top of page
  • hayleywade1

Cyber Weekly Digest - 2024 Week #24



👋 Welcome to the 24th edition Cyber Weekly Digest of 2024.


Whether it's Vindaloo, World in Motion, 3 Lions or (JK's local fav) We're on the ball (Ant & Dec for those pretending they don't know) it's time to whack on your tune of choice for Euro mania. Do we dare to dream? Is Jules Rimet still gleaming? Anyone seen the last 28 years of hurt? Can Southgate finally bring it home? Are we temporarily half Scottish?


Grab your meat pies and sausage rolls, who's gonna score England's first goal?


New and noteworthy this week:

 

⚽️ Drowning in cloud data? You're not alone. SentinelOne's soon-to-be-published Cloud Security Report found that cloud security professionals are drowning in data, yet lacking insights. Sound familiar?


This blog post by Rick Bosworth explains how their AI-powered CNAPP helps, giving you tools to think like an attacker and enhance your cloud security.

 

⚽️ Secure email gateways (SEGs) were once the standard for protecting organisations from email-based threats by filtering and blocking malicious emails. However, as cyber threats have become more sophisticated, SEGs struggle to keep up.


Abnormal security's latest white paper reveals the 7 key lessons they've learned in helping 70% of their customers move away from traditional SEGs to a modern AI-powered solution. 

 

⚽️ Generative AI tools are transforming how we work and create. Yet, while there are many benefits, it's important to balance enthusiasm with awareness of potential risks. 


Frederick Coulton, CultureAI’s Head of Product, explores whether generative AI tools are a productivity dream or security nightmare in this recent article featured in Betanews, Inc.


Last but not least...


⚽️ What happens after an employee clicks on a malicious link? Horizon3.ai #NodeZero answers that for you with the Phishing Impact test, which enables you to understand the real-world implications of phished credentials. Just add a few lines of JavaScript code to your phishing page, and captured creds will automatically be channeled into an active NodeZero pentest. 


Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.

 

🚨 This week we heard about attacks on #healthcare, #banking, #education and #hospitality across the pond. Those cyber criminals have been busy!! Plus what we can learn from the #Ticketmaster breach...

 

Keep reading to stay up to date on the latest cyber security news.

 


Leading U.S. commercial bank Truist confirmed its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum. Headquartered in Charlotte, North Carolina, Truist Bank was formed after SunTrust Banks and BB&T (Branch Banking and Trust Company) merged in December 2019. Now a top-10 commercial bank with total assets of $535 billion, Truist offers a wide range of services, including consumer and small business banking, commercial banking, corporate and investment banking, insurance, wealth management, and payments.

 


Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device. Ascension says this was likely an "honest mistake" as the employee thought they were downloading a legitimate file. The attack impacted the MyChart electronic health records system, phones, and systems used to order tests, procedures, and medications, prompting the healthcare giant to take some devices offline on May 8 to contain what it described at the time as a "cyber security event," This forced employees to keep track of procedures and medications on paper, as they could no longer access patient records electronically.

 

The Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any personal information was exposed. TDSB is Canada's largest school board and the fourth largest in North America, responsible for the administration and management of 473 elementary, 110 secondary, and five adult education schools. The organization operates on an annual budget of roughly $2.5 billion. An announcement published on the board's website yesterday notifies parents, guardians, and caregivers of a ransomware attack that may have exposed sensitive information.

 


U.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack. The company and its franchises own 2,160 cafes under the names Panera Bread or Saint Louis Bread Co, spread across 48 states in the U.S. and Ontario, Canada. In breach notification letters filed with the Office of California's Attorney General, Panera said it detected what it describes as a "security incident," took measures to contain the breach, hired external cybersecurity experts to investigate the incident, and notified law enforcement.



Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million Ticketmaster users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of the live event company's clientele, igniting a firestorm of concern and outrage. Let's review the facts. Live Nation has officially confirmed the breach in an 8-K filing to the SEC. According to the document released on May 20, the company "identified unauthorized activity within a third-party cloud database environment containing Company data," primarily from the Ticketmaster subsidiary. The filing claims Live Nation launched an investigation and is cooperating with law enforcement. So far, the company doesn't believe that the breach will have a material impact on its business operations.



5 views0 comments

Comments


bottom of page