Latest news with #CybersecurityDive
Yahoo
28-07-2025
- Business
- Yahoo
Allianz Life discloses massive data breach linked to supply-chain attack
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Allianz Life Insurance Company of North America on Friday disclosed a massive data breach affecting most of the firm's 1.4 million U.S. customers, professionals and select employees. In a statement, the Minneapolis-based insurance provider said a hacker used social engineering to breach one of its cloud vendors on July 16 and steal most of its customers' personally identifiable information. The company said it discovered the intrusion the next day. The breach was the result of a social engineering attack, according to the company's filing with the Maine Attorney General's office. Allianz said it responded immediately after discovering the hack and notified the FBI. The disclosure follows a months-long international attack spree linked to the cybercrime collective Scattered Spider, which has used voice phishing techniques to target a range of industries, including insurance providers. Last week, Philadelphia Indemnity Insurance disclosed a massive breach. And in June, Aflac and Erie Insurance disclosed that they had fallen victim to cyberattacks. Allianz Life, a subsidiary of the German firm Allianz SE, said it had no evidence that the hacker had accessed the company's own computer networks, including its policy administration system. The company's filing with the Maine AG's office includes a placeholder copy of its breach notice, with the company promising to share a full copy of the letter once it identifies all of the affected customers
Yahoo
28-07-2025
- Business
- Yahoo
Allianz Life discloses massive data breach linked to supply-chain attack
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Allianz Life Insurance Company of North America on Friday disclosed a massive data breach affecting most of the firm's 1.4 million U.S. customers, professionals and select employees. In a statement, the Minneapolis-based insurance provider said a hacker used social engineering to breach one of its cloud vendors on July 16 and steal most of its customers' personally identifiable information. The company said it discovered the intrusion the next day. The breach was the result of a social engineering attack, according to the company's filing with the Maine Attorney General's office. Allianz said it responded immediately after discovering the hack and notified the FBI. The disclosure follows a months-long international attack spree linked to the cybercrime collective Scattered Spider, which has used voice phishing techniques to target a range of industries, including insurance providers. Last week, Philadelphia Indemnity Insurance disclosed a massive breach. And in June, Aflac and Erie Insurance disclosed that they had fallen victim to cyberattacks. Allianz Life, a subsidiary of the German firm Allianz SE, said it had no evidence that the hacker had accessed the company's own computer networks, including its policy administration system. The company's filing with the Maine AG's office includes a placeholder copy of its breach notice, with the company promising to share a full copy of the letter once it identifies all of the affected customers Sign in to access your portfolio
Yahoo
21-07-2025
- Yahoo
Microsoft, CISA warn of cyberattacks targeting on-premises SharePoint servers
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Microsoft on Saturday warned that hackers are exploiting a critical vulnerability in SharePoint, dubbed ToolShell, to launch attacks against on-premises customers. The vulnerability, tracked as CVE-2025-53770, involves deserialization of untrusted data and is a variant of CVE-2025-49706. The Cybersecurity and Infrastructure Security Agency (CISA) on Sunday said the vulnerability can allow a malicious adversary to gain full access to SharePoint content, including file systems and internal configurations. 'CISA was made aware of the exploitation by a trusted partner and we reached out to Microsoft immediately to take action,' Chris Butera, acting executive assistant director for cybersecurity said in a statement. 'Microsoft is responding quickly, and we are working with the company to help notify potentially impacted entities about recommended mitigations.' The agency urged all organizations with on-premise Microsoft SharePoint servers to rapidly implement mitigations. Microsoft on Sunday released security updates for CVE-2025-53770 and a related flaw, CVE-2025-53771, and urged customers to immediately apply the patches. Hackers have already breached dozens of vulnerable systems in at least two attack waves, according to researchers at Eye Security, which first disclosed the flaw on Saturday and said they had scanned more than 8,000 SharePoint servers worldwide. Researchers from watchTowr said exploitation may have begun as early as July 16. The attacks have compromised at least two federal agencies in the U.S., as well as multiple European government agencies and a U.S. energy company, The Washington Post reported. The Multi-State Information Sharing and Analysis Center has already notified more than 150 actively targeted state and local government agencies, a spokesperson told Cybersecurity Dive. It said it had detected more than 1,100 vulnerable servers, including some belonging to K-12 school districts and universities. Google's Threat Intelligence Group has observed hackers installing Web shells and stealing cryptographic secrets from targeted servers, an executive said on LinkedIn. Shadowserver on Sunday said it was tracking 9,300 exposed IPs and was working with watchTowr and Eye Security to notify affected customers. Earlier this month, researchers at Code White GmbH demonstrated ToolShell using a combination of CVE-2025-49706 and CVE-2025-49704. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
08-07-2025
- Business
- Yahoo
Ingram Micro investigating ransomware attack
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Ingram Micro said Saturday that it is investigating a ransomware attack after discovering suspicious activity on its internal network. The Irvine, Calif.-based technology firm said it proactively took certain systems offline, notified law enforcement and retained outside forensic experts to help with the investigation. The company said it is working diligently to restore normal operations following the attack, which has affected its ability to process and ship orders. The SafePay ransomware group has reportedly claimed credit for the attack. Researchers have seen an uptick in activity from SafePay since May, according to Jamie Levy, director of adversary tactics at Huntress. The hacker group, first discovered in October 2024, has breached targeted companies using internet-exposed Remote Desktop Protocol as well as targeted virtual private networks. SafePay has been among the most active of all ransomware gangs, with 18% of attacks being linked to the group, according to Matt Hull, global head of threat intelligence at NCC. The group has been active since at least November 2024 and is believed to be a rebrand of other top ransomware gangs, possibly including LockBit, AlphV or INC. NCC recently responded to an attack linked to SafePay that involved the hackers gaining initial access through a misconfigured firewall and bypassing multifactor authentication, according to a March report. The hackers also used ScreenConnect to gain persistence inside of a network, according to NCC. Ingram Micro has not disclosed any details about how the attackers gained access to its systems. The company also has not estimated the hack's financial impact. It reported net sales of $12.3 billion on non-GAAP earnings of $144 million, or 61 cents a share, during the fiscal first quarter. The company's latest forecast calls for net sales of $11.7 billion to $12.2 billion in the fiscal second quarter, on earnings between 53 cents to 63 cents a share.
Yahoo
26-06-2025
- Yahoo
Microsoft to make Windows more resilient following 2024 IT outage
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Microsoft plans to roll out key platform upgrades in July in an effort to build greater operational resilience into the Windows platform, following the 2024 global IT outage linked to a faulty software update from CrowdStrike. The changes — including quick machine recovery and other features letting Microsoft 365 users continue accessing the cloud in a protected environment — are part of a Windows overhaul that Microsoft announced in November to build a more secure environment that would prevent software updates from causing widespread operational disruptions for enterprise customers. In September, the company met with major security firms to discuss how such an overhaul would work. 'We recognize our shared responsibility to enhance resiliency by openly sharing information about how our products function, handle updates and manage disruptions,' David Weston, corporate vice president of enterprise and OS security at Microsoft, said in a blog post released Thursday. Microsoft's partners welcomed the changes and said they would create a more secure environment for customers. 'The Microsoft Windows endpoint security program encourages a collaborative, transparent environment that will strengthen cyber resilience for all customers,' Jim Treinen, senior vice president of engineering at Trellix, told Cybersecurity Dive via email. The July 2024 outage caused approximately 8.5 million Windows systems to malfunction, resulting in major disruptions across a wide variety of critical infrastructure providers. Emergency services providers, major hospitals, airlines and banks all reported significant problems. After an internal investigation, CrowdStrike said the problem resulted from a botched software update on its Falcon platform. The disruptions caused billions of dollars in losses for companies that faced lost productivity and other challenges.
