What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-08-07 10:33:05 | Singapore explores virtual browsers following SingHealth data breach (lien direct) | Singapore is assessing the feasibility of rolling out virtual browsers to reduce the attack surface of healthcare systems, following a critical cybsecurity breach that compromised personal data of 1.5 million patients. Implementing virtual browsers would enable users to browse the web safely via quarantined servers, hence, reducing the number of potential attack points, said Singapore ... | Data Breach | ||
 |
2018-08-06 13:00:03 | Clarksons Data Breach (lien direct) | Following the recent news regarding British shipping company, Clarksons, revealing that a data breach it suffered last year stemmed from a hack on a “single and isolated user account”, Joseph Carson, Chief Security Scientist at Thycotic offers the following comment. Joseph Carson, Chief Security Scientist at Thycotic: “Many organisations have failed to implement privileged access security and in … The ISBuzz Post: This Post Clarksons Data Breach | Data Breach Hack | ||
 |
2018-08-05 10:05:01 | Reddit hack: Users\' personal information compromised in a serious data breach (lien direct) | Reddit discloses hack, reveals hackers stole email addresses and old passwords Reddit, the social discussion, and forum-hosting website, in a blog post on Wednesday, said that a security breach earlier this summer has compromised personal information of some users, including email addresses and private messages. However, the company did not disclose how many of its […] | Data Breach | ||
|
2018-08-03 18:00:02 | Reddit Data Breach (lien direct) | Reddit has been in the news, following an incident where users' log in details were compromised. IT security experts commented below. Frederik Mennes, Senior Manager Market & Security Strategy, Security Competence Center at OneSpan: “In order to effectively deal with today's cyber security threats, organizations should protect their accounts with strong, multi-factor authentication. Reddit did so, but … The ISBuzz Post: This Post Reddit Data Breach | Data Breach | ||
 |
2018-08-03 13:00:00 | Things I Hearted this Week, 3rd Aug 2018 (lien direct) |
It’s August already. The kids are off on their summer vacations telling me how bored they are every 5 minutes, and the annual security gathering in Las Vegas of Blackhat, Defcon, and BsidesLV is all but upon us.
There will be no recap next week because I’ll probably be getting ready to fly home - but normal service should resume the following week.
The Red Pill of Resilience in InfoSec
Another insightful write up by Kelly Shortridge, which happens to be the full text of her keynote on resilience. It touches on, and expands many concepts to uncover what it really means to be resilient in infosec, and what the industry can do.
The Red Pill of Resilience in InfoSec | Medium, Kelly Shortridge
VDBIR Data
The Verizon Data Breach Report has become the staple go-to report for security professionals wanting to understand the breach landscape. But a once-a-year report is usually too long for most of us to wait to see what’s new.
So the good folk have created an interactive portal where you can explore the most common DBIR patterns.
VDBIR Portal | Verizon enterprise
Reddit Breached
Reddit disclosed a breach and say they’re still investigating. It appears that the attacker was able to bypass SMS-based two-factor (two-step) authentication.
We had a security incident. Here’s what you need to know | Reddit
It’s worth revisiting this blog by Paul Moore on the difference between two-factor and two-step authentication.
The difference between two-factor and two-step authentication | Paul Moore
Alex Stamos off to Academia
Facebook chief security officer Alex Stamos is leaving the social network to work on information warfare at Stanford University. The social network has not named any replacement.
Facebook's security boss is offski. Not to worry, it has 'embedded security' in all divisions | The Register
CISCO + DUO = DISCO!
Cisco has announced it will be acquiring DUO Security for $2.35bn in cash it found lying behind the sofa.
Cisco is buying Duo Security for $2.35B in cash | Tech Crunch
Farcial Recognition
Amazon’s face surveillance technology is the target of growing opposition nationwide, and today, there are 28 more causes for concern. In a test the ACLU recently conducted of the facial recognition tool, called “Rekognition,” the software incorrectly matched 28 members of Congress, identifying them as other people who have been arrested for a crime.
|
Data Breach Threat | ||
|
2018-08-03 10:50:05 | Two major Thai banks hacked, personal details from over 120,000 customers stolen (lien direct) | The Bank of Thailand (BOT) has confirmed that hackers have stolen information of more than 120,000 customers in a massive data breach into two major commercial banks. Cybersecurity operators at BOT has vowed to step up security measures and oversight after Kasikornbank and Krung Thai Bank reported cyber attacks during the Buddhist Lent holiday last ... | Data Breach | ||
|
2018-08-02 11:30:04 | Healthcare Data Breach Of 1.4M Patients (lien direct) | Iowa's UnityPoint Health has revealed it was the victim of a phishing attack that put the sensitive medical information of 1.4 million patients at risk, as reported by local media. Leon Lerman, CEO at Cynerio: “Healthcare organizations need to be on high alert for these types of phishing attacks like the one that targeted employees of UnityPoint Health. … The ISBuzz Post: This Post Healthcare Data Breach Of 1.4M Patients | Data Breach | ||
 |
2018-08-02 10:14:02 | Smashing Security #089: Data breaches, ransomware, Bitcoin robberies, and typewriters (lien direct) |  Ransomware rears its head again, Dixons Carphone reveals its data breach was almost 1000% worse than they previously thought, a man is accused of stealing five million dollars worth of cryptocurrency through hijacking mobile phones, and a Canadian guy called Norman is rushing to get the typewriters out of storage.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist Geoff White.
|
Data Breach | ||
 |
2018-08-02 00:55:01 | Reddit Breach Highlights Limits of SMS-Based Authentication (lien direct) | Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn't seem too severe. What's interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. | Data Breach | ||
 |
2018-08-01 22:02:03 | Reddit discloses a data breach, a hacker accessed user data (lien direct) | Reddit Warns Users of Data Breach Reddit is warning its users of a security breach, an attacker broke into the systems of the platform and accessed user data. Reddit is warning its users of a security breach, a hacker broke into the systems of the platform and accessed user data. The hacker accessed user data, email addresses, […] | Data Breach | ||
 |
2018-08-01 14:45:00 | Reddit Warns Users of Data Breach (lien direct) | An attacker broke into Reddit systems and accessed user data, email addresses, and a database of hashed passwords from 2007. | Data Breach | ||
|
2018-08-01 14:15:04 | Yale University Data Breach (lien direct) | Yale officials are confirming Social Security Numbers Accessed in Yale University Data Breach. NBC reports the breach occurred between April 2008 and January 2009, and in 2011, Yale deleted personal information in that database as part of an effort to protect personal information on Yale servers, and was not aware at that time of the breach. Ryan Wilk, Vice President at NuData Security: “Yale University … The ISBuzz Post: This Post Yale University Data Breach | Data Breach | ||
 |
2018-08-01 11:03:04 | How Self-Assessment Can Help You Avoid a Data Breach (lien direct) | >Your business can avoid a data breach by using self-assessment tools to plan your cybersecurity approach. Doing so empowers you to focus on making the headlines with good news. Here's how. | Data Breach | ||
|
2018-08-01 10:45:05 | Yale data breach discovered 10 years too late (lien direct) | Yale University discovered it suffered a data breach — 10 years ago. The Yale data breach occurred at some point between April 2008 and January 2009, but officials are unsure exactly when. The Yale data breach included sensitive data such as names, Social Security numbers and birth dates on an unknown number of people, as well ... | Data Breach | ||
|
2018-08-01 10:44:04 | Police inform members of public about data breach (lien direct) | POLICE are understood to have informed a number of people and business owners that their private data may be in the hands of suspected loyalist paramilitaries. The information was thought to have been unintentionally given to loyalists subject to investigation. A number of computer devices were removed from loyalists for forensic examination as part of a police ... | Data Breach | ||
 |
2018-08-01 10:43:05 | Yale University Discloses Decade-Old Data Breach (lien direct) | "Because the intrusion happened nearly ten years ago, we do not have much more information about how it occurred." | Data Breach | ||
|
2018-08-01 10:37:02 | Dixons Carphone Breach: Much Larger Than First Thought (lien direct) | A data breach at Dixons Carphone that was made public last month | Data Breach | ||
 |
2018-08-01 09:30:03 | Yale University discloses old school data breach (lien direct) | The data breach was discovered a decade too late to do anything about it. | Data Breach | ||
|
2018-08-01 09:06:02 | Understanding The Cyber Threat Landscape (lien direct) | In early July IBM Security and the Ponemon Institute released a new report titled “Cost of a Data Breach Study” In this study it was reported that that the global average cost of a data breach and the average cost for lost or stolen information both increased. The former is up 6.4 percent to £2.94 ... | Data Breach Threat | ||
 |
2018-08-01 04:15:00 | IDG Contributor Network: Is California\'s Consumer Privacy Act of 2018 going to be GDPR version 2? (lien direct) | While there is time before the California Consumer Privacy Act of 2018 comes into effect, which is January 1, 2020, businesses need to start planning now for compliance. The CCPA provides California consumers with significantly expanded rights as to the collection and use of their personal information by businesses. It covers any business meeting revenue or data collection volume triggers and that collects or sells information about California residents.Applicability to businesses The CCPA uses a much broader definition of personal information than is generally used in privacy statutes in the United States, including the definition in California's own data breach notification statute. Personal information under the CCPA includes “information that identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.” With this broad definition, the types of information protected under the CCPA are much closer to those found in the European Union's General Data Protection Regulation (“GDPR”). | Data Breach | ||
|
2018-07-31 16:00:04 | (Déjà vu) Major Online Fashion Brands Suffer Data Breach Affecting 1.4 Million (lien direct) | Around 1.4 million customers of a number of UK clothing and accessories websites have had their personal information exposed following a security breach at an IT services provider that they were sharing. Brands such as Jaded London, AX Paris, Elle Belle Attire, Perfect Handbags, DLSB (Dirty Little Style Bitch), and Traffic People were affected. Lee Munson, … The ISBuzz Post: This Post Major Online Fashion Brands Suffer Data Breach Affecting 1.4 Million | Data Breach | ||
|
2018-07-31 15:00:03 | Dixons Carphone (lien direct) | It has been reported today that Dixons Carphone has announced that the huge data breach that took place last year involved 10 million customers, which is significantly up from its original estimate of 1.2 million. The company said personal information, names, addresses and email addresses may have been accessed, however no bank details were taken and it had found no … The ISBuzz Post: This Post Dixons Carphone | Data Breach | ||
|
2018-07-31 14:26:05 | Dixons Carphone Data Breach discovered in June affected 10 Million customers (lien direct) | Dixons Carphone announced on Monday that the security breach discovered in June affected around 10 million customers, much more than the initial estimate. Dixons Carphone, one of the largest European consumer electronics and telecommunication retailers, suffered a major data breach in 2017, but new data related to the incident have been shared. The situation was worse […] | Data Breach | ||
|
2018-07-31 12:00:00 | Yale Discloses Data Breach (lien direct) | The university discloses that someone stole personal information a long time ago. | Data Breach | ||
|
2018-07-31 10:39:03 | Clarksons says single user account to blame for data breach (lien direct) | The British shipping company had confidential information stolen after refusing to bow to blackmail. | Data Breach | ||
|
2018-07-31 08:59:02 | ICO reveals fivefold increase in personal data breach reports (lien direct) | The Information Commissioner’s Office (ICO) has revealed a big rise in the number of self-reported personal data breach notifications in the first full month following the introduction of the new General Data Protection Regulation (GDPR). During a webinar for data controllers posted on the ICO website, Laura Middleton, head of the ICO’s personal data breach ... | Data Breach | ||
 |
2018-07-31 07:46:02 | Dixons Carphone says data breach affected 10 million (lien direct) | The Carphone Warehouse and Currys PC World owner says details of 10 million customers have been affected. | Data Breach | ||
 |
2018-07-31 04:04:05 | Dixons Carphone Data Breach Affects 10 Million Customers (lien direct) | Dixons Carphone's 2017 data breach was worse than initially anticipated.
In an announcement on Monday, Dixons Carphone, one of the largest consumer electronics and telecommunication retailers in Europe, admitted that the breach affected around 10 million customers, up from an initial estimate of 1.2 million people the company acknowledged back in June.
The company, which has
|
Data Breach | ||
|
2018-07-30 12:34:03 | 1.4 million online fashion shoppers exposed after data breach at UK ecommerce provider (lien direct) |  Up to 1.4 million customers of a number of UK clothing and accessories websites have had their personal information exposed following a security breach at an IT services provider that they were sharing.
|
Data Breach | ||
|
2018-07-30 09:49:04 | Boys Town Healthcare Data Breach Exposed Personal Details of Patients (lien direct) | Another day, Another data breach!
This time-sensitive and personal data of hundreds of thousands of people at Boys Town National Research Hospital have been exposed in what appears to be the largest ever reported breach by a pediatric care provider or children's hospital.
According to the U.S. Department of Health and Human Services Office for Civil Rights, the breach incident affected
|
Data Breach | ||
|
2018-07-30 05:41:05 | Massive Singapore Healthcare Breach Possibly Involved Contractor (lien direct) | Researchers have come across two Pastebin posts that could shed more light on the data breach that resulted in the health records of 1.5 million Singaporeans getting stolen by hackers. | Data Breach | ||
|
2018-07-27 13:00:00 | Things I Hearted this Week, 27th July 2018 (lien direct) |
Welcome to your weekly security roundup, providing you all with the security news you deserve, but maybe might not need.
As always, these news stories are human-curated by me - no fancy algorithms, no machine learning, and definitely no trending topics here.
We are less than two weeks away from Blackhat in sunny Las Vegas. We’ll be there - pop along to booth 528 and say hello if you’re there.
Google: Security Keys Neutralized Employee Phishing
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes.
Google: Security Keys Neutralized Employee Phishing | Krebs on Security
While we’re on the topic of phishing, attackers used phishing emails to break into a Virginia bank twice in eight months, making off with more than $2.4 million in total. Now the bank is suing its cybersecurity insurance provider for refusing to fully cover the loss.
Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M | Krebs on Security
We’re probably going to see more of this kind of back and forth as companies that have taken out cyber insurance and suffered a breach fight with their insurers over liability and who will cover the cost.
Somewhat related:
Scam of the week, another new CEO fraud phishing wrinkle | KnowBe4
Breaking the Chain
Supply chain and third party risks are getting better understood, but understanding a risk doesn’t necessarily mean it will reduce the risk.
Tesla, VW, and dozens of other car manufacturers had their sensitive information exposed due to a weak security link in their supply chains.
Tesla, VW data was left exposed by supply chain vendor Level One Robotics | SC Magazine
SIM Swap - A Victim’s Perspective
This is a really good write-up by AntiSocial engineer taking a look at how SIM swap fraud can impact victims, and why mobile phone operators need to do more to prevent this kind of fraud.
“It’s an all too common story, the signal bars disappear from your mobile phone, you ring the phone number – it rings, but it’s not your phone ringing. Chaos ensues. You’re now getting password reset emails from Facebook and Google. You try to login to your bank but your password fails. Soon enough the emails stop coming as attackers reset your account passwords. You have just become the newest victim of SIM Swap Fraud and your phone number is now at the control of an unknown person.”
SIM Swap Fraud - a victim’s perspective | AntiSocial Engineer
EU Fails to Regulate IoT Security
In this week’s head-scratching moment of “what were they thinking?”, the European Commission has rejected consumer groups' calls for mandatory security for consumer internet-connected devices because they believe voluntar |
Data Breach Hack | Tesla | |
|
2018-07-27 11:35:05 | Incident Response Under GDPR: What to Do Before, During and After a Data Breach (lien direct) | >With GDPR in full swing, organizations need to prepare their incident response plans to move swiftly in the event of a breach and meet the mandated 72-hour incident disclosure window. | Data Breach | ||
 |
2018-07-27 09:56:03 | Mauvaise gestion des mots de passe et montée en puissance de l\'authentification multifacteurs (lien direct) | La sécurité des mots de passe est l'un des problèmes les plus importants auxquels la sécurité informatique est confrontée aujourd'hui. Selon le Verizon Data Breach Report 2017, 81 % des atteintes à la protection des données sont causées par des mots de passe faibles ou volés. Pour surmonter ces défis, de nombreuses organisations se tournent vers la technologie d'authentification multifacteurs (MFA) afin de fournir une approche multicouches et de réduire le rôle que jouent les mots de passe lors de la (...) - Investigations | Data Breach | ||
|
2018-07-26 11:59:05 | Under GDPR, Data Breach Reports in UK Have Quadrupled (lien direct) | Privacy Regulator Sees 1,750 Breach Reports in June, Up From 400 in April View Full Story ORIGINAL SOURCE: Bank Infosecurity | Data Breach | ||
|
2018-07-25 11:44:03 | The Foundation of Cyber-Attacks: Credential Harvesting (lien direct) | Recent reports of a newly detected Smoke Loader infection campaign and the re-emergence of Magecart-based cyber-attacks illustrate a common tactic used by cyber criminals and state-sponsored attackers alike ― credential harvesting. According to the Verizon 2017 Data Breach Investigation Report, 81% of hacking-related breaches leverage either stolen, default, or weak credentials. | Data Breach | ||
|
2018-07-24 14:50:02 | (Déjà vu) Data breach exposes trade secrets of carmakers VW, Toyota and GM (lien direct) | Ten years’ worth of data belonging to some of the world’s biggest carmakers including Volkswagen, Fiat Chrysler and Toyota has been accidentally made available online, it has emerged. View Full Story ORIGINAL SOURCE: Telegraph | Data Breach | ||
|
2018-07-23 15:29:03 | Singapore experiences its worst data breach (lien direct) | A Singapore healthcare database was hacked in what is the country’s worst cyber attack, with medical records of Prime Minister Lee Hsien Loong among those stolen. View full story ORIGINAL SOURCE: CNBC | Data Breach | ||
|
2018-07-23 10:30:02 | Singapore Data Breach (lien direct) | News broke earlier today that a major cyberattack on Singapore's government health database stole the personal information of about 1.5 million people, including Prime Minister Lee Hsien Loong. In response to this news, IT security experts commented below. Ramon Vicens, CTO at Blueliv: “It may be some time before we know exactly how the hackers got into the Singaporean government … The ISBuzz Post: This Post Singapore Data Breach | Data Breach | ||
|
2018-07-20 23:25:03 | Half Of US Retailers Have Seen A Data Breach This Year (lien direct) | Following research from Thales eSecurity that has revealed that 50 per cent of US retailers have experienced a breach in 2018, up from 19 per cent last year, Ross Rustici, Senior Director of Intelligence Services at Cybereason, explains why this increase has occurred. Ross Rustici, Senior Director of Intelligence Services at Cybereason: “This jump is most likely a … The ISBuzz Post: This Post Half Of US Retailers Have Seen A Data Breach This Year | Data Breach | ★★ | |
|
2018-07-20 18:34:02 | (Déjà vu) SingHealth, largest healthcare group in Singapore, suffered a massive data breach (lien direct) | SingHealth, the largest healthcare group in Singapore, suffered a massive data breach that exposed 1.5 Million patient records. The largest healthcare group in Singapore, SingHealth, has suffered a massive data breach that exposed personal information of 1.5 million patients who visited the clinics of the company between May 2015 and July 2018. Stolen records include […] | Data Breach | ★★★★ | |
|
2018-07-20 13:59:00 | Singapore Health Services Data Breach Exposes Info on 1.5 Million People (lien direct) | Attackers, repeatedly and specifically, targeted Singapore Prime Minister Lee Hsien Loong's medication data. | Data Breach | ||
|
2018-07-20 13:30:01 | Human Resources Company ComplyRight Suffers Data Breach (lien direct) | It has been reported that cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardised sensitive consumer information - including names, addresses, phone numbers, email addresses and Social Security numbers - from tax forms submitted by the company's thousands of clients on behalf of employees. Florida-based ComplyRight began mailing breach notification letters … The ISBuzz Post: This Post Human Resources Company ComplyRight Suffers Data Breach | Data Breach | ★★★★★ | |
|
2018-07-20 13:10:00 | HR Services Firm ComplyRight Suffers Major Data Breach (lien direct) | More than 7,500 customer companies were affected, and the number of individuals whose information was leaked is unknown. | Data Breach | ||
 |
2018-07-20 10:45:01 | Data of 1.5 Million People Breached in Singapore\'s \'Worst\' Digital Attack (lien direct) | A data breach that’s being described as Singapore’s “worst” digital attack on record exposed the personal information of an estimated 1.5 million people. On 20 July, multiple ministries Singapore’s government held a press conference on what they believe was a state-sponsored attack. They didn’t reveal whom they felt was responsible for targeting SingHealth, the island […]… Read More | Data Breach | ||
|
2018-07-20 05:28:00 | Singapore\'s Largest Healthcare Group Hacked, 1.5 Million Patient Records Stolen (lien direct) | Singapore's largest healthcare group, SingHealth, has suffered a massive data breach that allowed hackers to snatch personal information on 1.5 million patients who visited SingHealth clinics between May 2015 and July 2018.
SingHealth is the largest healthcare group in Singapore with 2 tertiary hospitals, 5 national specialty , and eight polyclinics.
According to an advisory released by
|
Data Breach | ||
|
2018-07-20 05:06:04 | HR Services Firm ComplyRight Suffers Data Breach (lien direct) | Florida-based HR services provider ComplyRight revealed recently that its tax reporting platform was involved in a cybersecurity incident that resulted in the exposure of personal information. | Data Breach | ||
|
2018-07-18 13:01:00 | Abuse inquiry fined £200,000 for email data breach (lien direct) | A mass email using the "to" field instead of the "bcc" field identified possible abuse victims. | Data Breach | ||
|
2018-07-17 08:33:00 | IDG Contributor Network: 8 steps to secure unmanaged devices in the enterprise (lien direct) | For many years now, enterprise networks have seen a steady stream of new devices that are outside of IT department control. The mobility trend has given way to the rise of the IoT and the result is a lot of unmanageable endpoints that represent a clear security risk. Smart lighting, printers, Bluetooth keyboards, smart TVs, video cameras, switches and routers are all connected devices that often lack any built-in security.This security blind spot is ripe for exploitation by cybercriminals probing your network for weaknesses. Despite 97 percent of risk professionals admitting that a data breach or cyber-attack caused by unsecure IoT devices could be catastrophic for their organization, according to a survey by the Ponemon Institute and Shared Assessments, just 15 percent have an inventory of most of their IoT and only 46 percent have a policy in place to disable devices that pose a risk. | Data Breach | ||
|
2018-07-12 23:27:00 | The Most Common Hack Is Also the Most Successful. Here\'s How to Fight It. (lien direct) | Despite what movies might show, most hacks don't involve frantic typing or brute-force attacks. In fact, Verizon’s “2017 Data Breach Investigations” report revealed that 90 percent of successful hacks aren't hacks at all: They’re social engineering. Simply put, social engineering is about manipulating people rather than computers. Modern hackers have discovered that it is easier … The ISBuzz Post: This Post The Most Common Hack Is Also the Most Successful. Here’s How to Fight It. | Data Breach Hack |
To see everything:
Our RSS (filtrered)
