Malware
Breaking the Silence: Cylance Confirms Data Breach Tied to a “Third-Party” Platform
Picture this: you’re sitting in a coffee shop, minding your own business, when suddenly, the door bursts open and someone yells, “There’s a thief among us!” Everyone freezes, and you can feel the tension in the air. Now, imagine that the coffee shop is the world of cybersecurity, and the thief is a data breach. This is what happened recently when Cylance, a leading cybersecurity company, confirmed a data breach linked to a “third-party” platform. Let’s dive into the details, and more importantly, what this means for you and the future of cybersecurity.
What Happened at Cylance?
According to Cylance, the breach occurred on an unnamed third-party platform, and they acted quickly to contain the situation. The company stated that no Cylance systems or products were compromised, but the exact extent of the breach is still under investigation. They’re working closely with law enforcement agencies and third-party cybersecurity experts to determine the full extent of the damage.
To be clear, this is not a small issue. Cylance is one of the leading cybersecurity companies in the world, boasting a client base that includes Fortune 100 companies and government agencies. The fact that a breach occurred on their watch raises some serious questions about the state of security in the digital age.
An Eye-Opening Reality
This data breach serves as a stark reminder that even the experts aren’t immune to the risks of cybercrime. The reality is, cybercriminals are becoming more sophisticated and relentless in their efforts to infiltrate networks and steal sensitive data. In fact, since the beginning of the COVID-19 pandemic, there has been a 600% increase in cybercrime, according to the United Nations.
As the world becomes more interconnected through technology, the stakes are higher than ever. A single breach can have far-reaching consequences, from financial ruin to the erosion of trust in the companies and institutions we rely on daily. In other words, the coffee shop thief doesn’t just steal your wallet; they can topple the entire house of cards.
What Can You Do to Protect Yourself?
First and foremost, it’s essential to stay informed about the latest cybersecurity threats and best practices for safeguarding your digital assets. Knowledge is power, and staying one step ahead of the cybercriminals is crucial in this high-stakes game of cat and mouse.
Additionally, investing in comprehensive cybersecurity solutions for your home and business is a smart move. This includes antivirus software, firewalls, and secure password management tools. Remember, prevention is always better than cure.
Stay Informed and Stay Safe
As the Cylance data breach unfolds, we’ll keep you updated with the latest information and insights. Our mission is to help you navigate the complex, ever-changing landscape of cybersecurity, and empower you to protect your digital world.
Don’t let the coffee shop thief catch you off guard. Reach out to us, stay informed, and together, we’ll weather this storm and emerge stronger and more resilient than ever.
Protecting Your Data: Lessons from the Cylance Data Breach
Hey there, my friend! What could be more important than keeping our personal data safe in today’s world? I’m sure you’ve heard about data breaches in the news, and you might be thinking, “How can I protect my data?”. Well, you’re in the right place! Let me tell you a story about the recent Cylance data breach and what we can learn from it.
What Happened in the Cylance Data Breach?
First things first, let’s understand what happened. Cylance, a cybersecurity company, recently confirmed a data breach affecting their users. Now, you might be thinking, “A cybersecurity company was hacked? How ironic!” Yes, it is. But here’s the catch: the breach wasn’t due to their own security systems. It was linked to a third-party platform they used. This is a crucial lesson for all of us.
Why Should We Care?
Great question! We should care because data breaches can cause serious harm. Personal information can be used for identity theft, financial fraud, and more. In fact, 16.7 million Americans were victims of identity theft in 2017, with losses totaling $16.8 billion! That’s a lot of people and money, right?
What Can We Learn from the Cylance Data Breach?
Now that we know why we should care, let’s learn some lessons from the Cylance data breach. Here are three takeaways:
- Third-Party Platforms Matter: In this case, the breach wasn’t due to Cylance’s own security but a third-party platform they used. So, when choosing services, make sure they have strong security measures in place.
- Stay Informed: Keep yourself updated on the latest cybersecurity news and trends. Staying informed can help you make better decisions to protect your data.
- Use a Multi-Layered Approach: Don’t rely on a single security measure. Instead, use a combination of tools and techniques to safeguard your data. This includes strong passwords, two-factor authentication, and regular software updates.
How Can You Protect Your Data?
Now that you’ve learned some lessons, let’s talk about how you can protect your data. Here are some tips:
- Choose your service providers wisely: Make sure the companies you trust with your data have strong security measures in place.
- Never reuse passwords: Using the same password for multiple accounts makes it easier for hackers to access your data. Use a unique, strong password for each account.
- Enable two-factor authentication: This adds an extra layer of security to your accounts and makes it harder for hackers to break in.
- Keep your software updated: Regularly update your devices and software to ensure you’re protected against the latest threats.
Remember, Knowledge is Power!
As we wrap up, remember that protecting your data is an ongoing process. The more you know, the better equipped you’ll be to keep your data safe. I hope you found this information helpful, and I encourage you to continue learning about cybersecurity. So, what are you waiting for? Contact us and keep coming back to learn more about how you can protect your data!
Cybersecurity company Cylance recently confirmed the legitimacy of data being sold on a hacking forum, explaining that it is old data stolen from a “third-party platform.”
A cybercriminal known as Sp1d3r is selling this stolen data for $750,000, as first discovered by Dark Web Informer.
This data allegedly includes a substantial amount of information, such as 34,000,000 customer and employee emails and personally identifiable information belonging to Cylance customers, partners, and employees.
However, researchers have informed us that the leaked samples appear to be old marketing data used by Cylance.
BlackBerry Cylance told us that they are aware of and investigating the cybercriminal’s claims, but no “BlackBerry data and systems related to [..] customers, products, and operations have been compromised.”
“Based on our initial reviews of the data in question, no current Cylance customers are impacted, and no sensitive information is involved,” the company added.
“The data in question was accessed from a third-party platform unrelated to BlackBerry and appears to be from 2015-2018, predating BlackBerry’s acquisition of the Cylance product portfolio.”
Links to Snowflake attacks
While the company has yet to reply to a follow-up request for more details regarding the name of the third-party platform that was breached to steal what it claims to be old data, the same cybercriminal is also selling 3TB of data from automotive aftermarket parts provider Advance Auto Parts, stolen after breaching the company’s Snowflake account.
We found a link to a Snowflake web management console located at https://cylance.snowflakecomputing.com/ that appears to be linked to Cylance. However, a BlackBerry spokesperson told us that the dashboard is “old and invalid” and “BlackBerry Cylance is not a Snowflake customer.”
Recent breaches at Santander, Ticketmaster, and QuoteWizard/Lendingtree have also been linked to Snowflake attacks. Ticketmaster’s parent company, Live Nation, also confirmed that a data breach had affected the ticketing firm after its Snowflake account was compromised on May 20.
In a joint advisory with CrowdStrike and Mandiant, Snowflake said that attackers had used stolen customer credentials to target accounts without multi-factor authentication protection.
Today, Mandiant published a report linking the Snowflake attacks to a financially motivated cybercriminal group it tracks as UNC5537. The group gained access to Snowflake customer accounts using customer credentials stolen in infostealer malware infections from as far back as 2020.
Mandiant has been tracking UNC5537 since May 2024. The financially motivated cybercriminal group has targeted hundreds of organizations worldwide, extorting victims for financial gain.
While Mandiant has not shared much information about UNC5537, we have learned that they are part of a larger community of cybercriminals who frequent the same websites, Telegram, and Discord servers, where they commonly collaborate on attacks.
“The impacted accounts were not configured with multi-factor authentication enabled, meaning successful authentication only required a valid username and password,” Mandiant said.
“Credentials identified in infostealer malware output were still valid, in some cases years after they were stolen, and had not been rotated or updated. The impacted Snowflake customer instances did not have network allow lists in place to only allow access from trusted locations.”
Mandiant says it has identified hundreds of customer Snowflake credentials exposed in Vidar, RisePro, Redline, Racoon Stealer, Lumm, and Metastealer infostealer malware attacks since at least 2020.
To date, Snowflake and Mandiant have notified around 165 organizations potentially exposed to these ongoing attacks.
Update June 11, 07:13 EDT: Added BlackBerry statement saying Cylance is not a Snowflake customer.
Don’t let your organization be the next target
As an expert in cybersecurity, our mission is to help protect you and your organization from cyber threats. With the increasing sophistication of cybercriminals and the prevalence of data breaches, it’s more important than ever to stay informed and take proactive steps to protect your valuable data.
Stay ahead of the game by regularly visiting our website for the latest cybersecurity news and advice. If you have any questions or concerns, don’t hesitate to contact us. Together, we can work to make the digital world a safer place for everyone.
Malware
Massive Cyberattack at French Hospital: Health Data of 750,000 Patients Compromised
A cyberattack on a French hospital exposed the health data of 750,000 patients. The incident highlights the growing risk of cyber threats targeting healthcare organizations, with sensitive patient information being increasingly sought by hackers. Ensure your organization’s data is protected with robust cybersecurity measures and stay informed on the latest threats.
A data breach at a French hospital has led to the exposure of 750,000 patients’ medical records. The culprit, a threat actor going by the name ‘nears’, claims to have attacked multiple healthcare facilities in France, potentially gaining access to over 1.5 million patient records.
This attacker claims to have breached MediBoard, an Electronic Patient Record (EPR) solution by Softway Medical Group. The group has confirmed that a MediBoard account was indeed compromised, but it was not due to a software vulnerability or misconfiguration. Instead, the breach occurred through stolen hospital credentials.
How did this happen?
Softway Medical Group explained that the exposed data was not directly managed by them but was hosted by the hospital. They emphasized that their software was not responsible for the breach. Instead, a privileged account within the hospital’s infrastructure was compromised.
This situation highlights the importance of ensuring that all staff members, especially those with privileged access to sensitive systems, follow strict security protocols to prevent unauthorized access.
What’s at stake?
The threat actor began selling what they claimed was access to the MediBoard platform for multiple French hospitals. This access allegedly allowed the buyer to view sensitive healthcare and billing information, patient records, and even the ability to schedule and modify appointments or medical records.
To prove their claim, the hacker put the records of 758,912 patients from an unnamed French hospital up for sale. These records contain sensitive information, including full names, dates of birth, contact information, and even health card history.
The data was offered for purchase to three users, and currently, no buyers have been declared on the sale listing. However, even if the data isn’t sold, there’s always a risk of it being leaked online for free, making it accessible to the broader cybercrime community.
The dangers of exposed data
The type of data exposed in this incident raises the risk of phishing, scamming, and social engineering for impacted individuals. As a result, it’s crucial for healthcare providers to prioritize cybersecurity and invest in proper security measures to protect their patients’ sensitive information.
For patients, it’s essential to be vigilant and aware of potential scams and phishing attempts. Be cautious with any communication that seems suspicious or requests sensitive information, and never hesitate to verify the authenticity of a message.
What can you do to protect yourself?
With cyber threats constantly evolving, it’s essential to stay informed about cybersecurity best practices. As an IT Services company, we’re dedicated to helping people like you understand the risks and take appropriate action to protect your personal information and online security.
Don’t leave your cybersecurity to chance. Keep coming back to learn more about the latest threats, best practices, and how to keep yourself and your loved ones safe online. Together, we can build a more secure digital world for everyone.
Malware
Finastra Battles Massive Data Breach: Unraveling the SFTP Hack Impact on Fintech Titan
Fintech firm Finastra is probing a potential data breach following a hacking incident involving its SFTP server. The breach, which may have exposed sensitive user data, has prompted the company to bolster its security measures and notify affected customers.
Did you know that even the largest and most successful financial software companies can fall victim to cyberattacks? Recently, Finastra, a company that serves over 8,000 institutions across 130 countries, experienced a cybersecurity incident that put their customers’ sensitive data at risk.
The Incident at Finastra
Finastra is a global financial software company that counts 45 of the world’s top 50 banks and credit unions among its clients. With over 12,000 employees and a revenue of $1.7 billion last year, it’s a major player in the finance sector. On November 7, 2024, a cyber attacker managed to access one of Finastra’s Secure File Transfer Platform (SFTP) systems using compromised credentials.
So far, the company’s investigation, supported by external cybersecurity experts, has not found evidence that the breach extended beyond the SFTP platform. But the attack has raised concerns about the security of the company’s software services, which include lending solutions, payment processing, cloud-enabled retail and banking platforms, and trading risk management tools.
How We Learned About the Breach
Brian Krebs first reported the security breach after seeing a data breach notification sent to an impacted person. The attack appears to be linked to a post on a hacking forum, where a threat actor named “abyss0” claimed to be selling 400GB of data stolen from Finastra.
When we asked Finastra about the forum post, they wouldn’t confirm or deny if the data belonged to them. However, they did acknowledge a limited-scope security breach and are currently evaluating its impact. They also stressed that the compromised SFTP platform was not used by all their customers and was not their default file exchange platform.
What’s Next for Finastra and Its Customers?
The exact impact and scope of the breach are still under investigation. It may take some time to determine who has been affected, but Finastra has assured that those who are deemed impacted will be contacted directly. As a result, public disclosures from the company are not expected.
Interestingly, the threat actor who published the data samples earlier this month has since deleted the post. It’s unclear whether the data was sold to a buyer or if “abyss0” became concerned about the sudden publicity.
A History of Cybersecurity Incidents
This isn’t the first time Finastra has experienced a cybersecurity incident. In March 2020, the company was hit by ransomware actors and forced to take parts of its IT infrastructure offline, causing service disruptions. At the time, reports highlighted Finastra’s lackluster vulnerability management strategy, as they were using older versions of Pulse Secure VPN and Citrix servers.
What Can We Learn From This?
The Finastra breach is a stark reminder that no organization is immune to cyber threats. As technology continues to evolve, so do the tactics and techniques used by cybercriminals. It’s crucial for companies, large and small, to prioritize cybersecurity and invest in the latest security measures to protect their customers’ data.
And for you, as a reader and potential customer, it’s important to stay informed about the latest cybersecurity news and best practices. That’s where we come in. We’re committed to providing you with the most up-to-date information on cybersecurity, so you can stay one step ahead of the bad guys. So why not reach out to us and keep coming back to learn more about how you can protect yourself and your business from cyber threats?
Malware
Ford Dismisses Data Breach Accusations, Asserts Customer Information Remains Secure
Ford has denied allegations of a data breach, assuring customers that their information remains secure. The automaker responded to claims made by a security researcher who discovered a vulnerability in their systems, stating that no sensitive data was accessed or exposed. Ford is working closely with the researcher to investigate and resolve the issue.
As someone who cares about cybersecurity, I can’t help but feel concerned about the recent news that Ford is investigating allegations of a data breach. A threat actor going by the name ‘EnergyWeaponUser’ claimed on a hacking forum to have leaked 44,000 customer records. They also implicated another hacker, ‘IntelBroker,’ who supposedly took part in the breach back in November 2024.
What’s in the leaked data?
The leaked information includes Ford customer records containing personal details such as full names, physical locations, purchase details, dealer information, and record timestamps. While this data might not be extremely sensitive, it still contains personally identifiable information (PII) that could be used in phishing and social engineering attacks targeting the affected individuals.
What’s interesting is that the threat actors didn’t try to sell the dataset. Instead, they offered it to registered members of the hacker forum for eight credits, equivalent to just a little over $2.
Ford’s response and investigation
We reached out to Ford to validate the claims, and a spokesperson confirmed that they are actively investigating the allegations. They stated, “Ford is aware and is actively investigating the allegations that there has been a breach of Ford data. Our investigation is active and ongoing.”
Is there credibility to these allegations?
The involvement of IntelBroker in the breach lends some credibility to the threat actor’s allegations. This hacker has a track record of confirmed breaches, including recent ones at Cisco’s DevHub portal, Nokia (through a third party), Europol’s EPE web portal, and T-Mobile (via a vendor).
The data samples leaked by the threat actors include locations from around the world, with the United States being one of them.
How to protect yourself from potential risks
In light of this potential data exposure, it’s crucial to treat unsolicited communications with caution and reject requests for revealing more information under any pretense. Keep an eye out for any suspicious emails, messages, or phone calls that might use this leaked information to manipulate or deceive you.
An important update from Ford
After our initial report, Ford provided us with an additional statement based on new findings from their ongoing investigation. They said, “Ford’s investigation has determined that there was no breach of Ford’s systems or customer data. The matter involved a third-party supplier and a small batch of publicly available dealers’ business addresses. It is our understanding that the matter has now been resolved.” – A Ford spokesperson
Stay informed and stay safe
Keeping up to date with cybersecurity news and best practices is crucial in today’s digital world. Continue to check back with us for the latest information and advice on protecting yourself and your data. Remember, knowledge is power, and staying informed is the first step in defending against potential threats.
-
Malware1 year ago
Flagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
-
Malware1 year ago
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
-
Data Protection Regulations1 year ago
Top Data Protection Officer Certification Courses Reviewed
-
Security Audits and Assessments1 year ago
Mastering Healthcare Data Security: 5 Essential Audit Tips
-
Data Protection Regulations1 year ago
Top 11 Data Protection Training Programs for Compliance
-
Data Protection Regulations1 year ago
Navigating Data Protection Laws for Nonprofits
-
Data Protection Regulations1 year ago
9 Best Insights: CCPA’s Influence on Data Security
-
Security Audits and Assessments1 year ago
HIPAA Security Risk Assessment: Essential Steps Checklist