Today’s Lateral Movement Tactics: Be Warned Protecting against today’s most dangerous lateral movement tactics is increasingly critical, with AD as vulnerable as it is. Attackers use a wide range of strategies to move about undetected. The list below covers a selection of the most common and potentially damaging tactics. For defenders, knowing what to look …
Previously: A Japanese government official told Kyodo News on Wednesday that login IDs and passwords for the Tokyo Olympic ticket portal had been posted to a leak website following a breach. The official said the leak was “not large” but admitted that the IDs and passwords would give someone access to a person’s name, address, bank account …
U.S. President Biden late Wednesday signed a long-awaited executive order intended to improve the country’s cybersecurity and protect federal networks. The move follows some of the worst attacks against U.S. networks and critical infrastructure including SolarWinds, the Microsoft Exchange hack, and, most recently, the ransomware attack against Colonial Pipeline that took down the country’s largest fuel line. Biden’s directive requires …
Henry Ford Health System announced this week a data breach of health information that involves nearly 20,000 patients. It is “unclear” if any of the compromised information has been used “inappropriately.”
“We are very sorry this happened. We take very seriously any misuse of patient information, and we are continuing our own internal investigation to determine how this happened and to ensure no other patients are impacted,” the hospital wrote in a news release this week, noting that they learned of the incident on October 3 after the e-mail credentials of a group of employees were also compromised.
“… Someone gained access to or stole the e-mail credentials of a group of employees,” a release on the breach stated, explaining that patient health information was inside of these employee e-mail accounts.
It is still unclear if any of the information that was “viewed or stolen” has been used for any inappropriate use, the hospital stated adding that Social Security numbers and credit card info was not included in the data breach. What was compromised was information such as patient names, birthdates, medical record numbers, provider names, dates of service, department names, locations, medical conditions and health insurers. A total of 18,470 patient’s information was compromised.
More than 370,000 Duke Energy customers may have had their information hacked.
On Friday, a company that Duke Energy uses to process its customer’s payments from walk-in locations announced the breach, which could affect about 1.6 million customers overall, WYFF reports.
The third-party vendor in question is TIO Networks’ Global Express, which was recently acquired by PayPal.
The information includes names, addresses, Duke Energy account numbers, account balances and banking information.
For some people, Google controls most of their identity online, and losing access to that critical account could be devastating. A recent study from Google and UC Berkeley examined the various ways accounts are compromised, and determined that phishing attacks – not data breaches – pose the most risk to users when it comes to lost access.
Google’s study lasted a year, from March 2016 until March 2017, and looked to better understand how attackers take over accounts. While phishing, keylogging, and data breaches impact everyone, Google focused on themselves as the case study.