Computer Security News and Insights
The SEC Made It Official — Your Board Can't Plead Ignorance Anymore In July 2023, the SEC finalized rules requiring publicly traded companies to disclose material cybersecurity incidents within four business days and to describe their board's oversight of cyber risk annually. That wasn't a
A Single Email Cost This Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that Business Email Compromise — the category that includes every CEO fraud email scam — generated adjusted losses exceeding $2.9 billion in a single year. That number has held steady as one
The CEO Who Wired $47 Million to a Criminal In 2016, Austrian aerospace manufacturer FACC lost €42 million (roughly $47 million) after attackers impersonated the CEO in emails directing employees to transfer funds for a fake acquisition. The CEO was fired. The CFO was fired. The company's stock
In December 2020, cybersecurity firm FireEye disclosed that a threat actor had compromised SolarWinds' Orion software update mechanism, distributing malware to roughly 18,000 organizations — including the U.S. Treasury, the Department of Homeland Security, and Fortune 500 companies. The attackers didn't break down the front door.
The Breach That Didn't Start With You In February 2024, Change Healthcare — a subsidiary of UnitedHealth Group — suffered a ransomware attack that disrupted healthcare payment processing across the entire United States for weeks. The threat actor didn't breach UnitedHealth directly. They compromised a vendor system that
The $350 Million Acquisition That Fell Apart Over a Data Breach When Verizon moved to acquire Yahoo in 2017, the deal was nearly complete. Then Yahoo disclosed two massive data breaches affecting all three billion user accounts. Verizon knocked $350 million off the purchase price. That single failure in cybersecurity
In February 2024, a threat actor going by "USDoD" listed 2.9 billion records from National Public Data on a dark web forum — records that included Social Security numbers, full names, and addresses of nearly every American adult. The breach didn't make mainstream headlines until months
Your Stolen Password Is Already For Sale Somewhere In January 2024, a dataset called "Naz.API" surfaced on dark web forums containing over 70 million unique email addresses paired with plaintext passwords. The data had been harvested from credential-stealing malware installed on everyday people's computers. If
Your Employees' Passwords Are Probably Already for Sale In January 2024, researchers discovered a file called "Naz.API" circulating on dark web forums containing over 71 million unique email addresses paired with plaintext passwords — many harvested by credential-stealing malware. That's not a hypothetical. That'
23andMe Lost 6.9 Million Records to a Credential Stuffing Attack In October 2023, genetic testing company 23andMe confirmed that threat actors had compromised roughly 14,000 accounts using stolen credentials from other breaches. Because of the platform's social sharing features, that initial foothold gave attackers access to
