Today’s Lateral Movement Tactics: Be Warned Protecting against today’s most dangerous lateral movement tactics is increasingly critical, with AD as vulnerable as it is. Attackers use a wide range of strategies to move about undetected. The list below covers a selection of the most common and potentially damaging tactics. For defenders, knowing what to look …
Previously: A Japanese government official told Kyodo News on Wednesday that login IDs and passwords for the Tokyo Olympic ticket portal had been posted to a leak website following a breach. The official said the leak was “not large” but admitted that the IDs and passwords would give someone access to a person’s name, address, bank account …
Henry Ford Health System announced this week a data breach of health information that involves nearly 20,000 patients. It is “unclear” if any of the compromised information has been used “inappropriately.”
“We are very sorry this happened. We take very seriously any misuse of patient information, and we are continuing our own internal investigation to determine how this happened and to ensure no other patients are impacted,” the hospital wrote in a news release this week, noting that they learned of the incident on October 3 after the e-mail credentials of a group of employees were also compromised.
“… Someone gained access to or stole the e-mail credentials of a group of employees,” a release on the breach stated, explaining that patient health information was inside of these employee e-mail accounts.
It is still unclear if any of the information that was “viewed or stolen” has been used for any inappropriate use, the hospital stated adding that Social Security numbers and credit card info was not included in the data breach. What was compromised was information such as patient names, birthdates, medical record numbers, provider names, dates of service, department names, locations, medical conditions and health insurers. A total of 18,470 patient’s information was compromised.
More than 370,000 Duke Energy customers may have had their information hacked.
On Friday, a company that Duke Energy uses to process its customer’s payments from walk-in locations announced the breach, which could affect about 1.6 million customers overall, WYFF reports.
The third-party vendor in question is TIO Networks’ Global Express, which was recently acquired by PayPal.
The information includes names, addresses, Duke Energy account numbers, account balances and banking information.
For some people, Google controls most of their identity online, and losing access to that critical account could be devastating. A recent study from Google and UC Berkeley examined the various ways accounts are compromised, and determined that phishing attacks – not data breaches – pose the most risk to users when it comes to lost access.
Google’s study lasted a year, from March 2016 until March 2017, and looked to better understand how attackers take over accounts. While phishing, keylogging, and data breaches impact everyone, Google focused on themselves as the case study.
Equifax Inc on Friday warned that this year’s massive data breach will harm the credit reporting company’s future sales, saying it will reduce revenue and weigh on profit in the fourth quarter.
Businesses and governments delayed signing new contracts in the third quarter and that trend will continue in the current quarter, company executives said in an analyst conference call.
“We’re hoping to win back their trust and then be able to regain the business that we’ve indicated has been deferred,” Chief Financial Officer John Gamble said in the call. “We’re still working through that process.”
Executives discussed the impact of the breach after releasing third-quarter results late on Thursday. Equifax reported lower quarterly profit, and revenue that fell short of analyst estimates.
The company also said on Friday that it had halted a share buyback program.
“We just don’t think it’s appropriate for the company to be purchasing shares” in the midst of investigations into the breach, Gamble said.
Equifax shares were down 2.3 percent in morning trading. They have dropped around 25 percent since the company disclosed on Sept. 7 that cyber criminals had breached its systems and accessed sensitive information on 145.5 million consumers.