Malware
Breaking the Silence: Cylance Confirms Data Breach Tied to a “Third-Party” Platform
Picture this: you’re sitting in a coffee shop, minding your own business, when suddenly, the door bursts open and someone yells, “There’s a thief among us!” Everyone freezes, and you can feel the tension in the air. Now, imagine that the coffee shop is the world of cybersecurity, and the thief is a data breach. This is what happened recently when Cylance, a leading cybersecurity company, confirmed a data breach linked to a “third-party” platform. Let’s dive into the details, and more importantly, what this means for you and the future of cybersecurity.
What Happened at Cylance?
According to Cylance, the breach occurred on an unnamed third-party platform, and they acted quickly to contain the situation. The company stated that no Cylance systems or products were compromised, but the exact extent of the breach is still under investigation. They’re working closely with law enforcement agencies and third-party cybersecurity experts to determine the full extent of the damage.
To be clear, this is not a small issue. Cylance is one of the leading cybersecurity companies in the world, boasting a client base that includes Fortune 100 companies and government agencies. The fact that a breach occurred on their watch raises some serious questions about the state of security in the digital age.
An Eye-Opening Reality
This data breach serves as a stark reminder that even the experts aren’t immune to the risks of cybercrime. The reality is, cybercriminals are becoming more sophisticated and relentless in their efforts to infiltrate networks and steal sensitive data. In fact, since the beginning of the COVID-19 pandemic, there has been a 600% increase in cybercrime, according to the United Nations.
As the world becomes more interconnected through technology, the stakes are higher than ever. A single breach can have far-reaching consequences, from financial ruin to the erosion of trust in the companies and institutions we rely on daily. In other words, the coffee shop thief doesn’t just steal your wallet; they can topple the entire house of cards.
What Can You Do to Protect Yourself?
First and foremost, it’s essential to stay informed about the latest cybersecurity threats and best practices for safeguarding your digital assets. Knowledge is power, and staying one step ahead of the cybercriminals is crucial in this high-stakes game of cat and mouse.
Additionally, investing in comprehensive cybersecurity solutions for your home and business is a smart move. This includes antivirus software, firewalls, and secure password management tools. Remember, prevention is always better than cure.
Stay Informed and Stay Safe
As the Cylance data breach unfolds, we’ll keep you updated with the latest information and insights. Our mission is to help you navigate the complex, ever-changing landscape of cybersecurity, and empower you to protect your digital world.
Don’t let the coffee shop thief catch you off guard. Reach out to us, stay informed, and together, we’ll weather this storm and emerge stronger and more resilient than ever.
Protecting Your Data: Lessons from the Cylance Data Breach
Hey there, my friend! What could be more important than keeping our personal data safe in today’s world? I’m sure you’ve heard about data breaches in the news, and you might be thinking, “How can I protect my data?”. Well, you’re in the right place! Let me tell you a story about the recent Cylance data breach and what we can learn from it.
What Happened in the Cylance Data Breach?
First things first, let’s understand what happened. Cylance, a cybersecurity company, recently confirmed a data breach affecting their users. Now, you might be thinking, “A cybersecurity company was hacked? How ironic!” Yes, it is. But here’s the catch: the breach wasn’t due to their own security systems. It was linked to a third-party platform they used. This is a crucial lesson for all of us.
Why Should We Care?
Great question! We should care because data breaches can cause serious harm. Personal information can be used for identity theft, financial fraud, and more. In fact, 16.7 million Americans were victims of identity theft in 2017, with losses totaling $16.8 billion! That’s a lot of people and money, right?
What Can We Learn from the Cylance Data Breach?
Now that we know why we should care, let’s learn some lessons from the Cylance data breach. Here are three takeaways:
- Third-Party Platforms Matter: In this case, the breach wasn’t due to Cylance’s own security but a third-party platform they used. So, when choosing services, make sure they have strong security measures in place.
- Stay Informed: Keep yourself updated on the latest cybersecurity news and trends. Staying informed can help you make better decisions to protect your data.
- Use a Multi-Layered Approach: Don’t rely on a single security measure. Instead, use a combination of tools and techniques to safeguard your data. This includes strong passwords, two-factor authentication, and regular software updates.
How Can You Protect Your Data?
Now that you’ve learned some lessons, let’s talk about how you can protect your data. Here are some tips:
- Choose your service providers wisely: Make sure the companies you trust with your data have strong security measures in place.
- Never reuse passwords: Using the same password for multiple accounts makes it easier for hackers to access your data. Use a unique, strong password for each account.
- Enable two-factor authentication: This adds an extra layer of security to your accounts and makes it harder for hackers to break in.
- Keep your software updated: Regularly update your devices and software to ensure you’re protected against the latest threats.
Remember, Knowledge is Power!
As we wrap up, remember that protecting your data is an ongoing process. The more you know, the better equipped you’ll be to keep your data safe. I hope you found this information helpful, and I encourage you to continue learning about cybersecurity. So, what are you waiting for? Contact us and keep coming back to learn more about how you can protect your data!
Cybersecurity company Cylance recently confirmed the legitimacy of data being sold on a hacking forum, explaining that it is old data stolen from a “third-party platform.”
A cybercriminal known as Sp1d3r is selling this stolen data for $750,000, as first discovered by Dark Web Informer.
This data allegedly includes a substantial amount of information, such as 34,000,000 customer and employee emails and personally identifiable information belonging to Cylance customers, partners, and employees.
However, researchers have informed us that the leaked samples appear to be old marketing data used by Cylance.
BlackBerry Cylance told us that they are aware of and investigating the cybercriminal’s claims, but no “BlackBerry data and systems related to [..] customers, products, and operations have been compromised.”
“Based on our initial reviews of the data in question, no current Cylance customers are impacted, and no sensitive information is involved,” the company added.
“The data in question was accessed from a third-party platform unrelated to BlackBerry and appears to be from 2015-2018, predating BlackBerry’s acquisition of the Cylance product portfolio.”
Links to Snowflake attacks
While the company has yet to reply to a follow-up request for more details regarding the name of the third-party platform that was breached to steal what it claims to be old data, the same cybercriminal is also selling 3TB of data from automotive aftermarket parts provider Advance Auto Parts, stolen after breaching the company’s Snowflake account.
We found a link to a Snowflake web management console located at https://cylance.snowflakecomputing.com/ that appears to be linked to Cylance. However, a BlackBerry spokesperson told us that the dashboard is “old and invalid” and “BlackBerry Cylance is not a Snowflake customer.”
Recent breaches at Santander, Ticketmaster, and QuoteWizard/Lendingtree have also been linked to Snowflake attacks. Ticketmaster’s parent company, Live Nation, also confirmed that a data breach had affected the ticketing firm after its Snowflake account was compromised on May 20.
In a joint advisory with CrowdStrike and Mandiant, Snowflake said that attackers had used stolen customer credentials to target accounts without multi-factor authentication protection.
Today, Mandiant published a report linking the Snowflake attacks to a financially motivated cybercriminal group it tracks as UNC5537. The group gained access to Snowflake customer accounts using customer credentials stolen in infostealer malware infections from as far back as 2020.
Mandiant has been tracking UNC5537 since May 2024. The financially motivated cybercriminal group has targeted hundreds of organizations worldwide, extorting victims for financial gain.
While Mandiant has not shared much information about UNC5537, we have learned that they are part of a larger community of cybercriminals who frequent the same websites, Telegram, and Discord servers, where they commonly collaborate on attacks.
“The impacted accounts were not configured with multi-factor authentication enabled, meaning successful authentication only required a valid username and password,” Mandiant said.
“Credentials identified in infostealer malware output were still valid, in some cases years after they were stolen, and had not been rotated or updated. The impacted Snowflake customer instances did not have network allow lists in place to only allow access from trusted locations.”
Mandiant says it has identified hundreds of customer Snowflake credentials exposed in Vidar, RisePro, Redline, Racoon Stealer, Lumm, and Metastealer infostealer malware attacks since at least 2020.
To date, Snowflake and Mandiant have notified around 165 organizations potentially exposed to these ongoing attacks.
Update June 11, 07:13 EDT: Added BlackBerry statement saying Cylance is not a Snowflake customer.
Don’t let your organization be the next target
As an expert in cybersecurity, our mission is to help protect you and your organization from cyber threats. With the increasing sophistication of cybercriminals and the prevalence of data breaches, it’s more important than ever to stay informed and take proactive steps to protect your valuable data.
Stay ahead of the game by regularly visiting our website for the latest cybersecurity news and advice. If you have any questions or concerns, don’t hesitate to contact us. Together, we can work to make the digital world a safer place for everyone.
Malware
23andMe to Shell Out $30 Million in Astonishing Genetics Data Breach Settlement
23andMe has agreed to pay $30 million to settle a lawsuit over a 2020 data breach that exposed customers’ genetic information. Learn more about the settlement and how it will impact the biotechnology company’s future data security measures.
Imagine receiving a package in the mail containing a small tube that holds the key to uncovering your ancestry, traits, and health predispositions. You trust the company to keep your most sensitive information, your DNA, safe and secure. But what happens when that trust is broken? In 2023, 23andMe, a leading DNA testing company, faced this very issue when a massive data breach exposed the personal information of 6.4 million customers.
Fast forward to today, and 23andMe has agreed to pay a whopping $30 million to settle a lawsuit resulting from the breach. The proposed class action settlement is currently awaiting judicial approval and includes cash payments for affected customers. While the company believes the settlement is fair, they also deny any wrongdoing and maintain that they properly protected their customers’ personal information.
Addressing Security Weaknesses
In addition to the financial settlement, 23andMe has agreed to strengthen its security protocols, such as adding protections against credential-stuffing attacks and requiring mandatory two-factor authentication for all users. The company also plans to conduct annual cybersecurity audits and create a comprehensive data breach incident response plan.
Furthermore, 23andMe will no longer retain personal data for inactive or deactivated accounts and will provide an updated Information Security Program to employees during annual training sessions. While these actions may help rebuild trust, it’s important for us to recognize that data breaches can happen to anyone – even trusted companies like 23andMe.
Understanding the Data Breach
So, how did the breach occur? In October 2023, 23andMe discovered unauthorized access to customer profiles resulting from compromised accounts. Hackers exploited credentials stolen from other breaches to access 23andMe accounts. In response, the company implemented measures to block similar incidents, such as requiring customers to reset passwords and enabling two-factor authentication by default.
However, the damage was already done. Starting in October, threat actors leaked data profiles belonging to 4.1 million individuals in the United Kingdom and 1 million Ashkenazi Jews on the unofficial 23andMe subreddit and hacking forums. In total, data for 6.9 million customers, including information on 6.4 million U.S. residents, was downloaded in the breach.
Moreover, the company confirmed that attackers stole health reports and raw genotype data during a five-month credential-stuffing attack that took place from April to September. As a result, multiple class-action lawsuits were filed against 23andMe, leading to the recent settlement.
A Call to Action for Cybersecurity Awareness
As we reflect on the 23andMe data breach, it’s crucial to recognize that we all play a role in safeguarding our personal information. By staying informed about cybersecurity best practices and understanding the risks involved in sharing sensitive data, we can better protect ourselves from potential threats.
At IT Services, we’re committed to helping you stay informed and secure. Keep coming back to learn more about cybersecurity, and don’t hesitate to contact us with any questions or concerns. Together, we can build a safer digital world for all.
Malware
RansomHub Launches Daring Cyberattack on Kawasaki, Warns of Massive Data Leak
Kawasaki faces a cyberattack from RansomExx, a ransomware group that threatens to leak stolen data on the RansomHUB dark web portal. The company confirms unauthorized access to European and Japanese servers, and is taking measures to prevent further damage.
Picture this: You’re going about your day, and suddenly, your entire business comes to a screeching halt. You’ve been hit by a cyberattack, and your critical data is now in the hands of cybercriminals. This nightmare scenario recently played out for Kawasaki Motors Europe, as the RansomHub ransomware gang targeted their EU headquarters and threatened to leak stolen data.
But Kawasaki didn’t take this lying down. They immediately jumped into action, working diligently to clean their systems of any “suspicious material,” such as malware. According to their announcement, they isolated their servers and initiated a strategic recovery plan. By working with external cybersecurity experts, they began checking each server one by one before reconnecting them to the corporate network. Their efforts are paying off, with 90% of their server infrastructure expected to be restored by the start of next week.
Now, you might be thinking, “That’s great for Kawasaki, but what does this have to do with me?” The answer is simple: cyberattacks can happen to anyone, and they’re becoming more prevalent and sophisticated every day. In fact, RansomHub alone has breached 210 victims from a wide range of critical U.S. infrastructure sectors since its launch in February, according to a joint advisory between the FBI, CISA, and the Department of Health and Human Services (HHS).
Don’t become a statistic: Learn from Kawasaki’s experience
Kawasaki’s story serves as a valuable lesson for all of us. When faced with a cyberattack, it’s crucial to act quickly and decisively, partnering with cybersecurity experts to mitigate the damage and protect your valuable data. But even better than reacting to an attack is preventing one from happening in the first place.
So, what can you do to safeguard your business and personal data from cybercriminals? Here are a few key steps:
- Keep your software up to date. Regularly updating your software helps to patch any security vulnerabilities that cybercriminals could exploit.
- Invest in strong security measures. This includes firewalls, antivirus software, and secure network connections, as well as employee training on cybersecurity best practices.
- Regularly back up your data. Having a secure, up-to-date backup of your data can help you recover more quickly in the event of an attack.
- Monitor for suspicious activity. Regularly review your network logs and other activity to identify any potential threats or breaches.
Let’s work together to keep your data safe
Here at IT Services, we understand the importance of keeping your data secure and are committed to helping you protect your business from cyberattacks. Our team of cybersecurity experts is available to guide you through the process of implementing robust security measures and ensuring your business is prepared to face any potential threats.
To learn more about how we can help you safeguard your business and personal data, get in touch with us today. And remember, the best defense against cyberattacks is a proactive approach to cybersecurity. So, don’t wait for disaster to strike—take action now to keep your data safe and secure.
Malware
Fortinet Acknowledges Massive Data Breach: Hacker Boasts Theft of 440GB Files
Fortinet, a network security company, has confirmed a data breach after a hacker claimed to have stolen 440GB of files. The breach is believed to have exposed client information, including email addresses and passwords. Fortinet is investigating the incident and taking steps to mitigate the potential impact on its customers and partners.
You may have heard about the recent data breach at cybersecurity giant Fortinet, and it’s worth taking a closer look at what happened to understand the risks and implications. The company is one of the largest cybersecurity providers in the world, offering a range of products and services such as secure networking devices, network management solutions, and consulting services.
A Threat Actor Strikes
Recently, a threat actor claimed to have stolen a whopping 440GB of data from Fortinet’s Microsoft Sharepoint server. This individual, going by the name “Fortibitch,” announced the theft on a hacking forum and even shared credentials to an alleged storage bucket containing the stolen data.
We have not accessed this storage bucket to verify its contents, but it’s important to note that the threat actor claimed to have attempted to extort Fortinet into paying a ransom to prevent the data from being published. Fortinet, however, refused to pay.
Fortinet’s Response
When we reached out to Fortinet about this incident, the company confirmed that customer data had indeed been stolen from a “third-party cloud-based shared file drive.” They described the breach as involving “limited data related to a small number of Fortinet customers.”
Initially, Fortinet did not disclose the number of affected customers or the nature of the compromised data, but they did state that they had “communicated directly with customers as appropriate.” In a later update on their website, Fortinet revealed that the breach affected less than 0.3% of its customer base and had not resulted in any malicious activity targeting those customers.
It’s also worth noting that Fortinet confirmed the incident did not involve data encryption, ransomware, or access to their corporate network. We have contacted Fortinet with additional questions about the breach, but have not received a reply at this time.
Not the First Time
This isn’t the first time Fortinet has been targeted by threat actors. In May 2023, an individual claimed to have breached the GitHub repositories of Panopta, a company acquired by Fortinet in 2020, and leaked stolen data on a Russian-speaking hacking forum.
A Call to Stay Informed and Vigilant
As this incident demonstrates, even the most prominent cybersecurity companies can fall victim to data breaches. That’s why it’s crucial to stay informed about the latest threats and to take steps to protect your own data and networks. We’re here to help you navigate the ever-evolving cybersecurity landscape and to provide the expertise and support you need to safeguard your digital assets.
Don’t hesitate to reach out to us to learn more about how we can help you stay ahead of the curve in cybersecurity, and be sure to keep coming back for the latest updates and insights.
23andMe to Shell Out $30 Million in Astonishing Genetics Data Breach Settlement
RansomHub Launches Daring Cyberattack on Kawasaki, Warns of Massive Data Leak
Fortinet Acknowledges Massive Data Breach: Hacker Boasts Theft of 440GB Files
Flagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
Top Data Protection Officer Certification Courses Reviewed
Malware11 months agoFlagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
- Malware12 months ago
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
- Data Protection Regulations10 months ago
Top Data Protection Officer Certification Courses Reviewed
- Security Audits and Assessments10 months ago
Mastering Healthcare Data Security: 5 Essential Audit Tips
- Data Protection Regulations10 months ago
Top 11 Data Protection Training Programs for Compliance
- Data Protection Regulations10 months ago
Navigating Data Protection Laws for Nonprofits
- Data Protection Regulations10 months ago
9 Best Insights: CCPA’s Influence on Data Security
- Security Audits and Assessments10 months ago
HIPAA Security Risk Assessment: Essential Steps Checklist
