What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-08-28 19:30:05 | NEWS: Complaints Are Up By 160% Since GDPR Came Into Force (lien direct) | In light of the news that data breach complaints are up by 160% since GDPR came into force, David Emm, Principal Security Researcher at Kaspersky Lab commented below. David Emm, Principal Security Researcher at Kaspersky Lab: “Given the growing focus on data protection issues, following the implementation of GDPR (General Data Protection Regulation), it's unfortunate that complaints … The ISBuzz Post: This Post NEWS: Complaints Are Up By 160% Since GDPR Came Into Force | Data Breach | ||
|
2018-08-28 12:15:00 | Atlas Quantum Data Breach (lien direct) | Recently Atlas Quantum, a cryptocurrency investment platform, announced a data breach that exposed the personal details of about 261,000 users. The compromised information includes names, phone numbers, email addresses and account balances of Atlas Quantum users. Anurag Kahol, CTO at Bitglass: “The Atlas Quantum data breach suggests that crypto services remain a high-profile target for hackers. Even those … The ISBuzz Post: This Post Atlas Quantum Data Breach | Data Breach | ||
 |
2018-08-28 10:24:04 | MY TAKE: As phishers take aim at elections, why not train employees to serve as phishing police? (lien direct) | If there is a data breach or some other cybersecurity incident, a phishing attack was probably involved. Over 90 percent of incidents begin with a phishing email. One of the more infamous hacks in recent years, the DNC data breach, was the result of a phishing attack. Related: Carpet bombing of phishing emails endures Phishing […] | Data Breach | ||
|
2018-08-27 12:30:01 | The Consequences Of The Superdrug Data Breach (lien direct) | It was reported that Superdrug had warned its online customers to change their passwords after criminals claimed to have obtained their personal details. The chain said the group claimed they had stolen details of 20,000 customers. IT security experts commented below. Dr Guy Bunker, SVP of Products at Clearswift: “The first thing to consider as a consequence of this breach … The ISBuzz Post: This Post The Consequences Of The Superdrug Data Breach | Data Breach | ||
 |
2018-08-26 08:29:04 | Personal details of 37,000 Eir customers exposed after the theft of a laptop (lien direct) | Personal details of 37,000 Eir customers exposed after the theft of a laptop, including names, email addresses, phone numbers and account numbers. Eir, the fixed, mobile and broadband telecommunications company of Ireland, has suffered a data breach this week. Personal details of 37,000 Eir customers have been exposed according to the telecommunications company. The root cause of […] | Data Breach | ||
 |
2018-08-24 13:40:00 | Cheddar\'s Scratch Kitchen Chain Suffers Data Breach (lien direct) | The cyberattack occurred sometime between Nov. 3, 2017, and Jan. 2, 2018. | Data Breach | ||
 |
2018-08-23 09:49:00 | Medical records of high school students leaked in \'appalling\' data breach (lien direct) | Medication, healthcare records, and conditions were all posted online for the world to see. | Data Breach | ||
|
2018-08-20 13:30:00 | Augusta University Health Reports Major Data Breach (lien direct) | Over 400K individuals affected by the breach, which was the result of a successful phishing attack that occurred in September 2017. | Data Breach | ||
|
2018-08-18 17:00:02 | 2.6 billion records exposed in 2,308 disclosed data breaches in H1 (lien direct) | According to a report from cyber threat intelligence firm Risk Based Security some 2.6. billion data records have been exposed in data breached in the first half of 2018. According to a new report titled “Mid-Year 2018 Data Breach QuickView” published by the cyber threat intelligence company Risk Based Security some 2.6. billion data records have been exposed […] | Data Breach Threat | ||
 |
2018-08-17 19:27:01 | Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning (lien direct) | On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent "ATM cashout" scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from more than two dozen cash machines across multiple countries. | Data Breach | ||
 |
2018-08-17 08:40:00 | IDG Contributor Network: Balancing cybersecurity and regulatory compliance (lien direct) | Rigorous regulations like GDPR and California's Consumer Privacy Act will only become more prevalent, as long as our current cybersecurity landscape continues to suffer the near-crippling data breach affliction. Attackers seem to be one step ahead of defenders, constantly changing their attack vectors as new technologies become available, such as artificial intelligence and automated bots. But is coming up with new laws protecting or hindering our progress?Regulatory compliance over cybersecurity As witnessed overseas, many companies are struggling to stay compliant with standards like GDPR, and are more focused on meeting the minimum requirement rather than proper security policies, which hackers can easily find weaknesses in. The result of regulatory requirements is that they become outdated fairly quickly in the cyber world. What's worse, regulation outlines that are made publicly available essentially provide hackers a roadmap to breaking through defenses. By the time governing bodies overseeing these standards implement measures to fix these vulnerabilities, it' already too late. Businesses are exhausting time, manpower and capital on regulatory compliance that is inherently vulnerable, rather than fool-proof defenses that will protect all stakeholders. | Data Breach | ★★★★ | |
 |
2018-08-16 13:35:03 | Some 2.6 billion data records exposed in first half of 2018 (lien direct) | The newly-released report provides an overview of the data breach landscape in the first half of this year | Data Breach | ★★★★★ | |
|
2018-08-13 03:00:00 | 3 reasons companies fail to assess the scope of a data breach (lien direct) | First comes the embarrassing breach announcement. Then, a few days or weeks later, another one -- a few million stolen records were missed the first time around. Then another announcement, with another upward correction. With each new revelation, the hacked organization loses credibility and faces greater liability. | Data Breach | ||
 |
2018-08-10 15:35:05 | Hackers phish Butlin\'s holiday camp chain, access customers\' personal data (lien direct) |  Fabled British holiday camp chain Bultin's has admitted that it has suffered a data breach that may have exposed details of 34,000 guests.
Read more in my article on the Hot for Security blog.
|
Data Breach | ||
|
2018-08-10 06:40:00 | How did the TimeHop data breach happen? (lien direct) | In July 2018, TimeHop, in a very transparent manner, discussed the breach of their service which affected approximately 21 million records, some of which included personal identifying information (PII) such as name, email, phone number, and date of birth, while others contained variants.Reviewing the sequence of events, we see that a trusted insider placed the company's data at risk when their employee credentials were used by a third-party to log into TimeHop's Cloud Computing Environment. How the intruder obtained the employee's log-in credentials is unknown. | Data Breach | ||
 |
2018-08-08 10:12:00 | UnityPoint Health could be sued for data breach affecting 1.4M (lien direct) | UnityPoint Health in West Des Moines, Iowa, could face a class-action lawsuit over a recent data breach that affected 1.4 million patients, according to the Wisconsin State Journal. This would mark the second class-action lawsuit against the system since May. The first complaint involved an email phishing attack, which compromised 16,429 patients’ protected health information in February. It alleged UnityPoint ... | Data Breach | ||
|
2018-08-08 10:09:04 | UniCredit cuts ties with Facebook over data breach scandal (lien direct) | The boss of Italy's biggest bank has ordered his staff to cut all the bank's ties with Facebook in direct response to the social network's behaviour revealed in the Cambridge Analytica data breach scandal. “Facebook is not acting in an ethical way,” Jean Pierre Mustier, chief executive of UniCredit, said on Tuesday. “We will not use ... | Data Breach | ||
|
2018-08-07 10:33:05 | Singapore explores virtual browsers following SingHealth data breach (lien direct) | Singapore is assessing the feasibility of rolling out virtual browsers to reduce the attack surface of healthcare systems, following a critical cybsecurity breach that compromised personal data of 1.5 million patients. Implementing virtual browsers would enable users to browse the web safely via quarantined servers, hence, reducing the number of potential attack points, said Singapore ... | Data Breach | ||
|
2018-08-06 13:00:03 | Clarksons Data Breach (lien direct) | Following the recent news regarding British shipping company, Clarksons, revealing that a data breach it suffered last year stemmed from a hack on a “single and isolated user account”, Joseph Carson, Chief Security Scientist at Thycotic offers the following comment. Joseph Carson, Chief Security Scientist at Thycotic: “Many organisations have failed to implement privileged access security and in … The ISBuzz Post: This Post Clarksons Data Breach | Data Breach Hack | ||
 |
2018-08-05 10:05:01 | Reddit hack: Users\' personal information compromised in a serious data breach (lien direct) | Reddit discloses hack, reveals hackers stole email addresses and old passwords Reddit, the social discussion, and forum-hosting website, in a blog post on Wednesday, said that a security breach earlier this summer has compromised personal information of some users, including email addresses and private messages. However, the company did not disclose how many of its […] | Data Breach | ||
|
2018-08-03 18:00:02 | Reddit Data Breach (lien direct) | Reddit has been in the news, following an incident where users' log in details were compromised. IT security experts commented below. Frederik Mennes, Senior Manager Market & Security Strategy, Security Competence Center at OneSpan: “In order to effectively deal with today's cyber security threats, organizations should protect their accounts with strong, multi-factor authentication. Reddit did so, but … The ISBuzz Post: This Post Reddit Data Breach | Data Breach | ||
 |
2018-08-03 13:00:00 | Things I Hearted this Week, 3rd Aug 2018 (lien direct) |
It’s August already. The kids are off on their summer vacations telling me how bored they are every 5 minutes, and the annual security gathering in Las Vegas of Blackhat, Defcon, and BsidesLV is all but upon us.
There will be no recap next week because I’ll probably be getting ready to fly home - but normal service should resume the following week.
The Red Pill of Resilience in InfoSec
Another insightful write up by Kelly Shortridge, which happens to be the full text of her keynote on resilience. It touches on, and expands many concepts to uncover what it really means to be resilient in infosec, and what the industry can do.
The Red Pill of Resilience in InfoSec | Medium, Kelly Shortridge
VDBIR Data
The Verizon Data Breach Report has become the staple go-to report for security professionals wanting to understand the breach landscape. But a once-a-year report is usually too long for most of us to wait to see what’s new.
So the good folk have created an interactive portal where you can explore the most common DBIR patterns.
VDBIR Portal | Verizon enterprise
Reddit Breached
Reddit disclosed a breach and say they’re still investigating. It appears that the attacker was able to bypass SMS-based two-factor (two-step) authentication.
We had a security incident. Here’s what you need to know | Reddit
It’s worth revisiting this blog by Paul Moore on the difference between two-factor and two-step authentication.
The difference between two-factor and two-step authentication | Paul Moore
Alex Stamos off to Academia
Facebook chief security officer Alex Stamos is leaving the social network to work on information warfare at Stanford University. The social network has not named any replacement.
Facebook's security boss is offski. Not to worry, it has 'embedded security' in all divisions | The Register
CISCO + DUO = DISCO!
Cisco has announced it will be acquiring DUO Security for $2.35bn in cash it found lying behind the sofa.
Cisco is buying Duo Security for $2.35B in cash | Tech Crunch
Farcial Recognition
Amazon’s face surveillance technology is the target of growing opposition nationwide, and today, there are 28 more causes for concern. In a test the ACLU recently conducted of the facial recognition tool, called “Rekognition,” the software incorrectly matched 28 members of Congress, identifying them as other people who have been arrested for a crime.
|
Data Breach Threat | ||
|
2018-08-03 10:50:05 | Two major Thai banks hacked, personal details from over 120,000 customers stolen (lien direct) | The Bank of Thailand (BOT) has confirmed that hackers have stolen information of more than 120,000 customers in a massive data breach into two major commercial banks. Cybersecurity operators at BOT has vowed to step up security measures and oversight after Kasikornbank and Krung Thai Bank reported cyber attacks during the Buddhist Lent holiday last ... | Data Breach | ||
|
2018-08-02 11:30:04 | Healthcare Data Breach Of 1.4M Patients (lien direct) | Iowa's UnityPoint Health has revealed it was the victim of a phishing attack that put the sensitive medical information of 1.4 million patients at risk, as reported by local media. Leon Lerman, CEO at Cynerio: “Healthcare organizations need to be on high alert for these types of phishing attacks like the one that targeted employees of UnityPoint Health. … The ISBuzz Post: This Post Healthcare Data Breach Of 1.4M Patients | Data Breach | ||
|
2018-08-02 10:14:02 | Smashing Security #089: Data breaches, ransomware, Bitcoin robberies, and typewriters (lien direct) |  Ransomware rears its head again, Dixons Carphone reveals its data breach was almost 1000% worse than they previously thought, a man is accused of stealing five million dollars worth of cryptocurrency through hijacking mobile phones, and a Canadian guy called Norman is rushing to get the typewriters out of storage.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist Geoff White.
|
Data Breach | ||
|
2018-08-02 00:55:01 | Reddit Breach Highlights Limits of SMS-Based Authentication (lien direct) | Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn't seem too severe. What's interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security. | Data Breach | ||
|
2018-08-01 22:02:03 | Reddit discloses a data breach, a hacker accessed user data (lien direct) | Reddit Warns Users of Data Breach Reddit is warning its users of a security breach, an attacker broke into the systems of the platform and accessed user data. Reddit is warning its users of a security breach, a hacker broke into the systems of the platform and accessed user data. The hacker accessed user data, email addresses, […] | Data Breach | ||
|
2018-08-01 14:45:00 | Reddit Warns Users of Data Breach (lien direct) | An attacker broke into Reddit systems and accessed user data, email addresses, and a database of hashed passwords from 2007. | Data Breach | ||
|
2018-08-01 14:15:04 | Yale University Data Breach (lien direct) | Yale officials are confirming Social Security Numbers Accessed in Yale University Data Breach. NBC reports the breach occurred between April 2008 and January 2009, and in 2011, Yale deleted personal information in that database as part of an effort to protect personal information on Yale servers, and was not aware at that time of the breach. Ryan Wilk, Vice President at NuData Security: “Yale University … The ISBuzz Post: This Post Yale University Data Breach | Data Breach | ||
 |
2018-08-01 11:03:04 | How Self-Assessment Can Help You Avoid a Data Breach (lien direct) | >Your business can avoid a data breach by using self-assessment tools to plan your cybersecurity approach. Doing so empowers you to focus on making the headlines with good news. Here's how. | Data Breach | ||
|
2018-08-01 10:45:05 | Yale data breach discovered 10 years too late (lien direct) | Yale University discovered it suffered a data breach — 10 years ago. The Yale data breach occurred at some point between April 2008 and January 2009, but officials are unsure exactly when. The Yale data breach included sensitive data such as names, Social Security numbers and birth dates on an unknown number of people, as well ... | Data Breach | ||
|
2018-08-01 10:44:04 | Police inform members of public about data breach (lien direct) | POLICE are understood to have informed a number of people and business owners that their private data may be in the hands of suspected loyalist paramilitaries. The information was thought to have been unintentionally given to loyalists subject to investigation. A number of computer devices were removed from loyalists for forensic examination as part of a police ... | Data Breach | ||
 |
2018-08-01 10:43:05 | Yale University Discloses Decade-Old Data Breach (lien direct) | "Because the intrusion happened nearly ten years ago, we do not have much more information about how it occurred." | Data Breach | ||
|
2018-08-01 10:37:02 | Dixons Carphone Breach: Much Larger Than First Thought (lien direct) | A data breach at Dixons Carphone that was made public last month | Data Breach | ||
|
2018-08-01 09:30:03 | Yale University discloses old school data breach (lien direct) | The data breach was discovered a decade too late to do anything about it. | Data Breach | ||
|
2018-08-01 09:06:02 | Understanding The Cyber Threat Landscape (lien direct) | In early July IBM Security and the Ponemon Institute released a new report titled “Cost of a Data Breach Study” In this study it was reported that that the global average cost of a data breach and the average cost for lost or stolen information both increased. The former is up 6.4 percent to £2.94 ... | Data Breach Threat | ||
|
2018-08-01 04:15:00 | IDG Contributor Network: Is California\'s Consumer Privacy Act of 2018 going to be GDPR version 2? (lien direct) | While there is time before the California Consumer Privacy Act of 2018 comes into effect, which is January 1, 2020, businesses need to start planning now for compliance. The CCPA provides California consumers with significantly expanded rights as to the collection and use of their personal information by businesses. It covers any business meeting revenue or data collection volume triggers and that collects or sells information about California residents.Applicability to businesses The CCPA uses a much broader definition of personal information than is generally used in privacy statutes in the United States, including the definition in California's own data breach notification statute. Personal information under the CCPA includes “information that identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.” With this broad definition, the types of information protected under the CCPA are much closer to those found in the European Union's General Data Protection Regulation (“GDPR”). | Data Breach | ||
|
2018-07-31 16:00:04 | (Déjà vu) Major Online Fashion Brands Suffer Data Breach Affecting 1.4 Million (lien direct) | Around 1.4 million customers of a number of UK clothing and accessories websites have had their personal information exposed following a security breach at an IT services provider that they were sharing. Brands such as Jaded London, AX Paris, Elle Belle Attire, Perfect Handbags, DLSB (Dirty Little Style Bitch), and Traffic People were affected. Lee Munson, … The ISBuzz Post: This Post Major Online Fashion Brands Suffer Data Breach Affecting 1.4 Million | Data Breach | ||
|
2018-07-31 15:00:03 | Dixons Carphone (lien direct) | It has been reported today that Dixons Carphone has announced that the huge data breach that took place last year involved 10 million customers, which is significantly up from its original estimate of 1.2 million. The company said personal information, names, addresses and email addresses may have been accessed, however no bank details were taken and it had found no … The ISBuzz Post: This Post Dixons Carphone | Data Breach | ||
|
2018-07-31 14:26:05 | Dixons Carphone Data Breach discovered in June affected 10 Million customers (lien direct) | Dixons Carphone announced on Monday that the security breach discovered in June affected around 10 million customers, much more than the initial estimate. Dixons Carphone, one of the largest European consumer electronics and telecommunication retailers, suffered a major data breach in 2017, but new data related to the incident have been shared. The situation was worse […] | Data Breach | ||
|
2018-07-31 12:00:00 | Yale Discloses Data Breach (lien direct) | The university discloses that someone stole personal information a long time ago. | Data Breach | ||
|
2018-07-31 10:39:03 | Clarksons says single user account to blame for data breach (lien direct) | The British shipping company had confidential information stolen after refusing to bow to blackmail. | Data Breach | ||
|
2018-07-31 08:59:02 | ICO reveals fivefold increase in personal data breach reports (lien direct) | The Information Commissioner’s Office (ICO) has revealed a big rise in the number of self-reported personal data breach notifications in the first full month following the introduction of the new General Data Protection Regulation (GDPR). During a webinar for data controllers posted on the ICO website, Laura Middleton, head of the ICO’s personal data breach ... | Data Breach | ||
 |
2018-07-31 07:46:02 | Dixons Carphone says data breach affected 10 million (lien direct) | The Carphone Warehouse and Currys PC World owner says details of 10 million customers have been affected. | Data Breach | ||
 |
2018-07-31 04:04:05 | Dixons Carphone Data Breach Affects 10 Million Customers (lien direct) | Dixons Carphone's 2017 data breach was worse than initially anticipated.
In an announcement on Monday, Dixons Carphone, one of the largest consumer electronics and telecommunication retailers in Europe, admitted that the breach affected around 10 million customers, up from an initial estimate of 1.2 million people the company acknowledged back in June.
The company, which has
|
Data Breach | ||
|
2018-07-30 12:34:03 | 1.4 million online fashion shoppers exposed after data breach at UK ecommerce provider (lien direct) |  Up to 1.4 million customers of a number of UK clothing and accessories websites have had their personal information exposed following a security breach at an IT services provider that they were sharing.
|
Data Breach | ||
|
2018-07-30 09:49:04 | Boys Town Healthcare Data Breach Exposed Personal Details of Patients (lien direct) | Another day, Another data breach!
This time-sensitive and personal data of hundreds of thousands of people at Boys Town National Research Hospital have been exposed in what appears to be the largest ever reported breach by a pediatric care provider or children's hospital.
According to the U.S. Department of Health and Human Services Office for Civil Rights, the breach incident affected
|
Data Breach | ||
|
2018-07-30 05:41:05 | Massive Singapore Healthcare Breach Possibly Involved Contractor (lien direct) | Researchers have come across two Pastebin posts that could shed more light on the data breach that resulted in the health records of 1.5 million Singaporeans getting stolen by hackers. | Data Breach | ||
|
2018-07-27 13:00:00 | Things I Hearted this Week, 27th July 2018 (lien direct) |
Welcome to your weekly security roundup, providing you all with the security news you deserve, but maybe might not need.
As always, these news stories are human-curated by me - no fancy algorithms, no machine learning, and definitely no trending topics here.
We are less than two weeks away from Blackhat in sunny Las Vegas. We’ll be there - pop along to booth 528 and say hello if you’re there.
Google: Security Keys Neutralized Employee Phishing
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes.
Google: Security Keys Neutralized Employee Phishing | Krebs on Security
While we’re on the topic of phishing, attackers used phishing emails to break into a Virginia bank twice in eight months, making off with more than $2.4 million in total. Now the bank is suing its cybersecurity insurance provider for refusing to fully cover the loss.
Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M | Krebs on Security
We’re probably going to see more of this kind of back and forth as companies that have taken out cyber insurance and suffered a breach fight with their insurers over liability and who will cover the cost.
Somewhat related:
Scam of the week, another new CEO fraud phishing wrinkle | KnowBe4
Breaking the Chain
Supply chain and third party risks are getting better understood, but understanding a risk doesn’t necessarily mean it will reduce the risk.
Tesla, VW, and dozens of other car manufacturers had their sensitive information exposed due to a weak security link in their supply chains.
Tesla, VW data was left exposed by supply chain vendor Level One Robotics | SC Magazine
SIM Swap - A Victim’s Perspective
This is a really good write-up by AntiSocial engineer taking a look at how SIM swap fraud can impact victims, and why mobile phone operators need to do more to prevent this kind of fraud.
“It’s an all too common story, the signal bars disappear from your mobile phone, you ring the phone number – it rings, but it’s not your phone ringing. Chaos ensues. You’re now getting password reset emails from Facebook and Google. You try to login to your bank but your password fails. Soon enough the emails stop coming as attackers reset your account passwords. You have just become the newest victim of SIM Swap Fraud and your phone number is now at the control of an unknown person.”
SIM Swap Fraud - a victim’s perspective | AntiSocial Engineer
EU Fails to Regulate IoT Security
In this week’s head-scratching moment of “what were they thinking?”, the European Commission has rejected consumer groups' calls for mandatory security for consumer internet-connected devices because they believe voluntar |
Data Breach Hack | Tesla | |
|
2018-07-27 11:35:05 | Incident Response Under GDPR: What to Do Before, During and After a Data Breach (lien direct) | >With GDPR in full swing, organizations need to prepare their incident response plans to move swiftly in the event of a breach and meet the mandated 72-hour incident disclosure window. | Data Breach |
To see everything:
