One Article Review
| Source |  RiskIQ |
|---|---|
| Identifiant | 8576176 |
| Date de publication | 2024-09-13 21:12:29 (vue: 2024-09-13 21:18:20) |
| Titre | Atténuer les incidents de sécurité des données Mitigating data security incidents |
| Texte | ## Snapshot [KrebsonSecurity](https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/) on August 19 reported details about a data security incident involving the National Public Data (NPD), a consumer data broker, that mistakenly published its own passwords and API keys in publicly accessible files on its website. The breach exposed sensitive information, including email addresses, phone numbers, Social Security numbers, and mailing addresses. In April, a cybercriminal known as "USDoD" claimed access to 2.9 billion records from the United States, Canada, and the United Kingdom. According to [HackRead](https://hackread.com/usdod-hacker-ssn-leak-reveals-brazilian-citizen/), USDoD is allegedly linked to the name "[EquationCorp](https://www.tecmundo.com.br/seguranca/288570-hacker-roubou-3-bilhoes-dados-eua-descoberto-brasileiro.htm?ab=true&)," who claimed to be a Brazilian citizen and announced their retirement from cybercrime. ## Description The NPD [acknowledged](https://nationalpublicdata.com/Breach.html) the data security incident on August 12, linking it to an attempted hack by a third-party malicious actor in December 2023. According to KrebsonSecurity reporting, by July 2024, over 272 million records of personal information from the data were leaked online, with USDoD blaming another cybercriminal for the leak. There are claims that NPD database had been circulating in underground forums since December 2023, according to KrebsonSecurity. [KrebsonSecurity](https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/) stated that a sister site of NPD (recordscheck\[.\]net) exposed administrator usernames and passwords in a publicly accessible archive. The leak included plaintext credentials and source code, with many users failing to change their default passwords. These credentials matched those from earlier breaches tied to NPD\'s founder, Sal Verini. While the archive has been removed, Verini stated that recordscheck\[.\]net would shut down soon. The breach has also led to the creation of websites such as npdbreach\[.\]com and npd.pentester\[.\]com to help individuals determine if their data was compromised, according to KrebsonSecurity. ## Recommendations Microsoft recommends the following steps to help protect data and mitigate potential breaches. Read more about data breaches and steps to minimize damage from a data breach [here](https://www.microsoft.com/en-us/security/business/security-101/what-is-a-data-breach "https://www.microsoft.com/en-us/security/business/security-101/what-is-a-data-breach"). Detect critical data security risks before they evolve into real incidents through reconnaissance and vulnerability scanning to identify security weaknesses that could be used in a cyberattack. - Regularly update and patch software to protect against known vulnerabilities, using [Microsoft Defender vulnerability management dashboard](https://learn.microsoft.com/en-us/defender-vulnerability-management/tvm-dashboard-insights "https://learn.microsoft.com/en-us/defender-vulnerability-management/tvm-dashboard-insights"). For example, [mitigate zero-day vulnerabilities](https://learn.microsoft.com/en-us/defender-vulnerability-management/tvm-zero-day-vulnerabilities "https://learn.microsoft.com/en-us/defender-vulnerability-management/tvm-zero-day-vulnerabilities") by looking for a zero-day tag within the dashboard. **** Read more about vulnerability management [here](https://www.microsoft.com/en-us/security/business/security-101/what-is-vulnerability-management)**.** Additionally, [integrate your Security Information and Event Management (SIEM) tools with Microsoft Defender XDR](https://learn.microsoft.com/en-us/defender-xdr/configure-siem-defender "https://learn.microsoft.com/en-us/defender-xdr/configure-siem-defender"). [SIEM](https://www.microsoft.com/en-us/security/business/security-101/what-is-siem "https://www.microsoft.com/en-us/security/business/security-101/what-is-siem") software helps |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | **© **** //www 10/security/threat 101/what 20/t 2023 2024 2024** 20is 20or 20organization 20password 20passwords&text=a 20product 20strong 24/7 272 2bc4 365 365/compliance/dlp 365/microsoft 365/responding 365/security/defender/microsoft 365/security/office 39c044cbdf10 41b5 49c6 4d32 4f5e 5000120 8a09 8c53 8cae 8e55 9928b902 9e4c928c ab=true& about access access/overview accessed accessible according account account#symptoms accountability accounts acknowledged across action actions activities activity actor adaptive add additional additionally addresses admin administrator adopt advanced against agent alert alerts all allegedly already also americans analysts analyze announced anomalous anonymizer another anti any api app application applications applied apply apps april architecture archive are article assist assumes as attacker attackers attacks attempt attempted attempts audit auditing august authentication authenticator automatically available awareness azure b918 based bec become been before behind best bigger bilhoes billion blaming blank bleeping bleepingcomputer blocks both br/seguranca/288570 brasileiro brazilian breach breaches breach brings broker browsers build business business/ c5cebb49 can canada capabilities capable center centralized centralizing change character characteristics circulating citizen citizen/ claimed claims classify clearing click clicking code com com/2024/08/national com/azure/active com/breach com/en com/microsoft com/news/security/hackers com/usdod combined comer committee common components compromise compromised computer conditional configure consisting consumer content context contributes control controls conversations copilot copyright correlating could create creation credentials credentials for credit critical curated currently cyberattack cybercrime cybercriminal cybersecurity cyberthreats d3d8e3ea dados damage dark dashboard data database data date day ddos december default defend defender defenders delivery denial deploy descoberto description design details detect detecting detection determine determined devices different directory/authentication/concept directory/authentication/how directory/conditional directory/identity directory/privileged disable disabling discover distinct distributed distribution dlp documents domains down due e05dc01ec9c8 e7c1 e8d6 earlier edge educate ee6647fe9c4e efficiency elevated eliminate email emails employ employees empower enable enabled enabling encryption engineering enhanced ensure ensures entra equationcorp escalation especially eua even event every evidence evolve example excessive excluded exploits exposed exposing external failing faq faster fe357ca048eb#:~:text=create features features#idps feeds fido fido2 files firewall firewall/overview focused follow following forums founder from function general get gov/release/comer guidance hTTPS: hack hacker hackers hackread hacks/privacy had handling harm has hello help helps here hide high himself host house htm html https://docs https://hackread https://krebsonsecurity https://learn https://nationalpublicdata https://oversight https://support https://www iam id=az identified identifies identify identifying identities identity identity/alerts identity/persistence idps impact impersonation implement importance improve incident incidents included including incoming increase individuals information information/ informed insider insiders insights insurance integrate intelligence internal internet intrusion intrusions intune invest investigate investigated investigations involving isp its july keep key keys kingdom known krebs krebsonsecurity layers leak leaked leaks learndoc learning led life like like limit limiting linked linking links location locations log logging login logs looking loss mace machine machines mailbox mailing malicious malware manage management management/microsoft management/pim management/tvm management manager managing manipulating many masking match matched may mdi mdo messages methods mfa microsoft million millions minimize mistakenly miti |
| Tags | Data Breach Malware Hack Tool Vulnerability Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.