Major Data Breaches and Supply Chain Attacks Dominate Cybersecurity Landscape
Major Data Breaches and Supply Chain Attacks Dominate Cybersecurity Landscape
Today's cybersecurity briefing reveals alarming trends in data breaches and supply chain vulnerabilities. The California Cryobank has reported a major data breach exposing sensitive customer information, including Social Security numbers. This breach, initially discovered in April 2024, has prompted the bank to offer one year of free credit monitoring to affected individuals. The incident raises critical concerns about the security of donor data.
In another significant development, Western Alliance Bank suffered a breach impacting nearly 22,000 customers, with sensitive financial data compromised due to flaws in third-party vendor software. The Clop ransomware group has claimed responsibility, pushing the bank to bolster its security measures.
Additionally, a supply chain attack involving GitHub Actions has compromised approximately 23,000 repositories, leaking CI/CD secrets after attackers manipulated a commit.
Also In Security Today
- Ongoing Cisco Vulnerabilities: Two critical vulnerabilities (CVE-2024-20439 & CVE-2024-20440) in Cisco's Smart Licensing Utility have been actively exploited. Users are urged to apply the necessary patches immediately to prevent unauthorized access. Read more.
- Pennsylvania State Education Association Breach: A breach affecting over 500,000 individuals has been attributed to the Rhysida ransomware gang, exposing sensitive personal information. Free credit monitoring services are being offered to those affected. Read more.
- GitHub Actions Supply Chain Attack: A vulnerability in the tj-actions/changed-files GitHub Action led to the exposure of sensitive information from 23,000 repositories. Users should rotate any compromised secrets immediately. Read more.