What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-10-05 13:00:00 | Things I Hearted this Week: 5th Oct 2018 (lien direct) |
There was no update last week because I was in Dallas for the AT&T Business Summit which was a great event. Chuck Brooks wrote a detailed post on his experience, while I made a couple of videos charting my time.
But enough of that, lets see what went down in the world of security over these last few days.
Facebook breach
One of the biggest stories in these past few days must be the Facebook breach. The company issues a security update on September 28th which led with the facts,
On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We’re taking this incredibly seriously and wanted to let everyone know what’s happened and the immediate action we’ve taken to protect people’s security.
At this stage, there are probably more questions than answers and it’s likely this is one story that will play out for a long time.
The ultimate fallout from the Facebook data breach could be massive | Help Net Security
Facebook faces $1.6 billion fine as top EU regulator officially opens probe into data breach | CNBC
What we still don’t know about the Facebook breach | The Verge
The Facebook security meltdown exposes way more sites than Facebook | Wired
Local file inclusion at IKEA.com
Flatpack vulnerabilities now available in this great writeup by Jonathan Bouman.
Local file inclusion at IKEA | Medium / Jonathan Bouman
Out of office notices for OSINT
A nice reminder by Stuart Coulson on the perils of out of office notifications, and how they can divulge a lot more than you’d want to anyone.
Out Of Office notices for OSINT | HiddenText
While you’re on the HiddenText site, check out, Seven types of cyber criminals : 2018 version
Put ads down your Pi-Hole
Nobody really likes ads when they’re browsing online. So, they sometimes revert to using adblockers. But there are some issues with those as well.
Surely, in an industry full of clever tech people, hackers, and tinkerers, there is a better way - enter Pi-hole.
Self-described as a black hole for internet ads, it is basically a mini DNS server you run on a Raspberry Pi in your local network through which your traffic goes and then blacklists any malicious domains.
Both |
Data Breach | ||
 |
2018-10-04 10:50:01 | Burgerville customer credit card info stolen in data breach laid at Fin7\'s feet (lien direct) | Despite the recent arrests of alleged Fin7 members, the threat group is actively targeting US companies. | Data Breach Threat | ||
|
2018-10-03 11:51:03 | Gwinnett Medical Center investigates possible data breach (lien direct) | Patient records may have been leaked online due to the alleged security incident. | Data Breach | ||
 |
2018-10-03 03:01:03 | The Verizon PHIDBR: A Wake-Up Call for Healthcare Organizations (lien direct) | The healthcare industry continues to be challenged with securing patient health information. According to the Verizon Protected Health Information Data Breach Report (PHIDBR), 58 percent of all security incidents involved insiders, ransomware accounts for 70 percent of all malicious code and alarmingly basic security hygiene is still lacking at many healthcare organizations. The security challenge […]… Read More | Ransomware Data Breach | ||
 |
2018-10-02 16:30:02 | 200M Contacts Affected In Sales Engagement Startup Data Breach (lien direct) | The story broke today that Apollo, a sales engagement startup boasting a database of over 200 million contact records from 10 million companies, has been hacked. Jacob Serpa, Product Marketing Manager at Bitglass: “For any company that boasts a database of 200 million contacts from 10 million companies, cybersecurity must be a top priority. If other organizations want … The ISBuzz Post: This Post 200M Contacts Affected In Sales Engagement Startup Data Breach | Data Breach | ||
 |
2018-10-02 14:18:00 | Gwinnett Medical Center investigating possible data breach (lien direct) | After being contacted by Salted Hash about a possible data breach, Gwinnett Medical Center(GMC), a not-for-profit network of healthcare providers in Gwinnett County, Georgia, has confirmed they're investigating what they're calling an IT incident.Salted Hash first became aware of a possible data breach at GMC late last week, but the exact details surrounding the incident were not immediately available.What we learned was that on Saturday (Sept. 29), IT staff at GMC Lawrenceville became aware of an incident involving several hundred patient records at the least. Immediately following the discovery, the alleged attackers sent threats.Sometime later, an agent from the local FBI field office arrived and offered to assist, but it isn't clear if the FBI knew something was wrong, or if the law enforcement agency was called in after the threats were made. | Data Breach | ||
|
2018-10-02 11:54:00 | Facebook could face $1.63bn fine under GDPR over latest data breach (lien direct) | Facebook was fined £500,000 under the Data Protection Act for the Cambridge Analytica scandal but may not get away so lightly this time. | Data Breach | ||
|
2018-10-01 20:00:01 | Facebook Could Face Billions In Fines (lien direct) | In response to the news that Facebook could face billions in fines for its recent data breach, please see below comments from Hitesh Kargathra, Lead Security Consultant at Falanx Group. Hitesh Kargathra, Lead Security Consultant at Falanx Group: “Organisations are being judged less on whether they have suffered a data breach and more on how these … The ISBuzz Post: This Post Facebook Could Face Billions In Fines | Data Breach Guideline | ||
 |
2018-10-01 15:45:00 | October Events at Dark Reading You Can\'t Miss (lien direct) | Cybersecurity Month at Dark Reading is packed with educational webinars, from data breach response to small business security. | Data Breach | ||
|
2018-09-28 19:37:00 | Facebook Discloses Data Breach, 50 Million User Accounts Affected (lien direct) | Facebook announced on Friday that it recently discovered a data breach affecting 50 million user accounts. The social media giant said the security issue was uncovered by its engineering team on Tuesday, Sept. 25. “Our investigation is still in its early stages. But it's clear that attackers exploited a vulnerability in Facebook's code that impacted […]… Read More | Data Breach Vulnerability | ||
 |
2018-09-28 18:32:02 | Facebook Data Breach Impacts Almost 50 Million Accounts (lien direct) | Hackers exploited a flaw in Facebook's code impacting its “View As” feature. | Data Breach | ||
|
2018-09-28 18:30:00 | Over Half Of SMBs Have Experienced A Data Breach (lien direct) | Following Cisco’s SMB Cybersecurity Report, which has revealed that 53% of midmarket companies have experienced a data breach, Todd Peterson, Product Manager at One Identity, discusses why they are such an attractive target to hackers and how they can protect against attack. Todd Peterson, Product Manager at One Identity: “There are so many more SMBs … The ISBuzz Post: This Post Over Half Of SMBs Have Experienced A Data Breach | Data Breach | ||
 |
2018-09-27 10:24:03 | Uber pays $148m over data breach cover-up (lien direct) | The 2016 breach involved hackers grabbing data on millions of Uber customers and drivers. | Data Breach | Uber | |
|
2018-09-26 19:36:04 | Newsnow Suffers Data Breach (lien direct) | In response to the news that Newsnow, a popular news aggregator service, has suffered a data breach, please see below comments from Jake Moore, security specialist at ESET. Jake Moore, Security Specialist at ESET: “Hackers are far too keen to attempt using stolen passwords across other online accounts which will soon become compromised as well. … The ISBuzz Post: This Post Newsnow Suffers Data Breach | Data Breach | ||
|
2018-09-26 12:00:02 | SMBs face costs of up to $2.5 million after a data breach (lien direct) | Over half of SMBs have now had a taste of how disastrous the consequences of a data breach can be. | Data Breach | ||
 |
2018-09-26 02:11:04 | Variations in State Data Breach Disclosure Laws Complicate Compliance (lien direct) | New data breach notification laws are good news for consumers, better news for attorneys, but not very good news for businesses already struggling to stay on top of a constantly evolving regulatory landscape. | Data Breach | ||
|
2018-09-25 19:33:02 | Malware on SHEIN Servers Compromises Data of 6.4M Customers (lien direct) | A data breach targeting women's apparel giant SHEIN occurred between June and August 2018. | Data Breach Malware | ||
 |
2018-09-25 17:58:05 | Mozilla Launches Firefox Monitor Data Breach Notification Service (lien direct) | Mozilla has announced today the release of Firefox Monitor, a free service to help users find out whether or not their accounts have been part of a breach. This new service was created in partnership with Troy Hunt's Have I been Pwned, whose data is being supplied to Mozilla to power the Firefox Monitor service. [...] | Data Breach | ||
 |
2018-09-25 08:09:04 | SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users (lien direct) | U.S. online fashion retailer SHEIN has admitted that the company has suffered a significant data breach after unknown hackers stole personally identifiable information (PII) of almost 6.5 million customers.
Based in North Brunswick and founded in 2008, SHEIN has become one of the largest online fashion retailers that ships to more than 80 countries worldwide. The site has been initially
|
Data Breach | ||
|
2018-09-24 03:01:00 | 5 Notable Security Incidents that Recently Affected Federal Entities (lien direct) | Digital attackers have a history of targeting public sector organizations. For its 2018 Data Breach Investigations Report (DBIR), Verizon Enterprise tracked 22,788 security incidents that affected the public sector. Data disclosure occurred in 304 of those events; digital espionage via phishing or the use of a backdoor served as the most common pattern. Those techniques […]… Read More | Data Breach | ||
|
2018-09-20 23:21:02 | State Department Data Breach (lien direct) | Rich Campagna, CMO at Bitglass: “All organizations have a responsibility to keep their employee data safe – there is no room for error. This is particularly true of governmental groups that are supposed to be serving citizens and protecting their personal information. Unfortunately, despite the amount and type of data that these organizations handle, many are unprepared when it … The ISBuzz Post: This Post State Department Data Breach | Data Breach | ||
|
2018-09-20 11:09:03 | ICO to Fine Equifax £500,000 for 2017 Data Breach (lien direct) | The Information Commissioner’s Office (ICO) of the United Kingdom announced it will fine Equifax £500,000 for a data breach that occurred in 2017. In a monetary penalty notice filed on 19 September, the ICO revealed its decision to impose the maximum fine specified in section 55A of the Data Protection Act 1998 on Equifax. The […]… Read More | Data Breach | Equifax | |
 |
2018-09-20 10:44:02 | US State Department confirms data breach to unclassified email system (lien direct) | The US State Department confirmed that hackers breached one of its email systems, the attack potentially exposed personal information of some of its employees. The incident seems to have affected less than 1% of employee inboxes, 600-700 employees out of 69,000 people. “The Department recently detected activity of concern in its unclassified email system, affecting less […] | Data Breach | ||
|
2018-09-20 07:25:00 | Equifax fined £500,000 over customer data breach (lien direct) | If the security incident had taken place after GDPR came into play, the fine may have been far higher. | Data Breach | Equifax | |
|
2018-09-20 06:54:05 | UK Regulator Fines Equifax £500,000 Over 2017 Data Breach (lien direct) | Atlanta-based consumer credit reporting agency Equifax has been issued a £500,000 fine by the UK's privacy watchdog for its last year's massive data breach that exposed personal and financial data of hundreds of millions of its customers.
Yes, £500,000-that's the maximum fine allowed by the UK's Data Protection Act 1998, though the penalty is apparently a small figure for a $16 billion
|
Data Breach | Equifax | |
|
2018-09-19 23:12:00 | Equifax fined by ICO over data breach that hit Britons (lien direct) | The UK's Information Commissioner's Office imposes a fine of £500,000 over the 2017 breach. | Data Breach | Equifax | |
|
2018-09-19 18:40:05 | Independence Blue Cross Data Breach (lien direct) | Philadelphia-based insurer Independence Blue Cross confirmed about 17,000 people have been affected by a data breach when an employee uploaded member information including names, birth dates and diagnosis codes to a public website. Zohar Alon, Co-founder and CEO at Dome9 Security: “The Independence Blue Cross data breach represents yet another example of an exposure of sensitive information … The ISBuzz Post: This Post Independence Blue Cross Data Breach | Data Breach | ||
|
2018-09-19 08:02:05 | State Department reveals data breach, employee information exposed (lien direct) | The data breach took place due to a compromised email system belonging to the department. | Data Breach | ||
|
2018-09-19 06:14:00 | (Déjà vu) State Department confirms breach of unclassified email system (lien direct) | The U.S. State Department confirmed it suffered a data breach that exposed employee data; the breach affected the State Department's unclassified email system.It's not like the agency suddenly decided to tell the public about the breach, though. The incident came to light only after Politico got hold of a Sept. 7, 2018, “Sensitive but Unclassified” notice about the breach.After a State Department spokesperson confirmed the compromise of its email system, Politico was told, “This is an ongoing investigation, and we are working with partner agencies, as well as the private sector service provider, to conduct a full assessment.” | Data Breach | ||
|
2018-09-19 06:14:00 | (Déjà vu) State Department confirms breach of unclassified email system, employee data exposed (lien direct) | The U.S. State Department confirmed it suffered a data breach that exposed employee data; the breach affected the State Department's unclassified email system.It's not like the agency suddenly decided to tell the public about the breach; the incident only came to light after Politico got hold of a Sept. 7 “Sensitive but Unclassified” notice about the breach.After a State Department spokesperson confirmed the compromise of its email system, Politico was told, “This is an ongoing investigation and we are working with partner agencies, as well as the private sector service provider, to conduct a full assessment.” | Data Breach | ||
 |
2018-09-18 23:34:05 | US Dept of State says attack on email system exposed employees\' personal data (lien direct) |  The US Department of State has confirmed that it has suffered a data breach which exposed the personally identifiable information of some employees.
|
Data Breach | ||
|
2018-09-18 19:51:01 | Altaba To Settle Lawsuits Relating To Yahoo Data Breach For $47 Million – Victory For Yahoo Legal Team (lien direct) | Following the news about the Yahoo data breach for $47 million, Ilia Kolochenko, CEO of web security company at High-Tech Bridge commented below. Ilia Kolochenko, CEO at High-Tech Bridge: “Class actions are known to provide their members with very modest compensation compared to individual lawsuits. The settlement (subject to approval by court) makes slightly above … The ISBuzz Post: This Post Altaba To Settle Lawsuits Relating To Yahoo Data Breach For $47 Million – Victory For Yahoo Legal Team | Data Breach | Yahoo | |
|
2018-09-18 08:00:00 | ICO Inundated With False Data Breach Reports Since GDPR Came Into Force (lien direct) | Following the Information Commissioner’s Office (ICO) report that reveals it has been receiving 500 reports by telephone per week since GDPR came into force, a third of which are considered to be unnecessary or fail to meet the threshold for a data incident, Lillian Tsang, Senior Data Protection and Privacy Consultant from Falanx Group, explains why this over-reporting is … The ISBuzz Post: This Post ICO Inundated With False Data Breach Reports Since GDPR Came Into Force | Data Breach | ||
|
2018-09-14 15:55:03 | Freshmenu Fails To Inform Users Of Data Breach (lien direct) | It’s been reported that cloud kitchen platform Freshmenu has come under severe attack over allegations that it chose to keep under wraps a data breach two years ago that exposed the personal information of over 110,000 users. The incident from July 2016 was brought to light this week by data breach-tracker HaveIBeenPwned.com. As per HIBP, a breach in the systems of Freshmenu … The ISBuzz Post: This Post Freshmenu Fails To Inform Users Of Data Breach | Data Breach | ||
|
2018-09-14 13:00:00 | Things I Hearted this Week, 14th September 2018 (lien direct) |
With everything that keeps going on in the world of security, and the world at large, most eyes were focused on Tim Cook as he and his merry men took to the stage and announce the latest and greatest in Apple technology.
There didn’t seem to be anything totally mind-blowing on the phone end. Just looked to be more bigger, faster, and powerful versions of the iPhones at eye-watering prices.
The Apple watch now has a built-in FDA-approved ECG heart monitor. Which is pretty cool as an early-warning system that a stroke is imminent - I assume to allow you to take some smart HDR selfies, apply the correct filters, and post to Instagram before you collapse.
But enough about that, let’s get down to business.
British Airways Breached
BA suffered a rather large breach which included payment information (including CVV) and personal details.
While the investigation is ongoing, some security experts believe the breach was caused due to malicious code being injected into one of the external scripts in its payment systems.
British Airways hack: Infosec experts finger third-party scripts on payment pages | The Register
As an affected customer, I accept that companies get breached. But the advice seemed pretty poor.
British Airways breached | J4vv4D
Boards need to get more technical - NCSC
The government is calling on business leaders to take responsibility for their organisations’ cyber security, as the threat from nation state hackers and cyber criminal gangs continues to rise. Ciaran Martin, head of NCSC believes that cybersecurity is a mainstream business risk and that corporate leaders need to understand what threats are out there, and what are the most effective ways of managing the risks. They need to understand cyber risk in the same way they understand financial risk, or health and safety risk.
NCSC issues new advice for business leaders as Ciaran Martin admits previous guidance was “unhelpful” | New Statesman
Hunting in O365 logs
Cloud is great, but sometimes making sense of the logs can be a pain. If you’re struggling with O365 logs, then this document could be really useful.
Detailed properties in the Office 365 audit log | Microsoft
GCHQ data collection violated human rights, Strasbourg court rules
GCHQ’s methods in carrying out bulk interception of online communications violated privacy and failed to provide sufficient surveillance safeguards, the European court of human rights has ruled in a test case judgment.
But the Strasbourg court found that GCHQ’s regime for sharing sensitive digital intelligence with foreign governments was not illegal.
It is the first major challenge to the legality of UK intelligence agencies intercepting private communications in bulk, following Edward Snowden’s whistleblowing revelations.
GCHQ data collection violated human rights, Strasbourg court r |
Data Breach Threat Guideline | Tesla | |
|
2018-09-13 14:30:00 | Npower Investigating Personal Data Breach (lien direct) | Npower is urgently investigating how the personal details of around 5,000 of its customers were shared via letters sent out in the post and web security company High-Tech Bridge’s CEO Ilia Kolochenko commented below. Ilia Kolochenko, CEO at High-Tech Bridge: “If the overall scope of the incident is limited to 5,000 customers and does not disclose anything … The ISBuzz Post: This Post Npower Investigating Personal Data Breach | Data Breach | ||
|
2018-09-13 03:00:00 | Wanted: Data breach risk ratings, because not all breaches are equal (lien direct) | I recently downloaded every known, recorded data breach by the Privacy Rights Clearinghouse, which has been the most thorough and stalwart public recorder of data breaches in the United States for over two decades. The data file contained just over 8,600 data breaches. I found a few dupes and some missing or erroneous information, but overall, it's the best public, non-profit, and free source you're going to find. | Data Breach | ||
|
2018-09-11 19:30:02 | Over 5,000 Customers Affected By Park By Phone Breach (lien direct) | It has been reported that over 5,000 people have been affected by the data breach at Cork City's Park by Phone service, it emerged last night. The council stated that no personal bank account or credit/debit card details were accessed, no account balances were altered and no passwords were compromised, however it warned users of the service that it was … The ISBuzz Post: This Post Over 5,000 Customers Affected By Park By Phone Breach | Data Breach | ||
|
2018-09-11 19:24:01 | BA Cyber Attack Down To Malicious Code Exploited By Hackers (lien direct) | A cyber-security firm has said it found a malicious script injected into the British Airways website, which could be the cause of a recent data breach that affected 380,000 transactions. A RiskIQ researcher analysed code from BA’s website and app around the time when the breach began, in late August. He claimed to have discovered evidence of a … The ISBuzz Post: This Post BA Cyber Attack Down To Malicious Code Exploited By Hackers | Data Breach | ||
|
2018-09-11 13:03:04 | MageCart crime gang is behind the British Airways data breach (lien direct) | An investigation conducted by researchers at RiskIQ revealed that the responsible of the British Airways data breach is a crime gang tracked as MageCart. The responsible of the recently disclosed British Airways data breach is a crime gang tracked as MageCart. The group has been active since at least 2015 and compromised many e-commerce websites to steal payment card and […] | Data Breach | ★★★ | |
|
2018-09-10 13:50:00 | Security Experts Comments – British Airways Data Breach (second series) (lien direct) | News broke late last night that 380,000 sets of critical information from BA customers had been stolen. The airline said personal and financial details of customers making bookings had been compromised. BA said the breach took place between 22:58 BST on 21 August and 21:45 BST on 5 September. IT security experts commented below. Mayur Upadhyaya, Managing Director, EMEA at Janrain: … The ISBuzz Post: This Post Security Experts Comments – British Airways Data Breach (second series) | Data Breach | ||
|
2018-09-10 11:34:04 | Gift Card Exchange System Hit By Hackers (lien direct) | The giftcard/exchange system of the clothing chain C&A in Brazil has suffered a data breach at the hands of a hacking group known as Fatal Error Crew. Don Duncan, Security Engineer at NuData Security: “Hackers went for the gift card platform and were able to expose the ID numbers of gift cards, email addresses, the … The ISBuzz Post: This Post Gift Card Exchange System Hit By Hackers | Data Breach | ||
 |
2018-09-10 11:13:04 | Russian Charged in JPMorgan Chase Hack Extradited to US (lien direct) | A Russian national who’s been accused of hacking into JPMorgan Chase’s network in 2014 and stealing details for more than 83 million customers has been extradited to the United States to face hacking, wire fraud and other charges. View full story ORIGINAL SOURCE: Data Breach Today | Data Breach Hack | ||
|
2018-09-10 03:00:00 | What is the cost of a data breach? (lien direct) | Data breaches are getting more expensive Image by Getty ImagesThe average cost of a data breach has risen to $3.86 million, according to a new report from IBM. The latest version of its annual report shows a 6.6 percent increase in costs; including direct losses, indirect costs related to time and effort in dealing with a breach, and lost opportunities such as customer churn as result of bad publicity. |
Data Breach | ||
|
2018-09-08 16:43:00 | Peeled onions and a Minus Touch: Verizon data breach digest lifts the lid on theft tactics (lien direct) | The 2018 report gives us a glimpse of tactics hackers are using today in the name of data exfiltration. | Data Breach | ||
|
2018-09-07 14:15:02 | Security Experts Comments – British Airways Data Breach (lien direct) | In response to the news that British Airways has launched an “urgent” investigation and notified police after hundreds of thousands of customers' personal and financial details were stolen, IT security experts commented below. Jake Moore, Security Specialist at ESET: “After a large scale incident like this, fraudsters from around the world will inevitably jump at the chance … The ISBuzz Post: This Post Security Experts Comments – British Airways Data Breach | Data Breach | ||
|
2018-09-07 11:00:00 | British Airways Issues Apology for Severe Data Breach (lien direct) | The airline "is deeply sorry" for its worst-ever cyberattack, which has affected 380,000 customers. | Data Breach | ||
|
2018-09-07 10:49:01 | BA website and mobile app suffers data breach (lien direct) | The chief executive of British Airways has apologised for what he has called a very sophisticated breach of the firm’s security systems. Alex Cruz told the BBC that hackers carried out a “sophisticated, malicious criminal attack” on its website.The airline said personal and financial details of customers making bookings had been compromised. About 380,000 transactions ... | Data Breach | ||
|
2018-09-07 07:22:00 | British Airways boss apologises for \'illicit\' data breach (lien direct) | The airline says personal and financial details of customers making online bookings were compromised. | Data Breach | ||
|
2018-09-07 00:23:00 | British Airways Hacked – 380,000 Payment Cards Compromised (lien direct) | British Airways, who describes itself as "The World's Favorite Airline," has confirmed a data breach that exposed personal details and credit-card numbers of up to 380,000 customers and lasted for more than two weeks.
So who exactly are victims?
In a statement released by British Airways on Thursday, customers booking flights on its website (ba.com) and British Airways mobile app between
|
Data Breach |
To see everything:
Our RSS (filtrered)
