top of page
Untitled design.png

Weekly INK

Each week we compile an advisory on the latest threats, trends and newsworthy topics from the cyber security industry affecting small and medium enterprises. Join our subscribers below and help us prevent cybersecurity breaches.

watermark4.png

Issue #28 - January 16, 2023

Compromise of employee device, credentials led to CircleCI breach

Source: SC Media

CircleCI’s chief technology officer said malicious hackers infected one of their engineer’s laptops and stole elevated account privileges to breach the company’s systems and data late last year.


In an incident report published late Friday, CTO Ron Zuber said evidence of the breach, first disclosed Jan. 4, 2023, dates back to at least Dec. 16, 2022, when an unauthorized actor compromised the laptop and stole a set of privileged, two-factor authentication-backed credentials.




Hive Claims Responsibility for Attack on Nursing Home Chain

Source: Data Breach Today

Consulate Health Care Says Breach Originated at an Unnamed Third-Party Vendor. A Florida-based nursing home chain with a checkered past says an unnamed third-party vendor is responsible for a data breach incident. Ransomware-as-a-service group Hive says it directly targeted Consulate Health Care and posted online data including patient records, employee data and internal documents.




Third-party administrator hack leads to theft of patient data for over 251K

Source: SC Media

Austin, Texas-based Bay Bridge Administrators, a third-party administrator of insurance products, recently began notifying more than 251,000 patients that their data was stolen after a network hack in September 2022. The “network disruption” was first detected on Sept. 5, which prompted BAA to secure the network and engage with an outside cybersecurity firm to investigate. Forensics showed that the attacker had gained access more than a week before being discovered, which enabled them to exfiltrate “certain data” from the network on Sept. 3.




Privacy Fines: GDPR Sanctions Last Year Surged to $3 Billion

Source: infoRisk Today

Study Finds 'Highly Inflationary Impact' of European Data Protection Board Rulings. The cost of violating Europe's General Data Protection Regulation skyrocketed last year, and Big Tech companies took the brunt of the 2.9 billion euros in fines levied by regulatory agencies. The amount, equal to about $3.1 billion, is more than double the value of fines issued during 2021, finds analysis from law firm DLA Piper.




Ransomware Attack Affects 1,000 Vessels Worldwide

Source: Data Breach Today

Norway's DNV Shuts Down IT Servers, Investigates Attack. A ransomware attack shut down servers hosting software used to manage the crewing and maintenance schedules of about 1,000 vessels across the globe. Norwegian classification society DNV, maker of ShipManager software, says it took the servers offline after detecting a cyber incident on Jan. 7.



82 views

Help us Prevent Breaches.

We will never share or sell your information. Unsubscribe at any time.

Email: *

Received.

bottom of page