What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-30 11:20:35 | Leading Indian fintech platform MobiKwik denies data breach (lien direct) | Indian digital financial services platform Mobikwik denies claims that almost 8 TB of data put up for sale was allegedly stolen from its servers. [...] | Data Breach | ||
 |
2021-03-29 23:21:45 | MobiKwik Suffers Major Breach - KYC Data of 3.5 Million Users Exposed (lien direct) | Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month.
The leaked data includes sensitive personal information such as:customer names,hashed passwords,email addresses,residential addresses,GPS |
Data Breach | ||
 |
2021-03-29 11:30:14 | 300,000 User Accounts Exposed After Credit Card Hacking Forum Is Hacked (lien direct) | Carding Mafia, a forum for stealing and trading credit cards, has fallen victim to being hacked by hackers – with almost 300,000 user accounts exposed, according to data breach notification… | Data Breach | ★★ | |
|
2021-03-27 09:41:12 | FatFace sends controversial data breach email after ransomware attack (lien direct) | British clothing brand FatFace has sent a controversial 'confidential' data breach notification to customers after suffering a ransomware attack earlier this year. [...] | Ransomware Data Breach | ||
 |
2021-03-26 16:54:13 | Report: US Gov Executive Order to Mandate Data Breach Disclosure (lien direct) | A proposed executive order would set new rules on the disclosure of data breaches that also affect United States government agencies, according to a Reuters news report. | Data Breach | ||
 |
2021-03-25 13:38:55 | 30 million Americans affected by the Astoria Company data breach (lien direct) | Researchers discovered the availability in the DarK Web of 30M of records of Americans affected by the Astoria Company data breach Astoria Company LLC is a lead generation company that leverages on a network of websites to collect information on a person that may be looking for discounted car loans, different medical insurance, or even […] | Data Breach Guideline | ||
 |
2021-03-25 12:54:46 | FatFace would like everyone to keep its data breach “strictly private and confidential” (lien direct) | British fashion retailer FatFace has been hacked. Whoops! I said it. Sorry. I'm not sure they wanted anyone to talk about it, so maybe I shouldn't have mentioned it. | Data Breach | ||
|
2021-03-24 17:54:24 | Air Charter Firm Solairus Aviation Suffers Data Breach (lien direct) | Private aviation services provider Solairus Aviation on Tuesday announced that some employee and customer data was compromised in a security incident at third-party vendor Avianis. | Data Breach | ★★ | |
 |
2021-03-24 11:13:16 | California Controller\'s Office employee falls for phishing link (lien direct) | A California State Controller’s Office employee fell for a phishing link, leading to a data breach that resulted in the theft of around 9,000 records. The employee, who worked in the Unclaimed Property division clicked on a phishing link received in an email and then proceeded to enter a user ID and password. This gave […] | Data Breach Guideline | ||
 |
2021-03-23 11:36:21 | Oil giant Shell discloses data breach linked to Accellion FTA vulnerability (lien direct) | The information of stakeholders has been compromised. | Data Breach Vulnerability | ||
|
2021-03-23 11:01:27 | Michigan Bank loses Customers\' SNNs (lien direct) | The Michigan based bank Flagstar, has contacted its customers informing them of a data breach during which hackers accessed their SSNs. The bank finally admitted that the attack resulted in the loss of customers’ Social Security Numbers, home addresses, full name and phone numbers – a detail that was not publicly disclosed when the data […] | Data Breach | ||
|
2021-03-23 09:06:06 | Energy giant Shell discloses data breach caused by Accellion FTA hack (lien direct) | Oil and gas giant Royal Dutch Shell (Shell) discloses a data breach resulting from the compromise of its Accellion File Transfer Appliance (FTA) file sharing service. Energy giant Shell disclosed a data breach resulting from the compromise of an Accellion File Transfer Appliance (FTA) used by the company. Shell is an Anglo-Dutch multinational oil and […] | Data Breach Hack | ||
|
2021-03-22 10:58:16 | Energy giant Shell discloses data breach after Accellion hack (lien direct) | Energy giant Shell has disclosed a data breach after attackers compromised the company's secure file-sharing system powered by Accellion's File Transfer Appliance (FTA). [...] | Data Breach Hack | ||
 |
2021-03-18 11:01:00 | What is a security operations center (SOC)? Explaining the SOC framework (lien direct) | This article was written by an independent guest author. If you’re responsible for stopping cyber threats within your organization, your job is more challenging than ever. The exposure to threats for any organization continues to escalate, and breaches are occurring every day. Consider: The average cost of a data breach is approximately $3.92M On average, it takes 280 days to identify and contain a breach If your company doesn’t have a security operations center (SOC), it may be time to change that. In fact, a recent study indicates 86% of organizations rate the SOC as anywhere from important to essential to an organization's cybersecurity strategy. What is a SOC? The security operations center (SOC) identifies, investigates, prioritizes, and resolves issues that could affect the security of an organization’s critical infrastructure and data. A well-developed and well-run SOC performs real-time threat detection and incident response, allowing SOC analysts to rapidly deliver security intelligence to stakeholders and senior management. The SOC framework was introduced by The Open Web Application Security Project (OWASP), a nonprofit foundation established to improve software security as a means for responding to cybersecurity incidents. The framework includes technical controls (Security Information and Events Management (SIEM) systems), organizational controls (processes), and also includes a human component (detection and response). Perhaps the most crucial function for a SOC involves a detailed and ongoing attack analysis. This means gathering and reporting on attack data that provides answers to these questions: When did the attack start? Who is behind the attack? How is the attack being carried out? What resources, systems, or data are at risk of being compromised or have already been compromised? A proactive and reactive mechanism Beyond attack analysis, the SOC also provides critical cybersecurity functions that should be a cornerstone for every business today: prevention, detection and response. An effective SOC prioritizes a proactive approach rather than relying on reactive measures. The SOC typically works around the clock to monitor the network for abnormal or malicious activity, which might stop attacks before they happen. How does this work? SOC analysts are well-equipped to prevent threats because they have access to comprehensive network data and possess up-to-date intel on global threat intelligence stats and data covering the latest hacker tools, trends, and methodologies. When it comes to response, think of the SOC as a first responder, carrying out the critical actions that “stop the bleeding” from an attack. When the incident is over, the SOC will also assist or lead restoration and recovery processes. What are the goals of a well-functioning SOC? A well-functioning SOC provides a multitude of benefits, but in order to get the most out of your security operations center, you’ll need to ensure you have experienced personnel to make u | Data Breach Threat Guideline | ||
|
2021-03-17 10:53:39 | Defunct WeLeakInfo site suffered own data breach (lien direct) | A threat actor has leaked data from the now-defunct WeLeakInfo data breach site, including payment and customer information. Last Thursday, the hacker published am archive of payment processing data used by the strip of a hacking forum known as RaidForums. The WeLeakInfo site offered paid subscriptions to users for searchable access to a database, which […] | Data Breach Threat | ||
 |
2021-03-16 17:49:00 | Fastway Couriers Confirms Security Breach (lien direct) | Investigation launched after data breach puts 450k Fastway Couriers customers at risk | Data Breach | ||
 |
2021-03-16 09:00:00 | How attackers counter incident response after a data breach (lien direct) | Pas de details / No more details | Data Breach | ||
|
2021-03-15 16:20:00 | Vulnerable Australian Kids Impacted by Data Breach (lien direct) | Former caseworker accessed sensitive data of children hundreds of times after leaving their job | Data Breach | ||
|
2021-03-15 05:01:00 | What is network segmentation? NS best practices, requirements explained (lien direct) | This article was written by an independent guest author. If you follow cybersecurity current events, you may know that the cost and frequency of a data breach continue to skyrocket. Organizations are constantly under attack, and the shift to remote work is only exacerbating the problem. According to IBM’s 2020 Cost of a Data Breach Report, most respondents are concerned that identifying, containing, and paying for a data breach is more burdensome today than ever before. Seventy-one percent feel that remote work will increase the time to identify and contain a breach, while almost the same number believe remote work increases the cost of a breach. The numbers agree: remote work has added $137,000 to the average breach cost. In 2021 and beyond, reactive security measures—typically cumbersome and costly—are no longer sufficient. Instead, proactive strategies that anticipate potential risks or vulnerabilities and prevent them before they even happen are required. One such strategy, network segmentation, is critical for any organization. If you’re not deploying network segmentation, it’s time to get started. What is network segmentation? Network segmentation is a process in which your network is divided into multiple zones, with specific security protocols applied to each zone. The main goal of network segmentation is to have a better handle on managing security and compliance. Typically, traffic is segregated between network segments using VLANs (virtual local area networks), with firewalls representing an additional layer of security for application and data protection. By separating your network into smaller networks, your organization’s devices, servers, and applications are isolated from the rest of the network. Potential attackers that successfully breach your first perimeter of defense cannot get further, as they remain contained within the network segment accessed. How does network segmentation compare to micro segmentation? The concept of micro segmentation was created to reduce an organization’s network attack surface by applying granular security controls at the workload level and limiting east-west communication. While micro segmentation began as a method of moderating lateral traffic between servers within one segment, it has evolved to incorporate traffic in multiple segments. This intra-segment traffic would allow communication between both servers and applications, as long as the requesting resource meets the permissions set out for that host/application/server/user. Microsegmentation can also be used at a device level. For example, protecting IoT or connected manufacturing or medical devices—since many ship without endpoint security or are difficult to take offline in order to update endpoint security. The key differences between the two strategies can be boiled down like this: Segmentation works with the physical network, policies are broad, limits north-south traffic at the network level, and is typically hardware-based Micro segmentation works with a virtual network, policies are more granular, limits east-west traffic at the workload level, and is typically software-based. An analogy: if your network is a collection of castles, segmentation is like the huge walls surrounding the buildings, while micro segmentation is like armed guards outside each castle door. When deciding between segmentation and micro segmentation, it shouldn’t be a question of one over the other. Incorporating both models into your security strategy is best: segmentation north-south traffic and micro segmentation for east-west traffic. Best practices for segmenting network traffic However you go about segmenting your network, you’ll want to ensure the seg | Data Breach Vulnerability Guideline | ||
|
2021-03-12 20:57:04 | 10,000+ WeLeakInfo customer records leaked (lien direct) | An actor claimed to have registered one of the domains of WeLeakInfo, accessed details of 10000+ WeLeakInfo’ s customers, and leaked it. WeLeakInfo.com was a data breach notification service that was allowing its customers to verify if their credentials been compromised in data breaches. The service was claiming a database of over 12 billion records from over […] | Data Breach | ||
|
2021-03-12 17:48:00 | Settlement Reached Over Data Breach Impacting 24 Million Americans (lien direct) | Retrieval-Masters Creditors Bureau reaches multi-state settlement over AMCA data breach | Data Breach | ||
|
2021-03-12 17:15:00 | Utah Company Stored Passport Scans on Unsecured Server (lien direct) | Premier Diagnostics data breach exposes personal information of over 50k customers | Data Breach | ||
|
2021-03-12 16:30:41 | (Déjà vu) West Ham supporters have data leaked by club website (lien direct) | English Premier League football club, West Ham, has suffered an accidental data breach with personal information of supporters leaked via the clubs official website. Having first been reported by Forbes, error messages were being displayed on the West Ham’s website before showcasing the profile information of supporters to other fans who were attempting to log […] | Data Breach | ||
|
2021-03-12 14:11:47 | Fastway Couriers suffers data breach (lien direct) | An investigation has been opened into the data breach at Fastway Couriers, during which hackers stole the personal details of thousands of Irish online shoppers. The company has confirmed that the names, addresses, email accounts and phone numbers of 446,143 customers have been accessed. Fortunately, no financial information or other personal data was accessed or […] | Data Breach | ||
|
2021-03-10 09:13:45 | Cybersecurity Expert Insight: SITA Data Breach (lien direct) | Global air transport data giant SITA has confirmed a data breach involving passenger data. The company said in a brief statement on Thursday that it had been the “victim of a cyberattack,”… | Data Breach | ||
|
2021-03-09 13:37:36 | Experts On Elara Caring Discloses Data Breach (lien direct) | US healthcare provider Elara Caring has disclosed a data breach that exposed 100,000 patients’ information after an intruder gained access via a phishing attack targeting employees. US healthcare provider Elara… | Data Breach | ||
|
2021-03-08 10:21:59 | Flagstar Bank hit by data breach exposing customer, employee data (lien direct) | US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January. [...] | Ransomware Data Breach | ||
|
2021-03-05 23:13:44 | Millions of travelers of several airlines impacted by SITA data breach (lien direct) | SITA, a multinational IT company that provides services to the air transport industry was the victim of cyberattack that impacted multiple airlines. SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry. The company provides its services to around 400 members and 2,800 customers worldwide, which it claims is about 90% of the world’s airline business. Around the world, nearly […] | Data Breach | ||
|
2021-03-05 14:42:44 | Multiple Airlines Impacted by Data Breach at Aviation IT Firm SITA (lien direct) | SITA, a multinational company that specializes in air transport communications and IT, this week confirmed falling victim to a cyberattack that appears to have impacted multiple airlines around the world. | Data Breach | ||
|
2021-03-05 14:13:45 | SITA data breach affects millions of travelers from major airlines (lien direct) | Passenger data from multiple airlines around the world has been compromised after hackers breached servers belonging to SITA, a global information technology company. [...] | Data Breach | ||
|
2021-03-04 10:36:10 | Maza Russian cybercriminal forum suffers data breach (lien direct) | Forums can be areas to swap illicit tools and data, but they can also be the targets of cyberattackers in their turn. | Data Breach | ||
|
2021-03-04 01:49:19 | (Déjà vu) Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit (lien direct) | Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a data breach after zero-day vulnerabilities in its Accellion File Transfer Appliance (FTA) server were exploited to steal sensitive business documents.
As proof of access to the data, the cybercriminals behind the recent hacks targeting Accellion FTA servers have shared |
Data Breach | ||
 |
2021-03-03 21:15:16 | Malaysia Air Downplays Frequent-Flyer Program Data Breach (lien direct) | A third-party IT provider exposed valuable airline data that experts say could be a goldmine for cybercriminals. | Data Breach | ||
|
2021-03-03 14:22:31 | Experts Reaction On Malaysia Airlines 9 Years Old Data Breach (lien direct) | Malaysia Airlines reported suffering a data breach compromising information belonging to members of its frequent flyer program. It is believed that the breach occurred roughly nine years ago. The airline… | Data Breach | ||
|
2021-03-03 11:39:56 | (Déjà vu) Cybersecurity firm Qualys is the latest victim of Accellion hacks (lien direct) | Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. [...] | Data Breach Vulnerability | ||
|
2021-03-03 11:39:56 | Cybersecurity firm Qualys likely latest victim of Accellion hacks (lien direct) | Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. [...] | Data Breach Vulnerability | ||
|
2021-03-02 13:13:36 | Malaysia Airlines discloses a nine-year-long data breach (lien direct) | Malaysia Airlines has suffered a data breach spanning nine years that exposed the personal information of members in its Enrich frequent flyer program. [...] | Data Breach | ||
|
2021-03-02 11:18:03 | Oxfam Australia supporters embroiled in new data breach (lien direct) | Personal data, including partial payment information, is thought to be included. | Data Breach | ||
|
2021-03-02 10:47:45 | Oxfam Australia confirms data breach after stolen info sold online (lien direct) | Oxfam Australia has confirmed a data breach after suffering a cyberattack and their donor databases put up for sale on a hacker forum in January. [...] | Data Breach | ||
|
2021-03-01 17:35:35 | European e-ticketing platform Ticketcounter extorted in data breach (lien direct) | A Dutch e-Ticketing platform has suffered a data breach after a database was stolen from an unsecured staging server. [...] | Data Breach | ||
|
2021-03-01 11:43:07 | NSW Transport agency extorted by ransomware gang after Accellion attack (lien direct) | The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files. [...] | Ransomware Data Breach Vulnerability | ||
|
2021-02-27 13:55:31 | T-Mobile customers were hit with SIM swapping attacks (lien direct) | The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks. Crooks conduct SIM swapping attacks to take control of victims’ […] | Data Breach | ||
|
2021-02-26 15:18:57 | T-Mobile discloses data breach after SIM swapping attacks (lien direct) | American telecommunications provider T-Mobile has disclosed a data breach after an unknown number of customers were apparently affected by SIM swap attacks. [...] | Data Breach | ||
|
2021-02-26 14:41:43 | Data Breach: Turkish legal advising company exposed over 15,000 clients (lien direct) | Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. The server contained 55,000 court papers regarding over 15,000 legal cases, which affected hundreds of thousands of people. What's Going On? Our online security team has uncovered a massive data breach originating from a misconfigured […] | Data Breach | ||
|
2021-02-26 11:31:44 | Npower scraps app, and urges customers to change passwords, after data breach (lien direct) | UK energy firm Npower has scrapped its smartphone app following an attack by hackers that saw some users' accounts accessed and personal information stolen. | Data Breach | ||
|
2021-02-26 10:51:33 | Sequoia Capital Discloses Data Breach – Expert Insights (lien direct) | The VC firm Sequoia Capital disclosed an email data breach in a DOJ notice of breach sent to affected individuals. Excerpt: “On or about January 20, 2021, we learned that an unauthorized… | Data Breach | ||
|
2021-02-25 09:36:37 | (Déjà vu) VC giant Sequoia Capital discloses data breach after failed BEC attack (lien direct) | American VC firm Sequoia Capital has disclosed a data breach following what looks like a failed business email compromise (BEC) attack from January. [...] | Data Breach | ||
|
2021-02-25 09:36:37 | VC giant Sequoia discloses data breach after failed BEC attack (lien direct) | American venture capital firm Sequoia has disclosed a data breach following what looks like a failed business email compromise (BEC) attack from January. [...] | Data Breach | ||
 |
2021-02-24 14:17:41 | Kroger data breach highlights urgent need to replace legacy, end-of-life tools (lien direct) | Attackers used an outdated File Transfer Appliance from Accellion to gain access to data, the company said. | Data Breach | ||
 |
2021-02-24 13:30:31 | Dangers of Only Scanning First-Party Code (lien direct) |  When it comes to securing your applications, it???s not unusual to only consider the risks from your first-party code. But if you???re solely considering your own code, then your attack surface is likely bigger than you think.
Our recent State of Software Security report found that 97 percent of the typical Java application is made up of open source libraries. That means your attack surface is exponentially larger than just the code written in-house. Yet a study conducted by Enterprise Strategy Group (ESG) established that less than half of organizations have invested in security controls to scan for open source vulnerabilities.
If the majority of applications are made up of open source libraries, why are most organizations only scanning their first-party code? Because most organizations assume that third-party code was already scanned for vulnerabilities by the library developer. But you can???t base the safety of your applications on assumptions. Our State of Software Security: Open Source Edition report revealed that approximately 42 percent of the third-party code pulled directly by an application developer has a flaw on first scan. And even if the third-party code appears to be free of flaws, more than 47 percent of third-party code has a transitive flaw that???s pulled indirectly from another library in use.
Over the years, several organizations have learned the hard way just how dangerous it is to only scan first-party code.
In 2014, the notorious open source vulnerability ??? Heartbleed ??? occurred. Heartbleed was the result of a flaw in OpenSSL, a third-party library that implemented the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The vulnerability enabled cyberattackers to access over 4.5 million healthcare records from Community Health Systems Inc.
In 2015, there was a critical vulnerability in Glibc, a GNU C library. The open source security vulnerability nicknamed ???Ghost,??? affected all Linux servers and web frameworks such as Python, PHP, Ruby on Rails as well as API web services that use the Glibc library. The vulnerability made it possible for hackers to compromise applications with a man-in-the-middle attack.
In 2017, Equifax suffered a massive data breach from Apache Struts which compromised the data ??? including social security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent.
On the good news front: Close to 74 percent of open source flaws can be fixed with an update like a revision or patch. Even high-priority open source flaws don???t require extensive refactoring of code ??? close to 91 percent can be fixed with an update. Equifax had to pay up to $425 million to help people affected by the data breach that the court deemed ???entirely preventable.??? In fact, it was discovered that the breach could have been avoided with a simple patch to its open source library, Apache Struts.
Don???t become a victim to the monsters lurking in your third-party libraries. Download our whitepaper Accelerating Software Development with Secure Open Source So |
Data Breach Vulnerability | Equifax Equifax |
To see everything:
Our RSS (filtrered)
