NDM Technologies Cyber News

Millions of Social Security Numbers Exposed by Hackers?

A recent data breach has exposed sensitive information, including Social Security numbers, potentially fueling a surge in identity theft, fraud, and other crimes. The hacking group USDoD has reportedly posted the compromised data for sale on a dark web forum, with a staggering price tag of $3.5 million.

In early August, another member of USDoD offered what they claimed to be the "full National Public Data (NPD) database." This vast trove allegedly contains around 2.7 billion records, each detailing a person’s full name, address, date of birth, Social Security number, and even alternate names and birth dates. The data is said to originate from National Public Data, a company that specializes in collecting and selling access to personal information for use in background checks, obtaining criminal records, and assisting private investigators.

Despite the seriousness of the situation, NPD has yet to formally notify affected individuals. The company has only responded to inquiries by stating that they are "aware of certain third-party claims about consumer data and are investigating these issues." Some victims have confirmed that the data being sold includes legitimate information, while others have pointed out inaccuracies and outdated records.

Although 2.7 billion records have been leaked, this does not necessarily equate to 2.7 billion unique individuals affected, as some records are duplicates. However, for those living in the United States, there is a high likelihood that some of their personal information may have been compromised in this breach.

Experts advise anyone who suspects their Social Security number or other vital identifying information has been leaked to place a freeze on their credit files with the three major credit bureaus: Experian, Equifax, and TransUnion. While this step will prevent new accounts from being opened in your name, it will not protect existing accounts. Strengthening the security of online access to current accounts with strong, frequently updated passwords is also crucial to safeguarding your information.

Average Cost of a Data Breach Soars in 2024

The average cost of a data breach has reached an all-time high at $4.88 million, revealing a troubling reality for businesses worldwide. The 2024 IBM Cost of a Data Breach Report concludes that this cost is up 10% from the previous year, showing the largest yearly increase since the pandemic. This surge is a stark reminder of the growing threats organizations face as they navigate the complexities of modern cybersecurity.

The increase in cost is highlighted by the impact that breaches had on organizations this year, with 70% of breached organizations experiencing significant or very significant disruptions. This impact was not just immediate but extended over time, driven by aftereffects like lost business and the extensive costs associated with post-breach customer and third-party responses, showing that the collateral damage from data breaches has intensified.

As a result, recovering from a data breach has become an increasingly daunting task for organizations, with full recovery taking more than 100 days for organizations that did manage to fully recover. This prolonged recovery time underscores the long-lasting impact that a breach can have on a business, affecting operations, reputation, and financial stability.

Security staffing issues have also contributed to the rising costs of data breaches. Organizations facing these challenges—26% more than last year—reported higher breach costs. However, organizations may have learned their lesson from the rising cost of data breaches this year, with 63% planning to increase their security budgets. Investments are expected to focus on incident response planning, threat detection, identity and access management, and data security protection tools.

Data breaches involving multiple environments, such as public and private clouds, were particularly challenging, taking an average of 283 days to identify and contain. Moreover, the potential security risks associated with the rapid implementation of generative AI have raised concerns, with 51% of business leaders wary of the unpredictable vulnerabilities this technology may introduce.

Industries like healthcare, financial services, industrial, technology, and energy continue to face the highest breach costs, with healthcare leading the pack. This report serves as a critical wake-up call for businesses to bolster their cybersecurity defenses in an increasingly perilous digital world.

18-Year-Old Vulnerability Discovered in all Major Web Browsers

Researchers at Oligo Security have uncovered a critical vulnerability that affects all major web browsers. Dubbed “0.0.0.0 Day,” this 18-year-old flaw can potentially allow malicious websites to bypass browser security and interact with services running on an organization’s local network. This vulnerability could potentially lead to unauthorized access and remote code execution by attackers outside the network.

The vulnerability exploits the IP address 0.0.0.0, often used as a placeholder or default address, to access local services. These services can include those used for development, operating systems, and internal networks. The impact is significant, as threat actors could gain unauthorized access, compromise data, and execute remote code.

Despite the spotlight on this issue, the vulnerability remains unpatched. However, following responsible disclosure, browser vendors have acknowledged the security flaw and are actively working on browser-level mitigations. The vulnerability stems from inconsistent security implementations across different browsers, highlighting the urgent need for industry-wide standardization.

Attackers can use this flaw to port scan users, potentially identifying open ports and vulnerable services. The discovery of the 0.0.0.0 Day vulnerability underscores the importance of implementing Private Network Access (PNA) standards to ensure stronger security across the browser ecosystem.

Upcoming Conferences & CPE Opportunities

The Official Cybersecurity Summit

This Inaugural Cybersecurity Summit will connect you with C-Suite and Senior Executives responsible for protecting their companies' critical infrastructure. Learn innovative solution providers and access interactive panels and discussions.

September 19 New York, New York

SANS Network Security Las Vegas

Experience interactive training, hands-on labs, and tutorials taught by real-world experts at the Cybersecurity Training at SANS Network Security. Whether you join in person or online, this event is sure to provide innovative network security training.

September 4-9 Las Vegas, NV & Virtual

InfoSec World

Together, the InfoSec World community will share?real-world solutions?and?professional expertise?to reinvent the practice of security in 2024, and chart new paths forward for the industry and the profession.

September 23-25 Orlando, FL