Posted in Commentary with tags Hacked on January 14, 2025 by itnerd
Blood-donation not-for-profit OneBlood last week confirmed that a ransomware attack last summer has resulted in donors’ personal information being stolen, including names and SSNs.
On or around July 28, 2024, OneBlood became aware of suspicious activity within its network.We began an investigation to determine the full nature and scope of the event. Our investigation determined thatbetween July 14 to July 29, 2024, certain files and folders were copied from our network without authorization. Weconducted a comprehensive review of the affected files to identify the types of information contained in them and towhom the information relates. On or about December 12, 2024, we completed our review and determined that theaffected files contained your information.
What Information Was Involved? The investigation determined that your name and Social Security number was included in the relevant files and folders.
Erich Kron, Security Awareness Advocate at KnowBe4 had this to say:
“Ransomware attacks are pretty much synonymous with data breaches, and this was certainly no exception. Modern ransomware groups put a lot of effort towards stealing data because they know that it can often be used as leverage to force organizations to pay ransoms in exchange for not leaking the data, so when we hear about a ransomware attack taking down systems, we can safely assume most of the time that personal data was stolen as well.”
“The attack on OneBlood is especially frustrating because the organization does have a great mission and does good things to provide blood to those in desperate need. The attack last year impacted a number of clinics and increased the likelihood of human errors when computerized systems were taken offline. For the volunteers that already gave their time and blood to help the cause, the news that their personal information was lost to bad actors is certainly unwelcome.”
“Unfortunately, OneBlood took a long time to determine what data was lost and to inform victims of the breach. When information like this is leaked, it is extremely beneficial for potential victims to be able to take steps to protect their identity from theft and to protect themselves from potential social engineering attacks, and delays such as this can put them at even higher risk of negative consequences.”
“Organizations that collect or store personal and medical information need to ensure the highest standards of protection are met, and that potential victims of data theft are notified quickly and given information they can use to protect themselves from the misuse of their private data. Delays in notification leave victims vulnerable to additional attacks and identity theft.”
Rebecca Moody, Head of Data Research at Comparitech adds the following:
“According to our data, OneBlood is one of 128 US healthcare providers confirmed to have been hit by a ransomware attack in 2024. These attacks affected nearly 21.8 million records in total and saw an average ransom of just over $1 million.”
“We don’t yet know how many people have been involved in this breach but at least 608 residents in Massachusetts have received notifications. Those impacted should take up OneBlood’s offer of 12 months free credit monitoring and identity theft protection services while also being on high alert for any phishing messages and monitoring accounts for unauthorized activity.”
Besides being yet another health care related hack, this really took way too long to be brought to the attention of victims. That’s not cool and OneBlood really needs to do better.
Posted in Commentary with tags KnowBe4 on January 14, 2025 by itnerd
KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today released a new white paper that provides data-driven evidence on the effectiveness of security awareness training (SAT) in reducing data breaches.
Over 17,500 data breaches from the Privacy Rights Clearinghouse database were analyzed along with KnowBe4’s extensive customer data to quantify the impact of SAT on organizational cybersecurity. This research provides an in-depth perspective on the effectiveness of security awareness training in preventing data breaches.
Key findings from the research include:
Organizations with effective SAT programs are 8.3 times less likely to appear on public data breach lists annually compared to general statistics.
97.6% of KnowBe4’s current U.S. customers have not suffered a public data breach since 2005.
Customers who experienced breaches were 65% less likely to suffer subsequent breaches after becoming KnowBe4 customers.
73% of breaches involving current KnowBe4 customers occurred before they implemented the company’s SAT program.
KnowBe4 advises organizations to implement SAT programs with at least quarterly training sessions and simulated phishing tests, noting that more frequent engagement can lead to even greater risk mitigation. The study addresses a critical question in cybersecurity: Does security awareness training measurably reduce an organization’s risk of real-world cyberattacks? The analysis demonstrates that organizations practicing regular and effective SAT see significant decreases in human risk factors and fewer real-world compromises.
This research provides valuable insights into the substantial role that security awareness training plays in preventing data breaches, particularly given that social engineering and phishing account for 70% to 90% of data breaches. KnowBe4 defines an effective SAT program as one that includes at least monthly training and simulated phishing campaigns.
The full white paper, “Effective Security Awareness Training Really Does Reduce Breaches,” is available for download here.
Leaseweb Global, a leading cloud services and Infrastructure as a Service (IaaS) provider, today announced thelaunch of a new highly efficient Virtual Private Server (VPS) solution. Designed for businesses that need a combination of exceptional price-performance, fast local storage and easy deployment,
Leaseweb VPS packages start at just €3.99/month to deliver affordable solutions that don’t compromise on quality.Leaseweb’s new VPS solution provides customers with the flexibility to expand their infrastructure as their business needs grow. Delivered via a low-touch, self-service portal, it requires limited technical expertise for setup or management, enabling users to configure their server, monitor resources and manage snapshots with ease. This makes it ideal for businesses seeking a straightforward, scalable and efficient hosting service, as well as those looking for an entry-level solution to Leaseweb Public Cloud.
With lightning-fast 10Gbps uplink speed, and powered by high performance processors and local NVMe storage, the Leaseweb VPS solution provides ample compute, RAM and generous traffic across all packages. In addition, built-in security and reliability features, including firewalls, DDoS protection and ISO-certified data centers, offer peace of mind and comprehensive protection for all customers. For those customers wanting to include backup, this is available as an add-on service.
Posted in Commentary with tags Foxit on January 14, 2025 by itnerd
Foxit, a leading provider of innovative PDF and eSignature products and services, helping knowledge workers to increase their productivity and do more with documents, today announced the launch of Foxit AI, a standalone web-based AI platform that delivers cutting-edge document-centric AI capabilities to users across industries. Available at ai.foxit.com, this innovative platform redefines how individuals and organizations manage and interact with their documents, offering unparalleled flexibility, accessibility, security, and efficiency.
The newly released Foxit AI is a powerful standalone web-based AI platform designed to revolutionize how individuals and organizations manage and interact with their documents. It offers a comprehensive suite of features, including AI-powered chat assistance, document and image analysis, advanced summarization, multilingual translation, text enhancement, and the ability to analyze multiple documents simultaneously. By combining intuitive design, cross-device accessibility, and seamless integration with Foxit’s broader ecosystem, Foxit AI empowers users across industries to streamline workflows, gain actionable insights, and maximize productivity. Whether simplifying complex legal documents, generating concise summaries, or translating content for global audiences, Foxit AI provides an efficient, secure, and user-friendly solution tailored to modern document management challenges.
Foxit AI Features and Benefits:
● AI-Powered Chat Assistance – Provides instant, conversational support for document-related queries (e.g., quickly locate specific clauses in legal contracts or clarify essay structures).
● Image-to-Text and Analysis – Upload images (JPEG, PNG, etc.) to extract text, insights, or contextual information from the image (e.g., upload PNG, JPEG, etc. and use “Extract Text” command – for instance, upload a receipt screenshot, and then easily retrieve dollar amounts or other key details.).
● Text Enhancement Tools – Rewrite text with adjustable tone (e.g., professional, casual) and length (e.g., short, medium, long) (e.g., adapt content for different audiences, polish communications, or refine emails for clarity and tone).
● Unparalleled Security – Ensures user privacy and data protection through robust security measures and compliance with industry standards (e.g., process sensitive documents with confidence, knowing they are safeguarded against unauthorized access).
● Document Analysis – Upload documents for in-depth analysis to extract key insights and summarize content (e.g., analyze financial reports to identify critical data points without reading the entire document).
● Advanced Summarization – Generate concise summaries of large documents or specific sections for easy review (e.g., summarize meeting notes to identify actionable insights).
● Spelling and Grammar Checks – Ensure polished and error-free writing in seconds (e.g., proofread proposals and reports to improve quality).
● Text Clarification – Simplify complex or technical language for better understanding (e.g., break down dense legal or technical terms for students or professionals),
● Multilingual Translation – Translate text into multiple languages to bridge communication gaps (i.e., convert marketing materials for international audiences).
● Multi-Document Analysis – Review and compare multiple documents simultaneously to save time (e.g., compare contracts or analyze multiple reports in one session).
● Cross-Device Accessibility – As it is web-based, accessible on desktop, mobile, and tablet browsers without needing a PDF Editor license (e.g., Work efficiently across devices with cloud-based functionality).
● User-Friendly Design – Intuitive interface with product tours and real-time support (e.g., easily navigate features with minimal learning curve).
● Enterprise Scalability – Includes admin-controlled licenses and compliance tools for organizational use (e.g., manage access and ensure security across a team or enterprise).
The increasing sophistication of cyberattacks and the expanding attack surface due to cloud adoption, remote work, and complex supply chains have made robust cybersecurity risk assessment more critical than ever.
Unfortunately, with the threat of cyberattacks growing, most organizations haven’t raised their security standards accordingly. Cybernews Business Digital Index shows that 84% of analyzed Fortune 500 companies scored a D or worse for their cybersecurity efforts.
The Cybernews research team analyzed 466 companies on the Fortune 500 list. Thirty-four companies could not be analyzed to evaluate an organization’s cybersecurity posture. The report evaluates risk across seven key areas: software patching, web application security, email security, system reputation, SSL Configuration, system hosting, and data breach history.
Below is detailed data collected from multiple sources, including IOT search engines, IP and Domain name reputation databases, and custom scanners, that show Fortune 500 companies’ digital security posture.
Technology and IT companies are some of the most vulnerable
Although the biggest U.S. companies by revenue are responsible for sensitive customer data, the results show they have major shortcomings in corporate customer data security.
According to the index, which grades businesses based on their online security measures, 84% of Fortune 500 companies scored D or worse, with 43% falling into the F category. Only 6% of analyzed organizations earned an A rating for security measures.
Research shows that 75% of analyzed Technology and IT category companies scored a D or worse in their cybersecurity efforts. Overall, this sector received an average security score of 71.
With 57 companies on the list, the Technology and IT category is the fourth biggest Fortune 500 category. 35% of the scored companies received a D rating, and 40% received an F rating. Just 7% of companies received C and 17.5% of companies A ratings.
Only 1% of finance and insurance companies scored an A
The biggest Fortune 500 category is Finance and Insurance, with 102 companies on the list. 63% of the scored companies received a D rating, and almost 24% received an F rating. Overall, this sector received an average security score of 71.
Finance and Insurance category companies are the most vulnerable. Only 1% of them gained an A-level security score.
The second-biggest category, with 88 companies, is Manufacturing. This category’s average security score is 65. According to The Business Digital Index, 81% of companies analyzed received a security rating of D or worse, with 53% falling into the F category. Only 3% of companies earned an A rating for their security measures.
61% of analyzed Energy and Natural Resources category companies worldwide scored F, and 24% got a barely passing grade of D. Only 7% of these organizations were worthy of an A rating for their security measures.
The healthcare industry is also particularly vulnerable, with 55% of the scored companies receiving a D rating and 31% an F rating. Only 10% of the companies analyzed in the Healthcare and Pharmaceuticals category achieved an A grade. Overall, the healthcare sector received an average security score of 70.
Also, 50% of the scored Retail and Wholesale category companies received a D rating and 40% an F rating. In contrast, Construction and Engineering category companies fared better, with 73% earning a D and F grade for their security.
33% of Transportation and Logistics category companies received D and F scores equally. Most (43%) of Consulting and Business services category companies were rated D, and 57% got an F. Meanwhile, Real estate and Development category companies received 30% for D and 60% for F ratings.
Among all industries, the Transportation and Logistics category has the highest share of A-level companies (20%).
Researchers found nearly 671 critical or high-risk vulnerabilities
The Business Digital Index shows that the most common security issue is related to Secure Sockets Layer (SSL) configurations, with over 490 issues found in 466 analyzed companies
Furthermore, researchers found nearly 671 critical or high-risk vulnerabilities that hackers can exploit to enter networks and steal information.
Researchers also found that analyzed Fortune 500 list companies have 254 email security issues and 480 total data breach incidents.
Research Methodology
You can review the report’s Methodology here. It provides detailed information on how researchers conducted this analysis.
Posted in Commentary with tags BforeAI on January 14, 2025 by itnerd
BforeAI, the world’s fastest and most accurate predictive attack intelligence and digital risk protection solution, announced today the company has closed an oversubscribed $10 million Series B round of funding led by Titanium Ventures. This investment round brings the company’s total funding to over $30 million and will accelerate market expansion in the utilities, pharmaceutical and healthcare sectors as the company continues to enhance its PreCrime™ platform, expand sales resources, and strengthen partnerships.
BforeAI’s mission is to proactively safeguard data, IT/OT networks, digital assets, customers, employees, and brand reputation. Enabling organizations to effectively preempt risks in advance of an attack, the PreCrime platform is powered by behavioral predictive intelligence, monitors 98% of the Internet to stay ahead of cyber threats by 18 days on average, and has a false positive rate of a mere 0.05%.
Over the past year, BforeAI grew substantially and achieved key milestones, including launching the PreCrime Guarantee and its breach protection pledge in partnership with the leading global cyber insurance provider. The PreCrime Guarantee reimburses customers up to ten times the value of their service contract if impacted by a cyberattack due to a failure by BforeAI’s predictive solution. Most recently, BforeAI was recognized by Gartner in its new report, “Cool Vendors for Artificial Intelligence in Banking and Investment Services.” The report serves as a guide to help chief information security officers (CISO), chief information officers (CIO), and chief data officers (CDO) in financial services and cyber fraud fusion centers identify solution partners for quick detection of risks and preemptive action before a fraud attempt even happens.
Existing investors SYN Ventures, Karista, and Addendum Capital, recognizing the company’s strong growth trajectory, participated in this round to maintain their ownership stakes.
Stamina Law in New York City, by Jade Ruscev, provided legal counsel to the company for the financing round.
OneBlood confirms personal data stolen in July ransomware attack
Posted in Commentary with tags Hacked on January 14, 2025 by itnerdBlood-donation not-for-profit OneBlood last week confirmed that a ransomware attack last summer has resulted in donors’ personal information being stolen, including names and SSNs.
On or around July 28, 2024, OneBlood became aware of suspicious activity within its network. We began an investigation to determine the full nature and scope of the event. Our investigation determined that between July 14 to July 29, 2024, certain files and folders were copied from our network without authorization. We conducted a comprehensive review of the affected files to identify the types of information contained in them and to whom the information relates. On or about December 12, 2024, we completed our review and determined that the affected files contained your information.
What Information Was Involved? The investigation determined that your name and Social Security number was included in the relevant files and folders.
Erich Kron, Security Awareness Advocate at KnowBe4 had this to say:
“Ransomware attacks are pretty much synonymous with data breaches, and this was certainly no exception. Modern ransomware groups put a lot of effort towards stealing data because they know that it can often be used as leverage to force organizations to pay ransoms in exchange for not leaking the data, so when we hear about a ransomware attack taking down systems, we can safely assume most of the time that personal data was stolen as well.”
“The attack on OneBlood is especially frustrating because the organization does have a great mission and does good things to provide blood to those in desperate need. The attack last year impacted a number of clinics and increased the likelihood of human errors when computerized systems were taken offline. For the volunteers that already gave their time and blood to help the cause, the news that their personal information was lost to bad actors is certainly unwelcome.”
“Unfortunately, OneBlood took a long time to determine what data was lost and to inform victims of the breach. When information like this is leaked, it is extremely beneficial for potential victims to be able to take steps to protect their identity from theft and to protect themselves from potential social engineering attacks, and delays such as this can put them at even higher risk of negative consequences.”
“Organizations that collect or store personal and medical information need to ensure the highest standards of protection are met, and that potential victims of data theft are notified quickly and given information they can use to protect themselves from the misuse of their private data. Delays in notification leave victims vulnerable to additional attacks and identity theft.”
Rebecca Moody, Head of Data Research at Comparitech adds the following:
“According to our data, OneBlood is one of 128 US healthcare providers confirmed to have been hit by a ransomware attack in 2024. These attacks affected nearly 21.8 million records in total and saw an average ransom of just over $1 million.”
“We don’t yet know how many people have been involved in this breach but at least 608 residents in Massachusetts have received notifications. Those impacted should take up OneBlood’s offer of 12 months free credit monitoring and identity theft protection services while also being on high alert for any phishing messages and monitoring accounts for unauthorized activity.”
Besides being yet another health care related hack, this really took way too long to be brought to the attention of victims. That’s not cool and OneBlood really needs to do better.
Leave a comment »