What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-10-07 11:12:54 | Customer records stolen in Chowbus data breach (lien direct) | Chowbus, the Asian food delivery service owned by Fantuan Group Inc., has experienced a data breach which has resulted in thousands of customers records being stolen. It is unknown how the breach happened, but Chowbus has stated that customers data has been stolen, including names, phone numbers, physical addresses and email addresses. Chowbus have claimed […] | Data Breach | ||
 |
2020-10-07 10:54:33 | Experts On Gardai Investigate Major Data Breach At Limerick Hospital (lien direct) | University Hospital Limerick has launched an investigation into a major data breach in which a rogue non-HSE employee leaked personal details belonging to more than 600 patients, including 95 children, to the internet, the Limerick Leader reported exclusively this morning. This data belonging to 630 patients, including 95 children, was taken from an automated system that is … The ISBuzz Post: This Post Experts On Gardai Investigate Major Data Breach At Limerick Hospital | Data Breach Guideline | ||
 |
2020-10-05 08:24:19 | Combien vous coûterait une fuite de données ? (lien direct) | Les brèches de données sont plus fréquentes qu'on ne le croit. Et leur coût peut s'avérer très élevé si l'incident a exposé des données personnelles ou s'il est le résultat d'une cyber attaque. Le coût moyen d'une brèche de données a diminué de 1,5 % d'une année sur l'autre, coûtant aux entreprises 3,86 millions de dollars US par incident, selon le rapport 2020 Cost of a Data Breach Report d'IBM. L'étude annuelle a analysé les données de 524 entreprises qui, bien qu'étant basées dans 17 pays et régions et opérant (...) - Points de Vue | Data Breach | ||
|
2020-10-03 16:40:12 | Blackbaud – Data Breach Expert Comment (lien direct) | Blackbaud recently confirmed that bank details and passwords may have been stolen in a charity hack. Blackbaud suffered a data breach back in May, but the attack has resurfaced with new information coming out. The software developer originally paid the ransomware and confirmed bank details were not leaked. While the question around whether to pay … The ISBuzz Post: This Post Blackbaud – Data Breach Expert Comment | Ransomware Data Breach | ||
 |
2020-10-01 14:10:28 | 96% of Organizations Use Open Source Libraries but Less Than 50% Manage Their Library Security Flaws (lien direct) |  Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their codebase. But ??? shockingly ??? less than half of these organizations have invested in specific security controls to scan for open source vulnerabilities.
Why is it important to scan open source libraries?
For our State of Software Security: Open Source Edition report, we analyzed the security of open source libraries in 85,000 applications and found that 71 percent have a flaw. The most common open source flaws identified include Cross-Site Scripting, insecure deserialization, and broken access control. By not scanning open source libraries, these flaws remain vulnerable to a cyberattack. ツ?ツ?ツ?
Equifax made headlines by not scanning its open source libraries. In 2017, Equifax suffered a massive data breach from Apache Struts which compromised the data ??? including social security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent. The unfortunate reality is that if Equifax performed AppSec scans on its open source libraries and patched the vulnerability, the breach could have been avoided. ツ?
Why aren???t more organizations scanning open source libraries?
If 96 percent of organizations use open source libraries and 71 percent of applications have a third-party vulnerability, why is it that less than 50 percent of organizations scan their open source libraries? The main reason is that when application developers add third-party libraries to their codebase, they expect that library developers have scanned the code for vulnerabilities. Unfortunately, you can???t rely on library developers to keep your application safe. Approximately 42 percent of the third-party code pulled directly by an application developer has a flaw on first scan. And even if the third-party code appears to be free of flaws, more than 47 percent of third-party code has a transitive flaw that???s pulled indirectly from another library in use.
What are your options for managing library security flaws?
First off, it???s important to note that most flaws in open source libraries are easy to fix. Close to 74 percent of the flaws can be fixed with an update like a revision or patch. Even high priority flaws are easy to fix ??? close to 91 percent can be fixed with an update.
So, when it comes to managing your library security flaws, the concentration should not just be, ???How |
Data Breach Tool Vulnerability | Equifax | |
 |
2020-10-01 11:26:19 | A Simple Guide to Threat Hunting (lien direct) | Threats are continually changing and becoming more sophisticated. Making it impossible to buy a tool that detects every potential cyberthreat. You can help protect your business by taking a proactive approach to hunting threats. According to the 2020 Verizon Data Breach report, more than 25% percent of breaches took months or longer to discover This [...] | Data Breach Tool Threat | ||
 |
2020-09-29 14:00:00 | Weekly Threat Briefing: Federal Agency Breach, Exploits, Malware, and Spyware (lien direct) |
The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Cyber Espionage, FinSpy, Magento, Taurus Project and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
German-made FinSpy Spyware Found in Egypt, and Mac and Linux Versions Revealed
(published: September 25, 2020)
Security Researchers from Amnesty International have identified new variants of FinSpy, spyware that can access private data and record audio/video. While used as a law enforcement tool, authoritarian governments have been using FinSpy to spy on activists and dissidents. Spreading through fake Flash Player updates, the malware is installed as root with use of exploits, and persistence is gained by creating a logind.pslist file. Once a system is infected with the malware, it has the ability to run shell scripts, record audio, keylogging, view network information, and list files. Samples have been found of FinSpy for macOS, Windows, Android, and Linux.
Recommendation: Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from threat actors, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of spearphishing and how to identify such attempts.
MITRE ATT&CK: [MITRE ATT&CK] Logon Scripts - T1037 | [MITRE ATT&CK] Standard Application Layer Protocol - T1071
Tags: Amnesty, Android, Backdoor, Linux, macOS, FinSpy, Spyware
Magento Credit Card Stealing Malware: gstaticapi
(published: September 25, 2020)
Security researchers, at Sucuri, have identified a malicious script, dubbed “gstaticapi,” that is designed to steal payment information from Magento-based websites. The script first attempts to find the “checkout” string in a web browser URL and, if found, will create an element to the web pages header. This allows the JavaScript to handle external code-loading capabilities that are used to process the theft of billing and payment card information.
Recommendation: Sometimes webmasters discover that one of their sites has been compromised months after the initial infection. Websites, much like personal workstations, require constant maintenance and upkeep in order to adapt to the latest threats. In addition to keeping server software up to date, it is critical that all external-facing assets are monitored and scanned for vulnerabilities. The ability to easily restore from backup, incident response planning, and customer communication channels should all be established before a breach occurs.
MITRE ATT&CK: [MITRE ATT&CK] Command-Line Interface - T1059 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Data Encoding - T1132
T |
Data Breach Malware Vulnerability Threat | APT 19 | ★★★★★ |
 |
2020-09-29 06:05:00 | BrandPost: How to Defend Against Today\'s Top 5 Cyber Threats (lien direct) | Cyber threats are constantly evolving. As recently as 2016, Trojan malware accounted for nearly 50% of all breaches. Today, they are responsible for less than 7%.That's not to say that Trojans are any less harmful. According to the 2020 Verizon Data Breach Investigations Report (DBIR), their backdoor and remote-control capabilities are still used by advanced threat actors to conduct sophisticated attacks.Staying ahead of evolving threats is a challenge that keeps many IT professionals awake at night. Understanding today's most important cyber threats is the first step toward protecting any organization from attack. | Data Breach Malware Threat | ||
 |
2020-09-25 12:00:00 | 3 Biggest Factors in Data Breach Costs and How To Reduce Them (lien direct) | The cost of a data breach has increased slightly in the last six years on average. Costs are up 10% since 2014 to $3.86 million, according to the annual Cost of a Data Breach Report, published by IBM Security and based on research conducted by the Ponemon Institute. Three areas in particular proved to have […] | Data Breach | ||
|
2020-09-23 12:01:56 | Experts On News that Data of more than 500,000 referees stolen in ransomware attack (lien direct) | It has been reported that ArbiterSports, the official software provider for the NCAA (National Collegiate Athletic Association), and many other US leagues have announced it fended off a ransomware attack. In a data breach notification letter filed with multiple states across the US, the company said that despite detecting and blocking the hackers from encrypting its … The ISBuzz Post: This Post Experts On News that Data of more than 500,000 referees stolen in ransomware attack | Ransomware Data Breach | ||
|
2020-09-23 10:21:42 | Long Island hospital experiences data breach (lien direct) | Stony Brook University Hospital recently issued a warning to patients about a ransomware attacks which potentially exposed their personal data. Stony Brook University Hospital is the only tertiary care center and Regional Trauma Center in Long Island, and is just one of many recent hospitals to experience a data breach. The hospital contacted patients to […] | Ransomware Data Breach | ||
 |
2020-09-21 22:51:48 | Alleged Activision hack, 500,000 Call Of Duty players impacted (lien direct) | Over 500,000 Activision accounts may have been hacked in a new data breach that the gaming firm suffered on September 20. More than 500,000 Activision accounts may have compromised as a result of a data breach suffered by the gaming firm on September 20, reported the eSports site Dexerto. According to Dexerto, the login for Activision […] | Data Breach | ||
|
2020-09-21 19:06:56 | Experts On Major Activision Hack Reportedly Compromises Over 500k CoD Accounts (lien direct) | Over 500,000 Activision accounts have reportedly been hacked in a new Activision data breach on September 20, leaving Call of Duty players in limbo. All Call of Duty players should be on notice after a major Activision hack has left millions of accounts in limbo. As of the time of publishing, over 500,000 Activision accounts … The ISBuzz Post: This Post Experts On Major Activision Hack Reportedly Compromises Over 500k CoD Accounts | Data Breach Hack | ||
|
2020-09-21 13:35:42 | Focus on Fixing, Not Just Finding, Vulnerabilities (lien direct) |  When investing in an application security (AppSec) program, you expect to see a return on your investment. But in order to recognize a return, your organization needs to determine what success looks like and find a way to measure and prove that the program is meeting your definition of success.
For those just starting on their AppSec journey, success might be eliminating OWASP Top 10 vulnerabilities or lowering flaw density. But as you begin to mature your program and work toward continuous improvements, you should start measuring your program against key performance indicators (KPIs) like fix rate. Fix rate is used to indicate how fast your organization is closing ??? or remediating ??? flaws. The formula for fix rate is the number of findings closed divided by the number of findings open. As you can see in the diagram below, of the 6,609 flaws, 2,581 flaws areツ?open and 4,028 are closed. This means that flaws are remediated at a rate of 16 percent. The faster your organization fixes flaws, the lower the chances of an exploit. For the sake of continuous improvement, you should be finding that your organization is improving its fix rate by remediating flaws faster year over year.
ツ?
Using Veracode Analytics to examine fix rate and prove AppSec success.
Using Veracode Analytics custom dashboards, you can examine your total fix rate or break it out by application, scrum team, business unit, or geographical location. These dashboards can be shared with stakeholders and executives to show areas where your fix rate is improving or areas that need additional attention and resources.
When examining fix rate across applications, you should be finding that your more critical applications have a better fix rate. If that???s not the case, you need to be examining the application security policies you have in place for fixing flaws. High-severity and highly exploitable flaws should be prioritized over low-severity flaws with a lower chance of exploitability. The same logic applies to applications: High-risk applications storing large amounts of sensitive data should be prioritized.
When examining the fix rate across scrum teams and locations, you should find that teams and geographical locations are continuously improving their fix rate. If not, you should use the data to tailor future security trainings or to ask stakeholders and executives for additional resources.
How does fix rate impact return on investment?
By remediating flaws faster, you are reducing the chance of an exploit which could cost your business thousands ??? even millions ??? to resolve. For example, Capital One had a third-party vulnerability that was not remediated, and it led to a massive data breach which exposed its customer???s social security numbers and bank account numbers. It cost Capital One approximately 150 million dollars to resolve the matter.
Faster time to remediation also means faster time to production. Once developers fix all of the flaws defined in their policy, code can be moved to production. If code is moved to production at a faster rate, an organization ??? and its customers ??? can start recognizing value from the application sooner.
ツ?
For additional methods on proving AppSec success, check out our re |
Data Breach Vulnerability | ||
|
2020-09-21 10:45:22 | Experian data breach is not contained, despite claims it has (lien direct) | Experian recently experienced a data breach, which they claim has been contained, but it appears that it has not been. The breach exposed the personal information of 24 million South Africans, 800,000 business, and the bank accounts of 25,000 firms. The credit information company claim to have seized and deleted all data, but it appears […] | Data Breach | ||
|
2020-09-20 09:39:26 | Security Affairs newsletter Round 282 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Gaming hardware manufacturer Razer suffered a data leak CIRWA Project tracks ransomware attacks on critical infrastructure Popular Marketing Tool exposes data of users of dating sites Staples discloses data breach […] | Ransomware Data Breach Tool | ||
|
2020-09-18 04:06:25 | CTO On Ransomware Attack On University Hospital New Jersey (lien direct) | In reference to the news of the recent ransomware attack on University Hospital New Jersey (UHNJ) – it was reported the institution has suffered a massive 48,000 document data breach after a ransomware operation leaked their stolen data. Furthermore it was found that the SunCrypt ransomware operation has leaked the data have leaked a 1.7 … The ISBuzz Post: This Post CTO On Ransomware Attack On University Hospital New Jersey | Ransomware Data Breach | ||
 |
2020-09-17 14:01:48 | The Dunkin\' Donuts data breach leaves a very bad taste in the mouth (lien direct) | Despite repeated warnings Dunkin' Donuts failed to investigate evidence of a significant data breach, didn't reset passwords, and didn't warn customers... for years. | Data Breach | ||
 |
2020-09-15 15:04:55 | Covid-19 data breach: FM \'doesn\'t know\' when ministers first told (lien direct) | Mark Drakeford says he only learned of a data breach involving 18,000 people on Monday. | Data Breach | ||
 |
2020-09-15 11:28:40 | Security Incident at VA Exposed 46K Veterans\' Information (lien direct) | The Office of Management at the U.S. Department of Veterans Affairs (VA) disclosed a security incident involving the personal data of 46,000 veterans. The VA detailed the data breach in a statement published on its website on September 14. According to this press release, the VA’s Financial Services Center (FSC) discovered that unauthorized actors had […]… Read More | Data Breach | ||
|
2020-09-15 08:51:58 | Experts Reaction On Staples Data Breach (lien direct) | Staples has informed some customers that data relating to their orders has been accessed without permission, but dubbed the data as ‘Non-sensitive” according to researcher Troy Hunt. Cybersecurity experts reacted below. The ISBuzz Post: This Post Experts Reaction On Staples Data Breach | Data Breach | ||
|
2020-09-15 08:35:36 | Expert Reaction On Personal Information Of 46,000 Veterans Was Compromised In Data Breach (lien direct) | It has been reported that the Department of Veterans Affairs notified veterans Monday morning of a data breach that resulted in the exposure of 46,000 veterans’ personal information. This breach took place when an unauthorized users tries to access an application within the Financial Service Center (FSC) to steal payment. The techniques used by the … The ISBuzz Post: This Post Expert Reaction On Personal Information Of 46,000 Veterans Was Compromised In Data Breach | Data Breach | ||
|
2020-09-15 03:00:54 | Using the Cost of a Data Breach to Maximize Your ROI on Your Security Tools (lien direct) | The 2020 Cost of Data Breach report from IBM and the Ponemon is out. It provides a detailed analysis of causes, costs and controls that appeared in their sampling of data breaches. The report is full of data, and the website allows you to interact with its information so that you can do your own […]… Read More | Data Breach | ||
|
2020-09-14 21:15:15 | Over 18K COVID-19 Patients\' Data Mistakenly Exposed by NHS Trust (lien direct) | A National Health Service (NHS) Trust revealed that it had mistakenly uploaded the personal information of over 18,000 people who had previously tested positive for coronavirus 2019 (COVID-19). On September 14, Public Health Wales announced in a web statement that the data breach had occurred back on the afternoon of August 30, 2020. This notice […]… Read More | Data Breach | ||
|
2020-09-14 15:32:25 | Staples discloses data breach exposing customer order data (lien direct) | Giant office retail company Staples disclosed a data breach, threat actors accessed some of its customers’ order data. Staples, the office retail giant, disclosed a data breach, it notified its customers that their order data have been accessed by threat actors without authorization. The office retail giant sent out a data breach notification letter to the […] | Data Breach Threat | ||
|
2020-09-10 19:01:18 | Experts Comment On Survey That 94% Of IT Professionals Have Experienced A Data Breach And Worry About Insider Threats More Than External Attacks (lien direct) | A survey of 500 IT professionals by Exonar found that 94% of respondents have experienced a data breach, and 79% were worried their organisation could be next. In terms of what is causing the breaches, 40% of respondents to the Exonar survey said accidental employee incidents were to blame, compared to 21% who said it … The ISBuzz Post: This Post Experts Comment On Survey That 94% Of IT Professionals Have Experienced A Data Breach And Worry About Insider Threats More Than External Attacks | Data Breach | ||
 |
2020-09-09 11:00:00 | What you need to know about securing your APAC business and the recent data law changes (lien direct) | Data breaches are growing in frequency and intensity amidst the recent Coronavirus pandemic, having increased by nearly 273% in the first quarter compared to the same time frame last year. In fact, 2020 may very well be remembered as the year when cybersecurity became a business problem rather than a technology issue. The driving factor here is the recent shift in workforce culture. More and more organizations are now setting up remote working teams. In addition to this, the introduction of the latest cybersecurity laws across the Asia Pacific (APAC), along with changes to data protection rules, has created a need for business owners to actively review their cybersecurity and data handling strategies. Why do companies need to rethink their cybersecurity approach? APAC businesses have to transform their cybersecurity strategy, especially since the existing landscape is becoming increasingly complex. There is also greater exposure to major data breaches, and the bad news here is it's only escalating. Today, 74% of executives belong to organizations that are actively involved in digital transformation activities. While this digitization can certainly work wonders for boosting efficiency and staying at the top of things, it shouldn’t be at the cost of safety, which is a potential problem as businesses start operating online. Existing tools and security approaches may not be as effective (or completely redundant in some cases) since hackers are adopting more insidious tactics and focus. Luckily, a few browsers have upped their game to make the internet safe and private, but additional measures are still required. We all have to keep in mind, however, that not all browsers are made equal. If you prioritize your privacy, you’ll definitely like to know which browsers will keep your activity private without compromising your internet experience. An April study found that 56% of the participants had encountered hacking attempts, which is a 5% increase over the previous quarter. Hackers are leaving no stone unturned to stay undetected, and in case they get exposed, they also have ways to fight back. So it’s crucial for businesses to do a better job in identifying underlying problems before manifestation. And the only way to do this is through regular threat hunting that spans across the entire information supply chain. Critical cybersecurity tips for APAC businesses to enhancing network security The following are a few cybersecurity tips for APAC businesses to continue functioning without any disruptions amidst the ongoing pandemic: Accepting and Adapting to a Remote Workforce Culture Despite the ongoing debate about the suitability of remote work, the current pandemic has created circumstances forcing businesses to make an instant transformation to accommodate the same. Plus, owners have to understand that work from home arrangements are only going to move forward from this point. This change has bought them face-to-face with the requirement of having efficient IT support in terms of both infrastructure and people. APAC businesses are now more exposed to various security vulnerabilities. | Data Breach Threat | ||
|
2020-09-09 05:01:00 | What is Incident Response? (lien direct) | This blog was written by a third party author. As new types of security incidents are discovered, it is absolutely critical for an organization to respond quickly and effectively when an attack occurs. When both personal and business data are at risk of being compromised, the ability to detect and respond to advanced threats before they impact your business is of the utmost importance. As the threat landscape broadens, having to defend yourself is no longer an “if” but a “when.” Data breaches and cyberattacks can wreak havoc on your organization, affecting a wide range of business assets — including customer trust, company time and resources, intellectual property, and brand reputation. According to Ponemon’s Cost of a Data Breach Report, organizations boasting robust security Incident Response (IR) capabilities have reduced breach-related costs by an average of about $2 million USD. The savings here differentiate organizations with a dedicated Incident Response team that tests their plans and those with no IR team or testing. As the average cost of a data breach hovers around $3.86 million, or $150 per lost record, the “time is money” proverb is validated. Incident Response defined An Incident Response Plan (IRP) is a set of procedures used to respond to and manage a cyberattack, with the goal of reducing costs and damages by recovering swiftly. A critical component of Incident Response is the investigation process, which allows companies to learn from the attack and be more prepared for potential attacks. Because numerous companies experience breaches at some point in time, one of the best ways to protect your organization is a well-developed and repeatable Incident Response plan. The goal of incident management is to identify and respond to any unanticipated, disruptive event and limit its impact on your business. These events can be technical — network attacks such as denial of service (DoS), malware or system intrusion, for example — or they may result from an accident, a mistake, or perhaps a system or process failure. Today, a robust Incident Response Plan is more important than ever. The difference between a mere inconvenience and a total catastrophe for your organization may come down to your ability to detect and assess the event, identify its source and causes, and have solutions readily available. Incident response best practices Tyler Cohen Wood, former Senior Intelligence Officer with the Defense Intelligence Agency, explains that some of the most successful IR practices include response steps for various realistic scenarios. “An IR program should outline steps to take in the case of ransomware attacks, integrity attacks (manipulation of sensitive data), and exfiltration of sensitive data,” she advised. “Another best practice is performing periodic simulated cyberattack exercises to test your IR program and ensure that everyone involved understands exactly what to do and who oversees the response.” Wood, who has helped the White House, DoD, federal law enforcement, and the intel community thwart national cyber threats, also recommends that best practices consist of knowing exactly where, what, and how your most sensitive data is stored. This information, she said, should be included in the IR process. Equally important for any sized organization is to recognize and plan for cyberattacks that seek to alter or manipulate data rather than steal it outright. “This type of breach can be more difficult to ascertain,” she explained. “For this reason, it's critical to have data manipulation attacks on your radar and incorporated into your threat detection as well as your Incident Response plan.” Building an Incident Response Plan An Incident Response Plan serves | Ransomware Data Breach Malware Threat | ★★★★ | |
|
2020-09-08 13:19:30 | L\'importance de garder un œil sur les menaces internes (lien direct) | Beaucoup d'entreprises modernes sont tellement préoccupées par la nécessité de protéger leurs réseaux sensibles contre les adversaires malveillants qu'elles en oublient un autre danger, potentiellement encore plus grand, celui des menaces internes. Chaque année, le rapport Verizon Data Breach Investigations (DBIR) offre un examen approfondi des dernières tendances en matière d'incidents de cybersécurité. Le rapport de 2019 a révélé que les incidents de type menaces internes ont de nouveau augmenté au (...) - Points de Vue | Data Breach | ||
|
2020-09-08 11:00:00 | 6 Crucial password security tips for everyone (lien direct) | This blog was written by an independent guest blogger. These days, everyone has passwords. Lots and lots of passwords! When I think of how many user accounts with passwords that I have, I probably have dozens. A few for social media platforms like Twitter and LinkedIn, a few for my favorite media streaming services, one for Nintendo Switch and another for the PlayStation Network, a few for my utilities including electricity and my ISP, a few with Amazon and other online retailers, one with the government to file my personal income taxes, my home WiFi password, a Gmail account for all of my Google and YouTube stuff, accounts to authenticate into a couple of different web browsers, an account for my bank’s website, and there are probably at least a dozen more. And I’m a pretty typical technology user. So chances are, you have many similar online accounts as well. Our 21st century reality where we each need lots of user accounts in order to fully participate in society makes us all susceptible to being harmed in data breaches. And the scary thing is, data breaches happen constantly. All the time. For every data breach you read about in the news, there are lots more that people don’t know about. Passwords are an imperfect method of authentication. Many people in the cybersecurity industry would love to see passwords be completely replaced. We do have other means of authentication, such as the biometrics you may sometimes use to unlock your phone with your face. But we haven’t been able to completely get rid of passwords yet. So in the meantime, it’s up to all of us to be conscientious about how we use them. Here are some things you need to know about passwords so you can improve the security of your digital life. The most important factor in creating passwords that are difficult to crack is to use as many characters as possible. The days of eight character passwords are hopefully over. There are mathematics involved in password cracking, so each additional character in your password multiplies the time it would take a cyber attacker’s software to crack it. When you create a password, use as many characters as the application will allow. If an online service allows passwords of up to 20 characters, make a 20 character password. If you’re allowed to make a 50 character password, do it! If you have to remember a really long password, try making a sentence with multiple words you can remember. Maybe try a line in a favorite poem or song lyric. Be sure to throw some numbers and special characters in there and “YouCanCreateAVeryStrongPasswordLikeThisOne_2BSure!” Use a password manager, both in your desktop web browser and on your phone. Password managers have two very useful features. The first is obvious, being able to store the usernames and passwords you use with dozens or even hundreds of different online services and applications. The second really useful feature that pretty much all password managers have is the ability to create very secure randomly generated passwords for you. They can create really long passwords with random combinations of upper case and lower case letters, numbers, and special characters-- the kind that are very difficult for human beings to remember. When you use a password manager, difficult to remember passwords are fine because you don’t have to remember them! The password manager will remember them for you. Most major web browsers have password managers built-in, but many people prefer third party password managers and find that they’re well worth the monthly or annual fee that they pay for the service. They can be installed as both web browser plug-ins and as an app on your phone. Research online and see which password managers people recommend. Your password for your main email account is probably one of the most important passwords that you have, other than perhaps the master password for your password manager or the password for your hom | Data Breach | ||
|
2020-09-08 10:30:00 | Data Breach Protection Must Include Physical Security (lien direct) | If most of your business’ data and workloads are handled on public clouds, it can be easy to forget about the onsite servers. With office buildings empty, employees may assume the servers are protected by the same physical security as the rest of the facility. However, physical security has its own considerations, and paying careful […] | Data Breach | ||
|
2020-09-04 22:26:01 | SunCrypt Ransomware behind North Carolina school district data breach (lien direct) | A school district in North Carolina disclosed a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. The Haywood County School district in North Carolina has suffered a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack. The ransomware attack took place on August 24th, 2020, but at the […] | Ransomware Data Breach | ||
|
2020-09-04 15:36:16 | Warner Music Group online stores hit by look-like Magecart attack (lien direct) | Warner Music Group (WMG) disclosed a data breach affecting US-based e-commerce stores, the compromise appears to be a Magecart attack. Warner Music Group (WMG) is a major music company with interests in recorded music, music publishing and artist services. The company has disclosed a data breach that impacted customers’ personal and financial information, the incident […] | Data Breach | ★★★ | |
|
2020-09-02 15:16:39 | Experts On American Payroll Assn attack; Fed. Acquisition Supply Chain Security Act (lien direct) | The nonprofit American Payroll Association (APA) notified members and customers of a data breach resulting from a web skimmer on its website login and online store checkout pages. The Association and its 121 local chapters organize training seminars and events that are attended by more than 36,000 yearly. The ISBuzz Post: This Post Experts On American Payroll Assn attack; Fed. Acquisition Supply Chain Security Act | Data Breach | ||
 |
2020-09-02 08:29:45 | AusCERT says alleged DoE hack came from a third-party (lien direct) | AusCERT says a data breach occurred at K7Maths, a company providing services to schools. | Data Breach Hack | ||
|
2020-09-01 19:59:57 | 9 Key Benefits Of Partnering With A Cybersecurity Provider (lien direct) | Cyber threats and attacks have become pervasive and costlier in the present digital era. According to a recent study by the Ponemon Institute, the average cost of a data breach to a US company is around USD 7.91 million. Apart from inflicting severe financial damage, cyberattacks can cause regulatory fines, business continuity disruptions, loss of … The ISBuzz Post: This Post 9 Key Benefits Of Partnering With A Cybersecurity Provider | Data Breach | ★★★★★ | |
|
2020-08-31 06:00:00 | Cloud technology great for security but poses systemic risks, according to new report (lien direct) | Although nearly 30 years old, cloud computing is still a “new” technology for most organizations. The cloud promises to reduce costs and increase efficiencies through storage and management of large repositories of data and systems that are theoretically cheaper to maintain and easier to protect. [ Follow these 5 tips for better cloud security. | Get the latest from CSO by signing up for our newsletters. ] Given the growing rush by organizations to move to the cloud, it's no surprise that some policymakers in Washington are calling for regulation of this disruptive technology. Last year, Representative Katie Porter (D-CA) and Nydia Velázquez (D-NY), urged the Financial Stability Oversight Council (FSOC) to consider cloud services as essential elements of the modern banking system and subject them to an enforced regulatory regime. Their calls for this kind of oversight came in the wake of a major data breach of Capital One in which an employee of the financial institution was able to steal more than 100 million customer credit applications by exploiting a misconfigured firewall in operations hosted on Amazon Web Services (AWS). | Data Breach | ||
|
2020-08-28 14:19:56 | Details on over 350,000 SSL247 customers exposed due to misconfigured AWS bucket (lien direct) | Another week, another misconfigured AWS S3 bucket as security researchers have discovered a misconfigured AWS S3 bucket exposing sensitive files related to SSL247, a reseller of internet security products. The leaky database exposed the personal information of up to 350,000 customers (150 GB), who made purchases through SSL247 between 2012-2020. The data breach affected customers in South America, … The ISBuzz Post: This Post Details on over 350,000 SSL247 customers exposed due to misconfigured AWS bucket | Data Breach | ||
|
2020-08-26 11:11:58 | Quel a été l\'impact du Covid-19 sur le panorama de la compromission des données ? (lien direct) | Depuis le lancement du dernier Data Breach Investigations Report en mai 2020 (DBIR : rapport annuel sur les compromissions de données réalisé par Verizon Business), nous avons constaté que la pandémie du Covid-19 posait des problèmes de sécurité supplémentaires aux entreprises du monde entier. De nombreuses organisations ont dû déplacer rapidement leurs effectifs vers le travail à distance ; le commerce électronique s'est développé, de nombreuses industries - et notamment le commerce de détail et les (...) - Points de Vue | Data Breach | ||
|
2020-08-24 15:21:46 | Former Uber Security Chief Charged With Paying Hush Money To Cover Up 2016 Hack (lien direct) | As reported by The Verge, Uber's former security chief has been charged with obstruction of justice for trying to hide a data breach from the Federal Trade Commission and Uber management, according to a statement from the Department of Justice. Joseph Sullivan, who was Uber's chief security officer from April 2015 to November 2017, allegedly concealed … The ISBuzz Post: This Post Former Uber Security Chief Charged With Paying Hush Money To Cover Up 2016 Hack | Data Breach Hack | Uber | |
|
2020-08-24 14:51:02 | BlueLeaks Exposed Some COVID-19 Patients\' IDs – Cybersecurity Experts Perspective (lien direct) | A South Dakota news site reveals that the June 2020 “BlueLeaks” massive data breach resulted in the exposed identities of the state's citizens who tested positive for COVID-19: Massive data breach affects SD COVID-19 patients. In response, cybersecurity experts offer thoughts. The ISBuzz Post: This Post BlueLeaks Exposed Some COVID-19 Patients' IDs – Cybersecurity Experts Perspective | Data Breach | ||
 |
2020-08-24 10:00:00 | Average Cost of a Data Breach in 2020: $3.86M (lien direct) | When companies defend themselves against cyberattacks, time is money. | Data Breach | ||
|
2020-08-22 08:13:16 | Popular Freepik site discloses data breach impacting 8.3M users (lien direct) | Freepik, one of the most popular online graphic resources sites online has disclosed a security breach that impacted 8.3 Million users. Freepik, the popular website that provides high-quality free photos and design graphics, has disclosed a major security breach that impacted 8.3 Million users. Freepik says that hackers were able to steal emails and password hashes for […] | Data Breach | ||
|
2020-08-21 22:43:15 | Free photos, graphics site Freepik discloses data breach impacting 8.3m users (lien direct) | Freepik is one of the most popular websites on the internet, currently ranked #97 on the Alexa Top 100 sites list. | Data Breach | ||
 |
2020-08-20 14:39:35 | Former Uber Security Chief Charged Over Covering Up 2016 Data Breach (lien direct) | The federal prosecutors in the United States have charged Uber's former chief security officer, Joe Sullivan, for covering up a massive data breach that the ride-hailing company suffered in 2016.
According to the press release published by the U.S. Department of Justice, Sullivan "took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach" that also |
Data Breach Guideline | Uber | |
|
2020-08-20 13:21:22 | Experts on News: Experian scam leaves critical data on over 24 million customers exposed (lien direct) | It has been reported that the South African branch of consumer credit reporting agency Experian disclosed a data breach on Wednesday with the credit agency admitted to handing over the personal details of its South African customers to a fraudster posing as a client. While Experian did not disclose the number of impacted users, a report from … The ISBuzz Post: This Post Experts on News: Experian scam leaves critical data on over 24 million customers exposed | Data Breach | ||
|
2020-08-20 12:55:39 | Expert comment on Experian data breach (lien direct) | South Africa has just been hit by one of the largest-ever data breaches after Experian, one of the country’s biggest credit bureaus, was hit by a fraudster. https://twitter.com/campuscodi/status/1296314770002513921 The ISBuzz Post: This Post Expert comment on Experian data breach | Data Breach | ||
|
2020-08-20 11:22:31 | Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified (lien direct) | The South African arm of one of the world's largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions of its customers.
While Experian itself didn't mention the number of affect customers, in a report, the South African Banking Risk Information Centre-an anti-fraud and banking non-profit organization who worked with |
Data Breach | ||
|
2020-08-20 08:03:58 | Experian South Africa discloses data breach, 24 million customers impacted (lien direct) | The South African branch of consumer credit reporting agency Experian disclosed a data breach that impacted 24 million customers. The South African branch of consumer credit reporting agency Experian disclosed this week a data breach that impacted 24 million customers. The company revealed that only personal information was exposed in the data breach, no financial […] | Data Breach | ||
|
2020-08-19 23:43:25 | Experian South Africa discloses data breach impacting 24 million customers (lien direct) | Experian said the attacker was identified and its data deleted from the fraudster's devices. | Data Breach |
To see everything:
Our RSS (filtrered)
