameworks. By doing so, they can better protect network transactions and comply with regulatory requirements, reducing the likelihood of cyber incidents.Conclusion
The new EU regulations, NIS and DORA, represent a significant step forward in enhancing cybersecurity practices across Europe. However, to maximize their impact and truly safeguard against evolving cyber threats, businesses must incorporate third-party assessments and expertise. By doing so, they can ensure robust protection of sensitive information and compliance with regulatory standards, ultimately reducing their cybersecurity risks in an increasingly digital world.CDK Global Hit by Cyberattack, Backups Potentially Compromised
Dealerships' Response to the CDK Global Cyberattack
The sudden outage has caused widespread disruption among car dealerships. Many have been forced to find creative solutions to continue their operations. Dealership employees took to Reddit to discuss the challenges they were facing. They reported relying on spreadsheets and sticky notes to handle small parts sales and repairs, while larger transactions were effectively halted. One employee questioned others on Reddit, asking, "How many of you are standing around because your whole shop runs on CDK?" Responses from users in Wisconsin and Colorado confirmed that their dealership systems were offline, causing significant operational delays. The CDK Global Cyberattack has left many employees with little to do, with some dealerships sending staff home due to the inability to conduct normal business operations. "We are almost to that point… no parts, no ROs, no times… just dead vehicles with nothing to show for them or parts to fix them," lamented one dealership employee on Reddit. Another employee shared, "Excel spreadsheets and post-it notes for any parts we're handing out. Any big jobs are not happening," highlighting the extent to which the disruption has impacted their workflow.Potential Ransomware Attack
While CDK Global has not released an official statement on the nature of the cyberattack, rumors and reports suggest that the company may have suffered a ransomware attack that also impacted its backups. If it indeed was a ransomware attack, the outages could persist for several days, potentially stretching into the next week or longer. The Cyber Express Team tried to reach out to CDK Global to get an official statement and know more details about the cyberattack, however, as of writing this news report no response has been received.Maxicare Confirms Data Breach in Third-Party Booking Platform, Ensures Core Systems Unaffected
Maxicare, one of the leading health maintenance organizations, has reported a security incident involving unauthorized access to personal information. The Maxicare data breach affects approximately 13,000 members, accounting for less than 1% of Maxicare's total member population. The compromised information pertains to booking requests made through Lab@Home, a third-party home care provider.
Maxicare assures its members that no sensitive medical information has been exposed.
The data breach at Maxicare has not impacted Maxicare's business operations, network, or customer data. Lab@Home's booking platform, where the breach occurred, operates on a separate database that is not integrated with Maxicare's main systems.
"At this point, what we can confirm is that the business operations, network, and customer data of Maxicare have not been impacted in any way. Lab@Home maintains a separate database for booking requests, which is not integrated with Maxicare's system," reads Maxicare's official statement.
![Maxicare Data Breach](https://thecyberexpress.com/wp-content/uploads/Maxicare-Data-Breach-496x1024.webp)
Maxicare Data Breach: Immediate Response and Investigation
Upon learning of the potential security breach, Maxicare promptly initiated emergency measures to safeguard the privacy and security of the affected members. The company has launched a comprehensive investigation in collaboration with data security professionals and an industry-leading cybersecurity firm. "We launched an investigation together with a team of data security professionals and in partnership with an industry-leading cybersecurity firm," said a spokesperson from Maxicare. "Our team is fully adhering to all regulatory requirements by the National Privacy Commission. We will continue to communicate with our valued members on this matter."Background on the Maxicare Security Breach
The security breach specifically involved the booking platform of Lab@Home, which facilitates home care services for Maxicare members. The information compromised includes details used for booking requests. Importantly, no sensitive medical records were accessed or compromised during this incident. Lab@Home's database is entirely separate from Maxicare's primary systems, which helps contain the breach and prevents it from spreading to other parts of Maxicare’s infrastructure. Maxicare is taking proactive steps to address the recent security incident involving unauthorized access to member information. Through immediate action, rigorous investigation, and ongoing communication, the company aims to ensure the continued trust and safety of its members. TCE will provide further updates as the situation evolves and more information becomes available.Over 70% of Businesses Increase Security Spending on Proactive Measures
Strategic Implementation and Cybersecurity Industry Trends
Conducted in partnership with Omdia, a global analyst and advisory leader, the study surveyed over 400 security decision-makers across North America, the UK, France, and Germany. The findings highlight a rapid adoption of proactive security measures driven by three key objectives:- Reducing the opportunity for cyber threats
- Reducing the mean time to remediate known vulnerabilities
- Minimizing the attack surface.
Geographic and Sectoral Insights
The trend towards proactive security is particularly pronounced in the EMEA region, where 74% of respondents increased their budgets compared to 67% in North America. The financial services sector (54%) and critical infrastructure organizations, including energy and utilities companies (53%), show a strong inclination towards these investments. Nearly half (47%) of the respondents reported that their top cybersecurity goals for the next 12-24 months include reducing the opportunity for threats through proactive security. In contrast, only 27% of organizations plan to focus on improving tactical outcomes such as better threat prevention, detection, and response.Enhancing Security Posture
Organizations are increasingly recognizing the need to improve their security posture through proactive security tools, which significantly enhance attack surface management and security control optimization. Many organizations reported limited visibility into the security posture of their network assets, such as firewalls, switches, and routers. Approximately half of the surveyed organizations check their network devices at most monthly, and some only monitor devices in critical segments or a sample of devices across their networks. Critical infrastructure organizations reported lower confidence than other industries in their ability to maintain adequate network segmentation and prevent unauthorized network access.Anticipated Organizational Impact
Almost half (48%) of all respondents anticipate a high level of organizational disruption due to the broader adoption of proactive security solutions, highlighting the transformative impact these measures are expected to have. “This research vividly illustrates a widespread and rapid shift towards proactive security to improve operational readiness and resilience,” said Tom Beese, Executive Chairman of Titania. “Organizations recognize the critical need to stay ahead of known threats and shut down attacks by investing in solutions that offer real-time visibility of their security posture and remediation actions that continuously minimize their exposure.” Businesses emphasized the importance of consolidating proactive security tools, with 65% highlighting better visibility and management of the attack surface, 60% focusing on improved security control optimization, and 54% noting manpower productivity improvements.Critical Proactive Security Capabilities
The survey identified several critical proactive security capabilities:- The ability to view risks through different attack frameworks (61%).
- Full asset context (60%).
- Integration with existing security fabric to implement temporary mitigations (57%).
FBI Investigates Cyberstalking by Richard Roe, Seeks Victims
FBI's Call for Public Assistance
The FBI is reaching out to the public for assistance in identifying additional victims who may have been harassed by Roe. “If you and/or anyone you know were victimized by Roe, or if you have information relevant to this investigation, please fill out this short form,” reads the FBI release. The agency has set up a dedicated email, RoeVictims@fbi.gov, and a short form for individuals to provide information. Your responses are voluntary but could be crucial in furthering the federal investigation and identifying additional victims. The FBI is legally required to identify victims of federal crimes it investigates. Victims of such crimes may be eligible for various services, restitution, and rights under federal and/or state law. Identifying victims is not only a legal mandate but also an essential part of ensuring that those affected by Roe's alleged cyberstalking receive the support and justice they deserve. The FBI assures that all identities of victims will be kept confidential. “Based on the responses provided, you may be contacted by the FBI and asked to provide additional information. All identities of victims will be kept confidential.”The Impact of Cyberstalking
Cyberstalking is a serious offense that can have profound effects on the lives of victims. It involves the use of digital means to harass, intimidate, and threaten individuals, leading to emotional distress, fear, and disruption of daily life. The use of spoofed phone numbers and email accounts, as alleged in Roe's case, can make it challenging for victims to trace the source of harassment, adding to their anxiety and sense of vulnerability.How to Recognize Cyberstalking
Victims of cyberstalking often experience repeated, unwanted contact through digital communication methods. This can include:- Frequent and persistent phone calls, often from unknown or spoofed numbers.
- Harassing text messages that may contain threats or abusive language.
- Unwanted emails that may be difficult to trace back to the sender.
FTC Sues Adobe for ‘Trapping’ Users in Deceptive Subscription Practices
Details of the FTC Complaint Against Adobe
According to the complaint, Adobe has been steering consumers towards its "annual paid monthly" subscription plan by pre-selecting it as the default option on its website. While the monthly cost is prominently displayed, the early termination fee (ETF) is not. The ETF, which amounts to 50 percent of the remaining monthly payments if the subscription is canceled within the first year, is buried in small print or hidden behind small icons on the website. Consumers have complained to the FTC and the Better Business Bureau, stating they were unaware of the ETF or that the plan required a year-long commitment.Adobe's Practices
Adobe shifted primarily to a subscription model in 2012, which now accounts for most of its revenue. The complaint alleges that despite knowing about consumer confusion regarding the ETF, Adobe continues to obscure the fee and make it difficult to cancel subscriptions. When consumers try to cancel their subscriptions through Adobe’s website, they must navigate through numerous pages. Those who seek help from customer service face resistance, delays, and additional obstacles, such as dropped calls, chats, and multiple transfers. Some consumers who believed they had canceled their subscriptions later found that Adobe continued to charge them. The FTC charges that Adobe's practices violate the Restore Online Shoppers’ Confidence Act. The Commission voted unanimously (3-0) to refer the civil penalty complaint to the DOJ, which then filed it in the U.S. District Court for the Northern District of California.Adobe's Response to FTC Complaint
In response to the FTC's complaint, Adobe released a statement through Dana Rao, General Counsel and Chief Trust Officer: “Subscription services are convenient, flexible, and cost-effective to allow users to choose the plan that best fits their needs, timeline, and budget. Our priority is to always ensure our customers have a positive experience. We are transparent with the terms and conditions of our subscription agreements and have a simple cancellation process. We will refute the FTC’s claims in court.”Adobe Shift to the Subscription Model
Adobe's transition to a subscription model over a decade ago was driven by the digital and cloud-based evolution of the industry. This model was designed to deliver continuous innovation, including cloud-based features and services, more affordably to customers. Subscription-based software and services have become integral to the digital economy, offering numerous benefits such as:- Continuous Innovation: Subscriptions allow Adobe to deliver ongoing improvements and new features, including those that require cloud computation, without additional cost to customers. For example, Photoshop's Generative Fill feature.
- Multi-Device Usage: Products can be used on multiple devices and across groups of collaborators, providing automatic updates and enhanced security.
- Access to Cloud-Only Services: Subscribers gain access to services like artificial intelligence (AI) tools and other cloud-based functionalities.
- Consumer Choice: Adobe offers various plans, giving consumers the flexibility to choose between lower upfront costs and maximum flexibility.
MEDUSA Ransomware Targets AJE Group: $1.5M Price Tag for 646GB of Data
Ransomware Attack on AJE Group: Ransom Demand and Countdown
The ransomware group has set an ominous countdown of eight days, 21 hours, 20 minutes, and 30 seconds for the company to comply with their demands. The attackers have placed a hefty price tag of US$1,500,000 to prevent unauthorized distribution of the compromised data. Additionally, for every day that passes without payment, the ransom amount increases by US$100,000. However, these claims remain unconfirmed as AJE Group has yet to release an official statement regarding the incident. [caption id="attachment_77719" align="aligncenter" width="1024"]![ransomware attack on AJE Group](https://thecyberexpress.com/wp-content/uploads/ransomware-attack-on-AJE-Group-1024x700.webp)
MEDUSA Ransomware: A Rising Threat
Earlier, The Cyber Express (TCE) reported that Threat Actors (TAs) associated with the notorious MEDUSA ransomware have escalated their activities, allegedly targeting two institutions in the USA. The first target is Tri-Cities Preparatory High School, a public charter middle and high school located in Prescott, Arizona. The threat actors claim to have access to 1.2 GB of the school’s data and have threatened to publish it within seven to eight days. The second target is Fitzgerald, DePietro & Wojnas CPAs, P.C., an accounting firm based in Utica, New York. The attackers claim to have access to 92.5 GB of the firm’s data and have threatened to release it within eight to nine days.History and Modus Operandi of MEDUSA
MEDUSA first emerged in June 2021 and has since launched attacks on organizations across various countries and industries, including healthcare, education, manufacturing, and retail. Despite its global reach, most victims have been based in the United States. MEDUSA operates as a Ransomware-as-a-Service (RaaS) platform, offering malicious software and infrastructure to would-be attackers. This model enables less technically skilled criminals to launch sophisticated ransomware attacks. MEDUSA's TAs often utilize a public Telegram channel to post stolen data, leveraging public exposure as an extortion tactic to pressure organizations into paying the ransom.The Broader Impact of Ransomware Attacks
The reported MEDUSA ransomware attack on AJE Group highlights the growing threat posed by ransomware groups. Ransomware attacks have become increasingly prevalent, targeting critical sectors and causing widespread disruption. The healthcare industry, for instance, has seen hospitals forced to shut down operations, delaying critical medical procedures and compromising patient care. Educational institutions have faced similar disruptions, with students' data at risk and academic schedules thrown into disarray. The manufacturing and retail sectors, too, have not been spared. Companies in these industries have experienced production halts, supply chain disruptions, and significant financial losses due to ransomware attacks. These incidents highlight the importance of enhanced cybersecurity measures and prompt incident response protocols to mitigate the impact of such attacks. Additionally, organizations must prioritize cybersecurity awareness and preparedness to defend against ransomware attacks. Regular employee training, stringent access controls, and up-to-date security software are essential components of a robust cybersecurity strategy. Further, organizations should have a well-defined incident response plan to quickly address and contain any breaches.Conclusion
While the authenticity of the ransomware attack on AJE Group remains unconfirmed, the potential consequences are significant. TCE will continue to monitor this ongoing situation and provide updates as more information becomes available. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Guidehouse and Nan McKay to Pay $11.3M for Cybersecurity Failures in COVID-19 Rental Assistance
What Exactly Happened?
In response to the economic hardships brought on by the pandemic, Congress enacted the Emergency Rental Assistance Program (ERAP) in early 2021. This initiative was designed to offer financial support to eligible low-income households in covering rent, rental arrears, utilities, and other housing-related expenses. Participating state agencies, such as New York's Office of Temporary and Disability Assistance (OTDA), were tasked with distributing federal funding to qualified tenants and landlords. Guidehouse assumed a pivotal role as the prime contractor for New York's ERAP, responsible for overseeing the ERAP technology and services. Nan McKay acted as Guidehouse's subcontractor, entrusted with delivering and maintaining the ERAP technology used by New Yorkers to submit online applications for rental assistance.Admission of Violations and Settlement
Critical to the allegations were breaches in cybersecurity protocols. Both Guidehouse and Nan McKay admitted to failing their obligation to conduct required pre-production cybersecurity testing on the ERAP Application. Consequently, the ERAP system went live on June 1, 2021, only to be shut down twelve hours later by OTDA due to a cybersecurity breach. This data breach exposed the personally identifiable information (PII) of applicants, which was found accessible on the Internet. Guidehouse and Nan McKay acknowledged that proper cybersecurity testing could have detected and potentially prevented such breaches. Additionally, Guidehouse admitted to using a third-party data cloud software program to store PII without obtaining OTDA’s permission, violating their contractual obligations.Government Response and Accountability
Principal Deputy Assistant Attorney General Brian M. Boynton of the Justice Department’s Civil Division emphasized the importance of adhering to cybersecurity commitments associated with federal funding. "Federal funding frequently comes with cybersecurity obligations, and contractors and grantees must honor these commitments,” said Boynton. “The Justice Department will continue to pursue knowing violations of material cybersecurity requirements aimed at protecting sensitive personal information.” U.S. Attorney Carla B. Freedman for the Northern District of New York echoed these sentiments, highlighting the necessity for federal contractors to prioritize cybersecurity obligations. “Contractors who receive federal funding must take their cybersecurity obligations seriously,” said Freedman. “We will continue to hold entities and individuals accountable when they knowingly fail to implement and follow cybersecurity requirements essential to protect sensitive information.” Acting Inspector General Richard K. Delmar of the Department of the Treasury emphasized the severe impact of these breaches on a program crucial to the government’s pandemic recovery efforts. He expressed gratitude for the partnership with the DOJ in addressing this breach and ensuring accountability. “These vendors failed to meet their data integrity obligations in a program on which so many eligible citizens depend for rental security, which jeopardized the effectiveness of a vital part of the government’s pandemic recovery effort,” said Delmar. “Treasury OIG is grateful for DOJ’s support of its oversight work to accomplish this recovery.” New York State Comptroller Thomas P. DiNapoli emphasized the critical role of protecting the integrity of programs like ERAP, vital to economic recovery. He thanked federal partners for their collaborative efforts in holding these contractors accountable. “This settlement sends a strong message to New York State contractors that there will be consequences if they fail to safeguard the personal information entrusted to them or meet the terms of their contracts,” said DiNapoli. “Rental assistance has been vital to our economic recovery, and the integrity of the program needs to be protected. I thank the United States Department of Justice, United States Attorney for the Northern District of New York Freedman and the United States Department of Treasury Office of the Inspector General for their partnership in exposing this breach and holding these vendors accountable.”Initiative to Address Cybersecurity Risks
In response to such breaches, the Deputy Attorney General announced the Civil Cyber-Fraud Initiative on October 6, 2021. This initiative aims to hold accountable entities or individuals who knowingly endanger sensitive information through inadequate cybersecurity practices or misrepresentations. The investigation into these breaches was initiated following a whistleblower lawsuit under the False Claims Act. As part of the settlement, whistleblower Elevation 33 LLC, owned by a former Guidehouse employee, will receive approximately $1.95 million. Trial Attorney J. Jennifer Koh from the Civil Division's Commercial Litigation Branch, Fraud Section, and Assistant U.S. Attorney Adam J. Katz from the Northern District of New York led the case, with support from the Department of the Treasury OIG and the Office of the New York State Comptroller. These settlements highlight the imperative for rigorous cybersecurity measures in federal contracts, particularly in safeguarding sensitive personal information critical to public assistance programs. As the government continues to navigate evolving cybersecurity threats, it remains steadfast in enforcing accountability among contractors entrusted with protecting essential public resources.CISA & EAC Release Guide to Enhance Election Security Through Public Communication
Why Communication is Important in Election Security
Open and transparent communication with the American public is essential to maintaining trust in the electoral process. State and local election officials are on the front lines, engaging with the public and the media on numerous election-related topics. These range from election dates and deadlines to voter registration, candidate filings, voting locations, election worker recruitment, security measures, and the publication of results. The new guide aims to provide these officials with a strong framework and practical tools to develop and implement an effective, year-round communications plan. “The ability for election officials to be transparent about the elections process and communicate quickly and effectively with the American people is crucial for building and maintaining their trust in the security and integrity of our elections process,” stated CISA Senior Advisor Cait Conley. The election security guide offers practical advice on how to tailor communication plans to the specific needs and resources of different jurisdictions. It includes worksheets to help officials develop core components of their communication strategies. This approach recognizes the diverse nature of election administration across the United States, where varying local contexts require customized solutions. EAC Chairman Ben Hovland, Vice Chair Donald Palmer, Commissioner Thomas Hicks, and Commissioner Christy McCormick collectively emphasized the critical role of election officials as trusted sources of information. “This resource supports election officials to successfully deliver accurate communication to voters with the critical information they need before and after Election Day,” they said. Effective and transparent communication not only aids voters in casting their ballots but also helps instill confidence in the security and accuracy of the election results.How Tailored Communication Enhances Election Security
The release of this guide on election security comes at a crucial time when trust in the electoral process is increasingly under scrutiny. In recent years, the rise of misinformation and cyber threats has posed significant challenges to the integrity of elections worldwide. By equipping election officials with the tools to communicate effectively and transparently, CISA and the EAC are taking proactive steps to safeguard the democratic process. One of the strengths of this guide is its emphasis on tailoring communication strategies to the unique needs of different jurisdictions. This is a pragmatic approach that acknowledges the diverse landscape of election administration in the U.S. It recognizes that a one-size-fits-all solution is not feasible and that local context matters significantly in how information is disseminated and received. Furthermore, the guide’s focus on year-round communication is a noteworthy aspect. Election security is not just a concern during election cycles but is a continuous process that requires ongoing vigilance and engagement with the public. By encouraging a year-round communication plan, the guide promotes sustained efforts to build and maintain public trust. However, while the guide is a step in the right direction, its effectiveness will largely depend on the implementation by election officials at all levels. Adequate training and resources must be provided to ensure that officials can effectively utilize the tools and strategies outlined in the guide. Additionally, there needs to be a concerted effort to address potential barriers to effective communication, such as limited funding or technological challenges in certain jurisdictions.To Wrap UP
The “Enhancing Election Security Through Public Communications” guide by CISA and the EAC is a timely and necessary resource for election officials across the United States. As election officials begin to implement the strategies outlined in the guide, it is imperative that they receive the support and resources needed to overcome any challenges. Ultimately, the success of this initiative will hinge on the ability of election officials to engage with the public in a clear, accurate, and transparent manner, thereby reinforcing the security and integrity of the election process.Phishing Attack at Los Angeles County Department of Public Health Leads to Major Data Breach
Data Breach at Los Angeles County DPH: What Happened
The phishing email, designed to appear legitimate, tricked employees into divulging their credentials by clicking on a malicious link. This unauthorized access led to a wide-ranging compromise of data, affecting various individuals associated with DPH, including clients, employees, and others. The compromised email accounts contained a wealth of sensitive data. The potentially exposed information includes:- First and last names
- Dates of birth
- Diagnosis and prescription details
- Medical record numbers/patient IDs
- Medicare/Med-Cal numbers
- Health insurance information
- Social Security numbers
- Other financial information
Data Breach at Los Angeles County DPH Notification
DPH is taking extensive steps to notify all potentially affected individuals. Notifications are being sent via post to those whose mailing addresses are available. For individuals without a mailing address, DPH also posts a notice on its website to provide necessary information and resources. The department has advised impacted individuals to review the content and accuracy of their medical records with their healthcare providers. However, on delay in notification, Los Angeles County DPH said, “Due to an investigation by law enforcement, we were advised to delay notification of this incident, as public notice may have hindered their investigation.” To assist in protecting against potential misuse of their information, DPH is offering one year of free identity monitoring services through Kroll, a global leader in risk mitigation and response. “To help relieve concerns and restore confidence following this incident, we have secured the services of Kroll, a global leader in risk mitigation and response, to provide identity monitoring for one year at no cost to affected clients,” reads the notice.Response and Preventive Measures
Upon discovering the Los Angeles County DPH data breach, DPH took immediate action to mitigate further risks. The department disabled the affected email accounts, reset and re-imaged the users’ devices, blocked the websites involved in the phishing campaign, and quarantined all suspicious incoming emails. Additionally, DPH has implemented numerous security enhancements to prevent similar incidents in the future. Awareness notifications have been distributed to all workforce members, reminding them to be vigilant when reviewing emails, especially those containing links or attachments. These measures aim to bolster the department’s defense against phishing attacks and other cyber threats. The incident was promptly reported to law enforcement authorities, who investigated the breach. The US Department of Health and Human Services’ Office for Civil Rights and other relevant agencies are also notified, as required by law and contractual obligations.Steps for Individuals to Protect Themselves
While DPH cannot confirm whether any information has been accessed or misused, affected individuals are encouraged to take proactive steps to protect their personal information. These steps include:- Reviewing Medical Records: Individuals should review their medical records and Explanation of Benefits statements for any discrepancies or unauthorized services. Any irregularities should be reported to their healthcare provider or health plan.
- Requesting Credit Reports: Individuals should remain vigilant against identity theft and fraud by regularly reviewing their financial statements and credit reports. Under US law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus: Equifax, Experian, and TransUnion. Free credit reports can be requested at www.annualcreditreport.com or by calling 1-877-322-8228.
- Placing Fraud Alerts: Individuals can place a fraud alert on their credit files, which notifies creditors to take additional steps to verify identity before granting credit. Fraud alerts can be set up by contacting any of the major credit bureaus.
- Security Freezes: A security freeze can also be placed on credit reports, which prevents credit bureaus from releasing any information without written authorization. This measure can help prevent unauthorized credit activity but may delay the approval of new credit requests.
Beyond Traditional: Why Cybersecurity Needs Neurodiversity
What is Neurodiversity in Cybersecurity?
Neurodiversity in cybersecurity refers to the recognition and inclusion of individuals with diverse cognitive profiles, including conditions such as autism, ADHD, dyslexia, and others, within cybersecurity teams. These individuals bring unique perspectives, skills, and talents to the table, enhancing the overall effectiveness of cybersecurity operations.
Amidst approximately 3.5 million vacant positions in cybersecurity globally, with an estimated 750,000 in the United States alone, the industry faces unprecedented demand for skilled professionals. Compounded by projections from Gartner suggesting that talent shortages could lead to over half of significant cyberattacks by 2025, and findings from a recent World Economic Forum survey indicating an anticipated 86% increase in major cyber incidents within two years, it is clear that significant challenges lie ahead for the cybersecurity sector.
Yet, addressing this shortfall requires a nuanced approach that acknowledges the diverse cognitive profiles and needs of professionals in the field. Approximately 38% of adults identify as neurodivergent (ND), each showcasing a range of strengths and challenges. Overlooking these unique abilities can mean missed opportunities in building resilient and effective cybersecurity teams.
Holly Foxcroft, Head of Neurodiversity in Cyber Research and Consulting, emphasizes this perspective, stating, “It’s about addressing individuals who may be socially different or whose needs differ, rather than focusing on supporting specific conditions like autism or ADHD.”
For instance, neurodivergent individuals often exhibit sustained focus and attention to detail, making them well-suited for tasks requiring meticulous analysis, such as threat detection. Their clarity in communication also enhances teamwork and problem-solving within cybersecurity environments.
Tim Goldstein, Neurodiverse Communication Specialist, highlights the universal aspect of neurodiversity, stating, “Neurodiversity is a normal way that a human can process and think, much like diversity in other aspects of life.”
By leveraging these strengths, organizations can not only bridge the cybersecurity skills gap but also bolster their defenses against cyber threats. Embracing neurodiversity in cybersecurity not only fosters inclusivity but also drives innovation and resilience in safeguarding digital assets
How Neurodiversity Benefits in Cybersecurity Workplace
Neurodiversity brings numerous advantages to the cybersecurity workplace by introducing unique skills and perspectives that significantly enhance security measures.Challenges Faced by Neurodiverse Individuals in Cybersecurity
Neurodiverse individuals face several challenges in the workplace that can impact their ability to thrive, despite their unique strengths. For example, sensory sensitivities common in conditions like autism can make traditional office environments overwhelming due to bright lights, loud noises, or crowded spaces. This can lead to increased stress and decreased productivity. Communication barriers are another significant challenge, as some neurodivergent individuals may struggle with social cues and norms, making it difficult for them to participate effectively in team meetings or collaborative projects. For instance, someone with ADHD might find it challenging to maintain focus during long meetings, potentially missing critical information. Additionally, rigid workplace structures and a lack of flexibility can hinder neurodiverse employees, who may require different accommodations, such as varied working hours or remote work options, to perform optimally. These challenges highlight the need for inclusive workplace practices that recognize and support the diverse needs of neurodiverse individuals, enabling them to contribute their valuable skills more effectively.How to Create Neurodiverse-Friendly Work Environments
Creating a neurodiverse-friendly work environment involves considering several key factors to support and accommodate the unique needs of neurodivergent individuals. Here are the steps to create such an environment: Sensory: Addressing the sensory environment is crucial. This means ensuring that the workplace is comfortable regarding lighting, noise, and overall ambiance. For example, providing noise-canceling headphones, adjustable lighting, or quiet workspaces can help neurodivergent employees focus better and reduce sensory overload. Timely: A timely environment means allowing sufficient time for tasks and avoiding unrealistic deadlines. Clearly communicating timeframes and allowing flexibility can reduce stress. For instance, giving employees enough time to complete tasks without last-minute rushes can improve their productivity and job satisfaction. Explicit: Communication should be clear and explicit. This involves providing detailed instructions and avoiding ambiguous language. For example, instead of saying, "Get this done soon," specify, "Please complete this task by 3 PM tomorrow." This clarity helps neurodivergent individuals understand expectations and reduces anxiety. Predictable: Creating a predictable environment can help reduce anxiety and improve focus. This includes having regular schedules and clear procedures. For instance, if meetings are scheduled at consistent times and agendas are shared in advance, neurodivergent employees can prepare better and feel more secure. Social: Fostering a supportive social environment means recognizing that not everyone may be comfortable with the same level of social interaction. Offering structured social activities and respecting individual preferences can create a more inclusive workplace. For example, providing clear invitations to social events with detailed information about what to expect can help neurodivergent employees feel more comfortable. Additionally, implementing a "traffic-light" system with colored cards or post-it notes (green for willing to interact, yellow for maybe, and red for needing to focus) can help manage social interactions effectively and respect individual boundaries. By incorporating these STEPS, organizations can create an inclusive and supportive work environment that leverages the unique strengths of neurodivergent employees, ultimately enhancing overall productivity and innovation. Training Programs: Providing specialized training and development programs can help neurodivergent individuals thrive in cybersecurity roles. This includes offering tailored training sessions that address their unique learning styles and strengths. For example, using visual aids and hands-on activities can enhance understanding and retention. Mentorship programs where experienced employees guide neurodivergent staff can also be beneficial, offering personalized support and career development advice. Moreover, continuous learning opportunities, such as workshops on the latest cybersecurity trends and technologies, can keep neurodivergent employees engaged and up-to-date with industry advancements.Read Ahead
“Once we start to remove what those barriers are, the way that we do things, our culture of understanding and our bias of conditions, then we can start to be more inclusive and welcome a more diverse workforce,” said Foxcroft. By harnessing the unique strengths of neurodivergent individuals, organizations can unlock a wellspring of creativity, focus, and unconventional problem-solving. It's a future where cybersecurity teams aren't just well-equipped, but exceptionally prepared – a future where "thinking differently" becomes the key to defending against the unthinkable. So, what steps will you take to create a more inclusive cybersecurity workforce? The answers may well determine the future security of our digital world.Panera Bread Hit by Ransomware: Data Breach, Outage, and Unanswered Questions
Panera Bread Data Breach: Impact on Employees and Operations
The ransomware attack has had substantial repercussions on Panera's operations and its employees. Many of Panera's virtual machine systems were reportedly encrypted during the attack, leading to a significant outage that crippled internal IT systems, phones, point of sale systems, the company’s website, and mobile apps. During this outage, employees were unable to access their shift details and had to contact their managers to obtain work schedules. The stores faced further disruption as they could only process cash transactions, with electronic payment systems down. Additionally, the rewards program system was inoperable, preventing members from redeeming their points. The most concerning aspect of the breach for employees is the compromise of sensitive personal information. Panera has confirmed that files containing employee names and Social Security numbers were accessed. There is also the potential that other employment-related information was compromised. However, the company has assured employees that, as of the notification date, there is no evidence that the accessed information has been publicly disseminated. To mitigate the potential impact on affected individuals, Panera is offering a one-year membership to CyEx's Identity Defense Total, which includes credit monitoring, identity detection, and identity theft resolution services. This proactive measure aims to help employees safeguard their identities and respond swiftly to any signs of fraudulent activity.The Bigger Picture: Unanswered Questions
Despite the detailed notifications to employees, Panera has yet to publicly disclose the total number of individuals impacted by the breach. The identity of the threat actors behind the ransomware attack also remains unknown. No ransomware group has claimed responsibility, which raises speculation that the attackers might be awaiting a ransom payment or have already received it. Moreover, Panera has not responded to requests for comment from The Cyber Express regarding the outage and the ransomware attack. This lack of communication leaves several critical questions unanswered, particularly about the measures being taken to prevent future incidents and the ongoing efforts to recover from the current breach.Implications for Panera Bread Data Breach
The implications of this ransomware attack extend beyond the immediate disruption and data breach. Panera Bread's reputation is at stake, as customers and employees alike may question the company's ability to protect sensitive information. The operational disruptions also highlight vulnerabilities in the company’s IT infrastructure that need to be addressed to prevent similar incidents in the future. In response to the data breach, Panera has committed to enhancing its existing security measures. The company is likely to conduct a thorough review of its cybersecurity policies and practices to identify and address any gaps. Additionally, ongoing communication with employees and stakeholders will be crucial in rebuilding trust and ensuring that all affected parties are adequately supported. As the investigation continues, further details may emerge about the nature of the breach and the steps Panera is taking to strengthen its defenses.Eraleig Ransomware Allegedly Targets Swiss Executive Search Firm Borrer Executive Search
![Eraleig ransomware](https://thecyberexpress.com/wp-content/uploads/Borrer-Executive-Search.webp)
Potential Implications of Borrer Executive Search Ransomware Attack
Borrer Executive Search is a specialized firm that operates on a retained and exclusive mandate basis. The company partners with corporate clients to identify, attract, and integrate top leadership talent. Their operations are not confined to Switzerland alone; they have a significant international presence, focusing on director, VP, and C-level positions in Global Operations (Supply Chain & Procurement), Commercial Leadership (General Management, Sales & Marketing), Finance, and HR. Given the high-profile nature of their clientele, which spans across Europe and potentially beyond, the implications of a verified ransomware attack could be far-reaching and severe. Should the ransomware attack be confirmed, Borrer Executive Search could face several significant consequences:- Data Breach and Confidentiality: The release of internal documents and agreements could lead to a breach of confidentiality agreements with clients. This could result in legal ramifications and a loss of trust among their client base.
- Operational Disruption: Ransomware attacks can severely disrupt business operations, leading to downtime and a loss of productivity. For a firm that specializes in executive search, any delay in operations could mean missing out on critical placement opportunities and damaging its reputation for reliability and efficiency.
- Financial Impact: Beyond the immediate ransom demand, the financial impact of a ransomware attack can be substantial. Costs associated with recovery, potential legal fees, and lost business opportunities can accumulate rapidly.
- Reputational Damage: The mere association with a ransomware attack can tarnish the reputation of a firm, especially one that deals with high-profile clients and sensitive information. Clients may question the firm’s ability to safeguard their data, leading to potential loss of business.
- Regulatory Scrutiny: Depending on the nature of the data compromised, Borrer Executive Search could find itself under the scrutiny of data protection authorities, especially given the stringent data privacy laws in Europe, such as the General Data Protection Regulation (GDPR).
Understanding Eraleig Ransomware
Eraleig ransomware is known for its sophisticated encryption techniques and its ability to inflict significant damage on targeted organizations. Typically, ransomware attacks aim to lock users out of their systems or encrypt valuable data, demanding a ransom for its release. The Eraleig strain is no different, often leaving victims with a stark choice: pay the ransom or risk having sensitive data leaked publicly. The threat to release 2.5MB of internal documents and agreements indicates a targeted approach, aimed at exerting maximum pressure on Borrer Executive Search by leveraging the potential exposure of confidential client information. The alleged ransomware attack on Borrer Executive Search, if verified, highlights a growing trend of cyberattacks targeting firms that handle significant amounts of sensitive data. The executive search industry, by its nature, deals with highly confidential information related to top-level corporate executives. The alleged ransomware attack on Borrer Executive Search is a developing story with potentially serious implications for the firm and its extensive client base. As we await further confirmation and details, the incident brings to light the critical importance of cybersecurity in protecting sensitive information and maintaining trust in the executive search industry. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Life360 Targeted in Extortion Attempt, Customer Data Exposed
About Tile and Life360
Tile, much like Apple's AirTag, produces small Bluetooth-enabled devices that help users locate and track items such as keys, wallets, and bags. These devices work in conjunction with a mobile app, allowing users to find lost items using sound alerts or by viewing the last known location of the Tile tracker on a map. Tile is a subsidiary of Life360, the leading connection and safety app used by one in nine U.S. families. With over 66 million members, Life360 offers driving, location, and digital safety features that keep loved ones connected. The app's extensive user base makes the implications of any data breach potentially far-reaching.Implications of the Life360 Data Breach
While the Life360 data breach did not include highly sensitive data, the exposure of personal information such as names, addresses, and phone numbers can still have significant implications. Such data can be used for targeted phishing attacks, identity theft, and other malicious activities. The breach highlights the importance of cybersecurity measures, particularly for companies managing large databases of personal information. Life360's swift response to the incident and its cooperation with law enforcement demonstrates the company's commitment to transparency and user security.Moving Forward
In response to the breach, Life360 has reiterated its commitment to enhancing its security infrastructure and safeguarding user information. The company is taking proactive steps to prevent future cybersecurity incidents, including strengthening its cybersecurity protocols and continuing to monitor its systems for potential vulnerabilities. "We remain committed to keeping families safe online and in the real world," Hulls emphasized. The company’s prompt action and transparent communication are crucial in maintaining user trust and addressing concerns related to the breach.Cyberattack Hits Dubai: Daixin Team Claims to Steal Confidential Data, Residents at Risk
![City of Dubai Ransomware Attack](https://thecyberexpress.com/wp-content/uploads/City-of-Dubai-Ransomware-Attack.webp)
Potential Impact City of Dubai Ransomware Attack
The stolen data reportedly contains extensive personal information, such as full names, dates of birth, nationalities, marital statuses, job descriptions, supervisor names, housing statuses, phone numbers, addresses, vehicle information, primary contacts, and language preferences. Additionally, the databases appear to include business records, hotel records, land ownership details, HR records, and corporate contacts. [caption id="attachment_77010" align="aligncenter" width="1024"]![Daixin Team](https://thecyberexpress.com/wp-content/uploads/Daxin-Team-1024x508.webp)
Daixin Team: A Persistent Threat
The Daixin Team, a Russian-speaking ransomware and data extortion group, has been active since at least June 2022. Known primarily for its cyberattacks on the healthcare sector, Daixin has recently expanded its operations to other industries, employing sophisticated hacking techniques. A 2022 report by the US Cybersecurity and Infrastructure Security Agency (CISA) highlights Daixin Team's focus on the healthcare sector in the United States. However, the group has also targeted other sectors, including the hospitality industry. Recently, Daixin claimed responsibility for a cyberattack on Omni Hotels & Resorts, exfiltrating sensitive data, including records of all visitors dating back to 2017. In another notable case, Bluewater Health, a prominent hospital network in Ontario, Canada, fell victim to a cyberattack attributed to Daixin Team. The attack affected several hospitals, including Windsor Regional Hospital, Erie Shores Healthcare, Chatham-Kent Health, and Hôtel-Dieu Grace Healthcare. The Government of Dubai has yet to release an official statement regarding the ransomware attack. However, on accessing the official website of the Dubai government, no foul play was sensed as the websites were fully functional. This leaves the alleged ransomware attack unverified. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Single Click, Big Disruption: Employee Download Triggers Ascension Cyberattack
What Caused Ascension Cyberattack?
The cyberattack on Ascension was traced back to an innocent mistake by an employee who accidentally downloaded a malicious file, mistaking it for a legitimate one. "We have also identified how the attacker gained access to our systems. An individual working in one of our facilities accidentally downloaded a malicious file that they thought was legitimate. We have no reason to believe this was anything but an honest mistake," informed the spokesperson. This incident highlights the importance of continuous cybersecurity training and vigilance among all employees to prevent such occurrences in the future. Ascension has assured its patients and associates that there is no evidence suggesting any data was taken from the Electronic Health Records (EHR) system or other clinical systems where comprehensive patient records are securely stored. This means the most sensitive health information remains uncompromised, providing some relief amidst the ongoing investigation.Ongoing Review and Protective Measures
Ascension is currently conducting a detailed review and analysis of the potentially impacted files to determine precisely what data was affected and identify the individuals involved. This meticulous process is expected to take considerable time due to the volume and complexity of the data. In the meantime, Ascension is taking proactive steps to protect its patients and associates. The healthcare provider is offering free credit monitoring and identity theft protection services to all patients and associates, regardless of whether their data is eventually found to be compromised. This service is intended to provide immediate peace of mind and mitigate potential risks from the Ascension data breach. Individuals who wish to enroll in these protective services are encouraged to contact Ascension's dedicated call center at 1-888-498-8066.Commitment to Transparency and Legal Compliance
Ascension remains committed to transparency throughout this investigation. While specific details regarding whether an individual's data was affected cannot be provided, Ascension pledges to follow all applicable laws and regulations related to data breach notifications. "We encourage all Ascension patients and staff who are concerned to take advantage of these services. We want to be clear that this offer does not mean we have determined that any specific individual patient’s data has been compromised. Rather, it illustrates our desire to do everything possible to reassure our patients and associates, regardless of any impact to specific individuals’ data," the spokesperson explained. "Once our data analysis is complete, we are committed to following all applicable laws and regulations to notify affected individuals and the appropriate regulatory bodies. To our patients, associates, and the communities we serve, we regret any disruption or concern you may have experienced as a result of this incident," the spokesperson added.Background and Impact of Cyberattack on Ascension
On May 10, The Cyber Express reported that Ascension faced disruptions in clinical operations due to a cyberattack that prompted the organization to take some of its systems offline. Operating in 19 states and the District of Columbia, Ascension oversees 140 hospitals and 40 senior care facilities. It also boasts a significant workforce of 8,500 providers, 35,000 affiliated providers, and 134,000 associates. In 2023, Ascension’s total revenue amounted to $28.3 billion. Given its substantial revenue and widespread operations, the impact of this cyberattack was significant. The organization detected unusual activity on select technology network systems, prompting an immediate response, investigation initiation, and activation of remediation efforts. Due to the cyberattack, Ascension advised its business partners to temporarily sever connections to its systems as a precautionary measure and stated it would notify partners when it is safe to reconnect. The cyberattack on Ascension disrupted clinical operations, prompting an investigation into the extent and duration of the disruption.Pure Storage Confirms Data Breach in Snowflake Workspace
Pure Storage Data Breach: Investigation Ongoing
Upon knowing about the cybersecurity incident, Pure Storage took immediate action to block any further unauthorized access to the workspace. The company emphasized that no unusual activity has been detected on other elements of its infrastructure. “We see no evidence of unusual activity on other elements of the Pure infrastructure. Pure is monitoring our customers’ systems and has not found any unusual activity. We are currently in contact with customers who similarly have not detected unusual activity targeting their Pure systems,” reads the official statement. Preliminary findings from a cybersecurity firm engaged by Pure Storage support the company's conclusions about the nature of the exposed information. Pure Storage simplifies data storage with a cloud experience that empowers organizations to maximize their data while reducing the complexity and cost of managing the infrastructure behind it. Thousands of customers, including high-profile companies like Meta, Ford, JP Morgan, NASA, NTT, AutoNation, Equinix, and Comcast, use Pure Storage's data storage platform.Context of Recent Snowflake Cybersecurity Incidents
Before the Pure Storage data breach, Advance Auto Parts, Inc., a significant provider of automobile aftermarket components, allegedly suffered a massive data breach. A threat actor known as “Sp1d3r” claimed responsibility, alleging the theft of three terabytes of data from the company’s Snowflake cloud storage, which is reportedly being sold for $1.5 million. Live Nation, the parent company of Ticketmaster, also confirmed "unauthorized activity" on its database hosted by Snowflake, a Boston-based cloud storage and analytics company. In a joint advisory with Mandiant and CrowdStrike, Snowflake revealed that attackers used stolen customer credentials to target accounts lacking multi-factor authentication protection. Mandiant linked these attacks to a financially motivated threat actor tracked as UNC5537 since May 2024. This malicious actor gains access to Snowflake customer accounts using credentials stolen in historical infostealer malware infections dating back to 2020. These cyberattacks have targeted hundreds of organizations worldwide, extorting victims for financial gain. So far, the cybersecurity firm has identified hundreds of customer Snowflake credentials exposed in Vidar, RisePro, Redline, Racoon Stealer, Lumm, and Metastealer malware attacks. Snowflake and Mandiant have notified around 165 organizations potentially exposed to these ongoing cyberattacks.City of Wichita Recovers from Cyberattack: Water Services Back Online, More Progress Expected
City of Wichita Cyberattack Update
Water Services Restored Customers can expect to receive updated statements this week. Auto-payments have resumed normal operations, and customers now have full access to their utility accounts online. Bills can be paid by credit card, cash, check, and money order at City Hall, online at City's payment portal, by calling (316) 265-1300, or through the mail. Due to the cyberattack on City of Wichita, some June bills may cover more than 60 days of service. Customers needing help with these bills are encouraged to contact a representative at (316) 265-1300 to arrange a payment plan. Library Services Update The Wichita Public Library has also seen progress, though some services remain affected. Public Wi-Fi is available at all locations, and patrons can access Libby for eBooks, audiobooks, and digital magazines. Additionally, materials can be checked in and out manually. However, hold requests and renewals, customer account information, the online catalog, the automated materials handler at the Advanced Learning Library, and online databases like Kanopy and LinkedIn Learning are still unavailable. Airport and Court Systems At the Wichita Dwight D. Eisenhower National Airport, public flight and gate display information is not yet available online but is expected to be restored soon. The Municipal Court has made strides in recovery, with most systems operational. The public search of warrants is anticipated to be online by Monday, June 10. The City’s Information Technology team is working to fix the remaining system outages. The city appreciates residents' patience as there may be occasional service interruptions during ongoing recovery efforts.What Happened During the City of Wichita Cyberattack
The Cyber Express reported that the cyberattack occurred on May 5, leading to the shutdown of several online city services, including water bill payments, some city-building Wi-Fi, and electronic payments. LockBit, a known ransomware group, claimed responsibility for the cyberattack. This followed an earlier notification from the City of Wichita regarding a ransomware incident, although the responsible group was not initially disclosed. The ransomware attack has shown the vulnerabilities in the city's IT systems and the importance of strong cybersecurity measures. Despite the challenges, the city has worked hard to restore essential services to its residents. The City of Wichita urges residents to stay informed through official updates and to reach out to the provided contact points for help. The city remains committed to being transparent and providing the necessary support to its residents during this recovery period.Findlay Automotive Hit by Cybersecurity Attack, Investigation Ongoing
![Findlay Automotive cybersecurity issue](https://thecyberexpress.com/wp-content/uploads/Findlay-Automotive-cybersecurity-issue.webp)
Operational Impact of Findlay Automotive Cybersecurity Issue
Despite the restrictions imposed by the Findlay Automotive cybersecurity issue, all dealership locations remain open. Customers with vehicles currently in service are encouraged to visit or contact their respective service departments directly for assistance from Findlay’s dedicated staff. "At Findlay Automotive, we have been serving our communities with pride and integrity since 1961," reads the company’s Facebook Post. "We take our responsibility to our customers and the community very seriously. We will continue to provide updates as the investigation continues and more information becomes available.” The urgency and gravity of the situation are highlighted by recent trends in cybersecurity, particularly the rising threat of ransomware attacks in the industrial sector.Rising Cyber Threats in the Industrial Sector
In 2019, industrial companies faced significant financial burdens due to ransomware, collectively paying out $6.9 million, which accounted for 62% of the total $11 million spent on ransomware that year. Despite representing only 18% of ransomware cases, the manufacturing sector bore the brunt of the financial impact. By 2020, the cross-industry cost of ransomware had escalated to a staggering $20 billion. Gartner, a research firm, has projected that by 2023, the financial repercussions of cyberattacks on industrial systems, including potential fatal casualties, could exceed $50 billion. The automotive sector, in particular, has become a prime target for cybercriminals. As these threats intensify, paying ransoms become increasingly weak, emphasizing the necessity of enhanced cybersecurity measures to protect assets. The recent Volkswagen incident exemplifies the magnitude of these threats. In April 2024, Volkswagen faced a cyberattack, suspected to originate from Chinese hackers. The breach exposed sensitive data, including development plans for gasoline engines and critical information on e-mobility initiatives. Investigations by ZDF Frontal and “Der Spiegel” revealed more than 40 internal documents, highlighting the severity of the cyberattack. Similarly, in February 2024, Thyssenkrupp's automotive unit in Duisburg, Germany, experienced a cyberattack that disrupted production in its car parts division. Although no data theft or manipulation was detected, the company had to take several systems offline to prevent further unauthorized access, underlining the operational risks posed by such cyber incidents. Closer to home, Eagers Automotive Limited faced a cyber incident on December 27, 2023, leading to a temporary trading halt to address its continuous disclosure obligations. The company issued an apology to its customers for the inconvenience caused by the disruption, reflecting the broad and often immediate impact of cyberattacks on automotive businesses. Findlay Automotive’s proactive response to the current cybersecurity issue demonstrates its commitment to safeguarding its operations and customer trust. The company is maintaining open lines of communication with customers, providing regular updates as the investigation progresses and more information becomes available.Don’t Panic, Take Action: What to Do If Your Data Leaks
Data Leak? Immediate Actions to Take
1. Change Compromised Account Details: If you suspect your account details have been compromised, immediately change your password and enable two-factor authentication. If cybercriminals have already accessed your account, contact technical support to restore access and determine what other information might have been compromised. 2. Address and Phone Number Leaks: If sensitive data such as your address or phone number is leaked, it is usually not critical but still concerning. A leaked address typically doesn’t pose a threat unless it leads to targeted attacks like stalking. In such rare cases, contact the police promptly. For a leaked phone number, ensure accounts using that number as a login have two-factor authentication, change your password, and remain vigilant for potential fraud calls. 2. Passport or ID Leaks: If your passport or ID details become leaked, stay alert for potential social engineering attacks. Scammers might use your passport details to appear more credible. However, there is usually no need to obtain a new document. Using leaked passport data for fraud, such as taking out a loan, requires additional personal information and substantial criminal expertise. To mitigate future risks, avoid giving away your passport details unnecessarily—they are primarily needed for banking and e-government apps, and occasionally logistics services. 3. Bank Card Details: Act promptly if your bank card details are leaked: monitor bank notifications, reissue the card, and change your bank app or website password. Enable two-factor authentication and other verification methods. Some banks allow setting spending limits for added protection. If account and balance details are leaked, be extra vigilant against phishing emails, SMS, and calls. Cybercriminals might target you based on this information. In unclear situations, contact your bank directly. 4. Organizational Security Measures: Various types of leaked employee data can be used for OSINT (open-source intelligence) to further access internal systems. To counter these threats, organizations are advised to use advanced security solutions, implement strong cybersecurity policies, and conduct employee training. 5. Educating and Protecting Against Social Engineering: Amin Hasbini, Director of META Research Center Global Research and Analysis Team (GReAT) at Kaspersky, emphasizes the importance of being aware of data leakage risks and avoiding oversharing. He advises educating relatives, especially children and the elderly, about the dangers of social engineering attacks. "A crucial thing also is to educate your relatives, especially kids and elderly people. For example, explain that if someone refers to personal information, such as full name and even passport details, by telephone, messengers, social networks or e-mail, it’s not necessarily the bank or social service representatives, but might be scammers. In personal issues it’s advised to have a code word or question that only relatives know, while with organizations if some actions are required it’s better to use official contact information for double checking”, says Amin Hasbini, Director of META Research Center Global Research and Analysis Team (GReAT), at Kaspersky. As data breaches continue to affect various industries, individuals need to take proactive steps to secure their personal information. By following these experts' advice, you can mitigate the risks associated with data leaks and protect yourself from potential cyber threats.Cisco Welcomes Sean Duca as Chief Information Security Officer for Asia Pacific, Japan, and China
![Sean Duca](https://thecyberexpress.com/wp-content/uploads/Sean-Duca.webp)
Sean Duca Vast Experience
Sean brings over 20 years of experience in cybersecurity to his new role, with a proven track record of driving visionary strategies and practical solutions to enhance digital security. Sean's extensive background includes nearly nine years at Palo Alto Networks, where he served as Vice President and Regional Chief Security Officer (CSO) for the APJ region. Before that, he spent over 15 years at Intel Security, serving as the Chief Technology Officer (CTO) for the Asia Pacific region. His leadership in technology and security has made a significant impact in the industry. Reflecting on his new role at Cisco, Sean emphasized his commitment to helping customers achieve their security and business goals while extracting value from their Cisco investments. He expressed his eagerness to reconnect with partners and contacts in his soon-to-be new country, Singapore, highlighting his dedication to driving cybersecurity excellence across the region. “What drew me to Cisco? I've met incredible people, Jeetu Patel’s visionary strategy, and the innovation behind solutions like Cisco’s Hypershield. I can't wait to reconnect with partners, new and old, and many contacts in my soon-to-be new country when I move up next month. Most importantly, I'm eager to help our customers achieve their security and business goals, proving our value and extracting value from their Cisco investment,” reads the post further. With his renewed focus and energy, Sean's appointment is poised to lead Cisco's efforts to elevate performance in the cybersecurity world across APJC.Switzerland Walks Tightrope as Cyberattacks, Disinformation Threaten Peace Summit
Switzerland Disruption Efforts and Cybersecurity
Foreign Minister Ignazio Cassis also spoke at the press conference, noting a clear "interest" in disrupting the talks. However, he refrained from directly accusing any particular entity, including Russia, when questioned about the source of the cyberattacks. This restraint highlights the delicate diplomatic balancing act Switzerland is attempting as host. Switzerland agreed to host the summit at the behest of Ukrainian President Volodymyr Zelenskyy and has been actively seeking support from countries with more neutral or favorable relations with Moscow compared to leading Western powers. This strategic outreach aims to broaden the coalition backing the peace efforts and mitigate the polarized dynamics that have characterized the conflict thus far.Agenda and Key Issues
The summit will address several critical areas of international concern, including nuclear and food security, freedom of navigation, and humanitarian issues such as prisoner of war exchanges. These topics are integral to the broader context of the Ukraine conflict and resonate with the international community's strategic and humanitarian interests. Turkey and India are confirmed participants, though their representation level remains unspecified. There is still uncertainty regarding the participation of Brazil and South Africa. Switzerland noted that roughly half of the participating countries would be represented by heads of state or government, highlighting the summit's high profile and potential impact. The summit aims to conclude with a final declaration, which ideally would receive unanimous backing. This declaration is expected to outline the next steps in the peace process. When asked about potential successors to Switzerland in leading the next phase, Foreign Minister Cassis indicated ongoing efforts to engage regions beyond the Western sphere, particularly the Global South and Arabian countries. Such inclusion could foster a more comprehensive and globally supported peace initiative.To Wrap Up
The summit represents a significant diplomatic effort to address the Ukraine conflict. However, the surge in cyberattacks on Switzerland and disinformation campaigns, highlights the complexities of such high-stakes international dialogue. In March 2024, Switzerland’s district court in the German-speaking district of March, home to around 45,000 residents, fell victim to a cyberattack. While details are scarce, the court’s website suggests it could potentially be a ransomware attack. As Switzerland navigates these challenges, the outcomes of this summit could set important precedents for future peace efforts and international cooperation.Ascension Makes Progress in Restoring Systems After Cyberattack, Patients to See Improved Wait Times
Ascension cyberattack: What All Have Restored?
According to the latest update on the Ascension cyberattack, officials have successfully restored EHR access in Florida, Alabama, Tennessee, Maryland, Central Texas (Ascension Seton and Dell Children's hospitals), and Oklahoma markets. Ascension Via Christi further informed that its hospitals, including St. Francis and St. Joseph hospitals, and Ascension Medical Group clinics in Wichita, have restored the primary technology used for electronic patient documentation in care settings. "This will allow most hospital departments, physician offices, and clinics to use electronic documentation and charting. Patients should see improved efficiencies and shorter wait times. Our team continues to work tirelessly to restore other ancillary technology systems," Ascension Via Christi explained on its website, providing cybersecurity updates for its Kansas facilities. [caption id="attachment_76455" align="aligncenter" width="1024"]![Ascension cyberattack](https://thecyberexpress.com/wp-content/uploads/Ascension-cyberattack-1-1024x435.webp)