What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-10-15 20:11:00 | Click2Mail suffered a data breach that potentially impacts 200,000 registrants (lien direct) | Click2Mail.com, a US Postal Service affiliate partner, has suffered a data breach that exposed the personal information of its users. The US Postal Service affiliate partner Click2Mail has suffered a data breach that exposed the personal information of its users. The company allows its users to professionally print letters, flyers or postcards and deliver them […] | Data Breach | ||
|
2019-10-14 10:29:31 | (Déjà vu) Imperva explains how hackers stole AWS API Key and accessed to customer data (lien direct) | Imperva shared details on the incident it has recently suffered and how hackers obtain data on Cloud Web Application Firewall (WAF) customers. In August, cybersecurity firm Imperva disclosed a data breach that exposed sensitive information for some customers of its Cloud Web Application Firewall (WAF) product, formerly known as Incapsula. Incapsula, is a CDN service designed […] | Data Breach | ||
 |
2019-10-14 03:00:00 | Equifax data breach FAQ: What happened, who was affected, what was the impact? (lien direct) | In March 2017, personally identifying data of hundreds of millions of people was stolen from Equifax, one of the credit reporting agencies that assess the financial health of nearly everyone in the United States.As we'll see, the breach spawned a number of scandals and controversies: Equifax was criticized for everything ranging from their lax security posture to their bumbling response to the breach, and top executives were accused of corruption in the aftermath. And the question of who was behind the breach has serious implications for the global political landscape.How did the Equifax breach happen? Like plane crashes, major infosec disasters are typically the result of multiple failures. The Equifax breach investigation highlighted a number of security lapses that allowed attackers to enter supposedly secure systems and exfiltrate terabytes of data. | Data Breach | Equifax | |
 |
2019-10-11 17:10:00 | Click2Mail Suffers Data Breach (lien direct) | Mail provider discovered customer data being used in spam messages. | Data Breach Spam | ||
 |
2019-10-10 20:54:20 | Imperva blames data breach on stolen AWS API key (lien direct) | Imperva said it accidentally exposed an internal server from where a hacker stole an AWS API key. | Data Breach | ||
 |
2019-10-10 13:43:08 | (Déjà vu) Volusion Data Breach – Comments (lien direct) | It has been reported that hackers have breached the infrastructure of Volusion, a provider of cloud-hosted online stores, and are delivering malicious code that records and steals payment card details entered by users in online forms. More than 6,500 stores are impacted, but the number could be even higher. In a press release published last month, Volusion claimed … The ISBuzz Post: This Post Volusion Data Breach – Comments | Data Breach | ||
 |
2019-10-10 10:13:22 | Volusion data breach impacts 6,500 sites including the Sesame Street store (lien direct) | Hackers have breached the infrastructure of Volusion, a leading e-commerce solution for small businesses, allowing them to collect customer card details from between 6,500-20,000 sites. The attack occurred via the implementation of a modified JavaScript file that included malicious code that logs card details entered in online forms code. Here’s what cybersecurity experts had to say. Saryu […] | Data Breach Guideline | ||
|
2019-10-09 14:31:35 | Experts On The Challenges Of GDPR Compliance (lien direct) | Last week it was announced that after a GDPR fine of £183 million earlier this year, half a million British Airways customers were told they could sue the airline over a 2018 data breach which saw their bank details and addresses stolen by hackers. Whilst this certainly isn't the first large firm to be hit by … The ISBuzz Post: This Post Experts On The Challenges Of GDPR Compliance | Data Breach | ||
|
2019-10-09 09:16:14 | 10,000 customers credit card information stolen in data breach (lien direct) | Hackers may have absconded with tens of thousands of online shoppers’ credit card information in an attack on cloud infrastructure company, Volusion. According to ZDNet, multiple cyber security firms have confirmed the hack on Volusion, a software company that claims to provide infrastructure for more than 30,000 merchants. Among the affected parties are the Sesame Street […] | Data Breach Hack | ||
 |
2019-10-08 11:00:35 | Why a Cybersecurity Assessment Needs to Be Part of Your M&A Due Diligence Checklist (lien direct) | Failing to include a cybersecurity assessment on your merger and acquisition (M&A) due diligence checklist means risking a data breach - and potentially shaving millions off the price of the deal. | Data Breach | ||
|
2019-10-08 09:58:20 | Tū Ora Compass Health data breach exposes medical data of one million people (lien direct) | The health organization has admitted its failure in safeguarding user data. | Data Breach | ||
|
2019-10-07 20:33:25 | Data breach at Russian ISP impacts 8.7 million customers (lien direct) | Security breach took place in 2017, but user details are only now being shared online, including on Telegram channels. | Data Breach | ||
|
2019-10-07 08:45:45 | Data from Sephora and StreetEasy data breaches added to HIBP (lien direct) | The popular data breach notification service Have I Been Pwned? (HIBP) has added the stolen data from the StreetEasy and Sephora data incidents. Have I Been Pwned? (HIBP), the popular service that allows users to check whether their personal data has been compromised by data breaches has added the stolen data from the StreetEasy and Sephora data […] | Data Breach | ||
 |
2019-10-06 18:43:33 | Check If You Are in the Sephora and StreetEasy Data Breaches (lien direct) | Data breach lookup site Have I Been Pwned has added the stolen data from the StreetEasy and Sephora data breaches to their engine so that users can check if their information was exposed. [...] | Data Breach | ||
|
2019-10-04 15:10:00 | UAB Medicine Data Breach Exposes Patient Info in Phishing Attack (lien direct) | UAB Medical is the victim of a phishing attack that targeted the medical center's payroll department. This allowed the attackers to gain access to numerous employee emails that contained the health information for 19,557 patients. [...] | Data Breach | ||
 |
2019-10-03 07:28:01 | Zendesk Discloses Old Data Breach Affecting 10,000 Accounts (lien direct) | Customer support company Zendesk revealed on Wednesday that it has become aware of a security incident impacting thousands of accounts activated before November 2016. | Data Breach | ||
|
2019-10-02 21:33:42 | (Déjà vu) Zendesk 2016 security breach may impact Uber, Slack, and over 100k organizations (lien direct) | Zendesk discloses a data breach that took place in 2016 when a hacker accessed data of 10,000 users, including passwords, emails, names, and phone numbers. In 2016, customer service software company Zendesk suffered a security breach that exposed data of 10,000 users, including passwords, emails, names, and phone numbers. Zendesk software is currently used by […] | Data Breach | Uber | |
|
2019-10-02 17:42:00 | Zendesk discloses 2016 data breach (lien direct) | Zendesk said hacker accessed data of 10,000 users, including passwords, emails, names, and phone numbers. | Data Breach | ||
 |
2019-10-02 12:00:08 | Nearly 60% of businesses suffered a data breach in the past 3 years (lien direct) | Some 36% of companies who haven't suffered a breach said it is likely they are unknowingly experiencing one now. | Data Breach | ||
|
2019-10-02 09:40:36 | Nearly all companies have suffered a data breach (lien direct) | In the last three years, almost two thirds (60 per cent) of businesses have experienced a data breach. This is according to a new global report from Bitdefender, which also adds that those that haven't been attacked yet – expect to experience such a scenario soon. As a matter of fact, more than a third of […] | Data Breach | ||
|
2019-10-01 12:35:00 | Cost of Data Breach Hits $1.4M, Security Budgets Near $19M (lien direct) | Researchers report businesses with an internal SOC suffer half the average financial damage. | Data Breach | ||
|
2019-10-01 10:32:28 | (Déjà vu) Friends Players Compromised in Data Breach with 218M Words (lien direct) | The same attacker was reportedly behind the Collection #1 and Collection #2 data dumps earlier this year. A cybercriminal operating under the alias Gnosticplayers has broken into the Words with Friends database and gained access to 218 million player records, The Hacker News reports. The popular puzzle game is owned by Zynga, one of the […] | Data Breach | ||
|
2019-09-30 12:50:50 | Why companies must start rehearsing their responses now to give them the best possible chance of mitigating cyberattacks when – and not if – they happen (lien direct) | By David Cook, Senior Associate – Privacy and Cyber Security Compliance and Litigation at Eversheds Sutherland, and finalist in the Security Serious Unsung Heroes Awards. It seems like barely a week goes by without a high-profile data breach being reported on the front pages of our newspapers. Hacking and cyberattacks appear to be becoming more […] | Data Breach | ||
|
2019-09-30 11:00:00 | 218M Words with Friends Players Compromised in Data Breach (lien direct) | The same attacker was reportedly behind the Collection #1 and Collection #2 data dumps earlier this year. | Data Breach | ||
|
2019-09-30 03:00:00 | Marriott data breach FAQ: How did it happen and what was the impact? (lien direct) | In late 2018, the Marriott hotel chain announced that one of its reservation systems had been compromised, with hundreds of millions of customer records, including credit card and passport numbers, being exfiltrated by the attackers. While Marriott has not disclosed the full timeline or technical details of the assault, what we do know tells us quite a bit about the current threat landscape - and offers lessons for other enterprises on how to protect themselves.We answer 10 frequently asked questions.When was the Marriott breach? On September 8, 2018, an internal security tool flagged as suspicious an attempt to access the internal guest reservation database for Marriott's Starwood brands, which include the Westin, Sheraton, St. Regis, and W hotels. This prompted an internal investigation that determined, through a forensics process that Marriott has not discussed in detail, that the Starwood network had been compromised sometime in 2014 - back when Starwood had been a separate company. Marriott purchased Starwood in 2016, but nearly two years later, the former Starwood hotels hadn't been migrated to Marriott's own reservation system and were still using IT infrastructure inherited from Starwood, an important factor that we'll revisit in more detail later. | Data Breach Tool Threat | ||
|
2019-09-27 11:16:15 | Almost 5 million customers, delivery drivers and partners hit by DoorDash data breach – expert comments (lien direct) | Food delivery company, DoorDash, has confirmed it was hit by a data breach which exposed the data of close to 5 million customers, delivery people and partners. The breach took place in May of this year, and it’s unclear why it has taken DoorDash so long to reveal the details. According to a spokesperson for […] | Data Breach | ||
|
2019-09-27 10:43:53 | DoorDash Data Breach Impacts 4.9M Users – Experts Comments (lien direct) | DoorDash has confirmed a data breach impacting 4.9 million users including customers, delivery workers (Dashers) and merchants. The food delivery company said that the breach happened on May 4 and that customers who joined after April 5, 2019 are not affected. It's still unclear why it took several months for DoorDash to publicly address the incident. … The ISBuzz Post: This Post DoorDash Data Breach Impacts 4.9M Users – Experts Comments | Data Breach | ||
|
2019-09-27 09:53:47 | (Déjà vu) Data Breach exposes DoorDash data info of 5 Million Users (lien direct) | DoorDash has announced a data breach where an unauthorized user was able to gain access to the personal information of 4.9 million consumers, Dashers, and merchants. In a security notice published on their site and through emails being sent to affected users, DoorDash states that an unauthorized party was able to gain access to user […] | Data Breach | ||
|
2019-09-27 07:40:12 | DoorDash Data Breach exposes data of approximately 5 million users (lien direct) | DoorDash is a San Francisco–based on-demand food delivery service, the company confirmed it has suffered a data breach that exposed roughly 5 million users. DoorDash announced a data breach that exposed the personal information of 4.9 million consumers, Dashers, and merchants. According to the data breach notification sent to the impacted customers and the security note published […] | Data Breach | ||
 |
2019-09-27 02:08:41 | DoorDash Breach Exposes 4.9 Million Users\' Personal Data (lien direct) | Do you use DoorDash frequently to order your food online?
If yes, you are highly recommended to change your account password right now immediately.
DoorDash-the popular on-demand food-delivery service-today confirmed a massive data breach that affects almost 5 million people using its platform, including its customers, delivery workers, and merchants as well.
DoorDash is a San |
Data Breach | ||
|
2019-09-26 17:07:12 | DoorDash Data Breach Exposes Info of Roughly 5 Million Users (lien direct) | DoorDash has announced a data breach where an unauthorized user was able to gain access to the personal information of 4.9 million consumers, Dashers, and merchants. [...] | Data Breach | ||
 |
2019-09-26 13:24:44 | CrowdStrike-Ukraine Explained (lien direct) | Trump's conversation with the President of Ukraine mentions "CrowdStrike". I thought I'd explain this.What was said?This is the text from the conversation covered in this“I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike... I guess you have one of your wealthy people... The server, they say Ukraine has it.”Personally, I occasionally interrupt myself while speaking, so I'm not sure I'd criticize Trump here for his incoherence. But at the same time, we aren't quite sure what was meant. It's only meaningful in the greater context. Trump has talked before about CrowdStrike's investigation being wrong, a rich Ukrainian owning CrowdStrike, and a "server". He's talked a lot about these topics before.Who is CrowdStrike?They are a cybersecurity firm that, among other things, investigates hacker attacks. If you've been hacked by a nation state, then CrowdStrike is the sort of firm you'd hire to come and investigate what happened, and help prevent it from happening again.Why is CrowdStrike mentioned?Because they were the lead investigators in the DNC hack who came to the conclusion that Russia was responsible. The pro-Trump crowd believes this conclusion is false. If the conclusion is false, then it must mean CrowdStrike is part of the anti-Trump conspiracy.Trump always had a thing for CrowdStrike since their first investigation. It's intensified since the Mueller report, which solidified the ties between Trump-Russia, and Russia-DNC-Hack.Personally, I'm always suspicious of such investigations. Politics, either grand (on this scale) or small (internal company politics) seem to drive investigations, creating firm conclusions based on flimsy evidence. But CrowdStrike has made public some pretty solid information, such as BitLy accounts used both in the DNC hacks and other (known) targets of state-sponsored Russian hackers. Likewise, the Mueller report had good data on Bitcoin accounts. I'm sure if I looked at all the evidence, I'd have more doubts, but at the same time, of the politicized hacking incidents out there, this seems to have the best (public) support for the conclusion.What's the conspiracy?The basis of the conspiracy is that the DNC hack was actually an inside job. Some former intelligence officials lead by Bill Binney claim they looked at some data and found that the files were copied "locally" instead of across the Internet, and therefore, it was an insider who did it and not a remote hacker.I debunk the claim here, but the short explanation is: of course the files were copied "locally", the hacker was inside the network. In my long experience investigating hacker intrusions, and performing them myself, I know this is how it's normally done. I mention my own experience because I'm technical and know these things, in contrast with Bill Binney and those other intelligence officials who have no experience with such things. He sounds impressive that he's formerly of the NSA, but he was a mid-level manager in charge of budgets. Binney has never performed a data breach investigation, has never performed a pentest.There's other parts to the conspiracy. In the middle of all this, a DNC staffer was murdered on the street, possibley due to a mugging. Naturally this gets included as part of the conspiracy, this guy ("Seth Rich") must've been the "insider" in this attack, and mus | Data Breach Hack Guideline | NotPetya | |
|
2019-09-26 10:54:25 | Over 70,000 users\' data exposed via dating app, Heyyo (lien direct) | Yet another online dating data breach was reported, with yet another Elasticsearch server in question. Online dating app Heyyo has left an Elasticsearch server online without password protection. The unsecured server was discovered by security researchers at WizCase. The leak contained private information, including messages, photos, sexual preferences, occupation, and more for over 70,000 registered […] | Data Breach | ||
|
2019-09-26 10:53:13 | Over 8,000 Florida residents hit by possible data breach (lien direct) | The city of Palm Bay is monitoring a possible data breach involving the city's online utilities payment system. The company that operates the system found evidence of malware that may have compromised the billing information of thousands of customers. The city said the information on Click2Gov is encrypted, meaning if someone attempted to access billing information, […] | Data Breach Malware | ||
|
2019-09-23 12:03:18 | Verizon\'s Incident Preparedness And Response Report Urges Businesses To \'Be Prepared, Be Proactive And Practice, Practice, Practice\' (lien direct) | Incident Response Plans require frequent workouts to be fit for purpose NEW YORK – Businesses are more aware than ever of how cybercrime could impact their reputation, and their bottom line. Annual reports such as the Verizon Data Breach Investigations Report and the Verizon Insider Threat Report continue to flag those cyber-threats and trends that should be on every organization's radar. However, … The ISBuzz Post: This Post Verizon's Incident Preparedness And Response Report Urges Businesses To 'Be Prepared, Be Proactive And Practice, Practice, Practice' | Data Breach Threat | ||
 |
2019-09-23 08:46:59 | NEW TECH: How \'cryptographic splitting\' bakes-in security at a \'protect-the-data-itself\' level (lien direct) | How can it be that marquee enterprises like Capital One, Marriott, Facebook, Yahoo, HBO, Equifax, Uber and countless others continue to lose sensitive information in massive data breaches? Related: Breakdown of Capital One breach The simple answer is that any organization that sustains a massive data breach clearly did not do quite enough to protect […] | Data Breach | Equifax Yahoo Uber | |
|
2019-09-23 08:04:23 | Thinkful forces a password reset for all users after a data breach (lien direct) | The online education platform for developers Thinkful suffered a security breach and is notifying the incident to its customers requiring them to reset their passwords. The online education platform for developers Thinkful has suffered a data breach, just a few days after it has announced it would be acquired by the education tech firm Chegg for […] | Data Breach | ||
|
2019-09-20 15:43:55 | 200,000 Sign Petition Against Equifax Data Breach Settlement (lien direct) | 200,000 Sign Petition to "Force Equifax to Pay for Their Greed" | Data Breach | Equifax | |
|
2019-09-19 13:45:54 | Yahoo data breach settlement means affected users may get $100 (lien direct) | If you had a Yahoo account between January 1, 2012 and December 31, 2016, you may be entitled to a bit of money. | Data Breach | Yahoo | |
|
2019-09-18 16:15:52 | Malindo Air has confirmed passenger data breach. (lien direct) | KUALA LUMPUR: Malaysia’s Malindo Air, a subsidiary of Indonesia’s Lion Group, said on Wednesday (Sep 18) it was investigating a data breach involving the personal details of its passengers. Malindo Air’s statement followed a report by Moscow-based cybersecurity firm Kaspersky Lab that the details of around 30 million passengers of Malindo and fellow Lion Group subsidiary […] | Data Breach | ||
|
2019-09-18 07:11:00 | IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador\'s History (lien direct) | Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country's history.
Personal records of more than 20 million adults and children, both dead and alive, were found publicly exposed on an unsecured |
Data Breach | ||
|
2019-09-17 16:11:39 | Arrest made in Ecuador\'s massive data breach (lien direct) | Ecuador police arrest director of data analytics firm that leaked the personal records of most of Ecuador's population. | Data Breach | ||
|
2019-09-17 11:10:24 | Financial asset firm PCI ordered to pay $1.5 million for poor cybersecurity practices (lien direct) | Phillip Capital Inc. has been penalized for a data breach and failing to disclose the incident to clients quickly. | Data Breach | ||
|
2019-09-17 01:02:42 | Security Firm: Data Breach Exposes Millions of Ecuadorians (lien direct) | Millions of Ecuadorians are at risk of identity theft because a security breach exposed a trove of data including names, phone numbers and birth dates, a cyber security firm said Monday. | Data Breach | ||
 |
2019-09-16 13:00:00 | Hacker prevention: tips to reduce your attack surface (lien direct) |
These days it seems that every time you open your favorite news source there is another data breach related headline. Victimized companies of all sizes, cities, counties, and even government agencies have all been the subject of the “headline of shame” over the past several months or years. With all this publicity and the increasing awareness of the general public about how data breaches can impact their personal privacy and financial wellbeing, it is no surprise that there is a lot of interest in preventing hacking. The trouble is that there is no way to prevent others from attempting to hack into any target they chose. Since there is a practically limitless number of targets to choose from, the attacker need only be lucky or skilled enough to succeed once. In addition, the risk of successful prosecution of perpetrators remains low. However, while you can’t prevent hacking, you can help to reduce your attack surface to make your organization less likely to be the subject of attacks.
At this point, lets differentiate between opportunistic attacks and targeted attacks. Opportunistic attacks are largely automated, low-complexity exploits against known vulnerable conditions and configurations. Ever wonder why a small business with a small geographic footprint and almost no online presence gets compromised? Chances are good they just had the right combination of issues that an automated attack bot was looking to exploit. These kinds of events can potentially end a small to medium business as a going concern while costing the attacker practically nothing.
Targeted attacks are a different story all together. These attacks are generally low, slow and persistent; targeting your organizations technical footprint as well as your employees, partners and supply chain. While targeted attacks may utilize some of the same exploitable conditions that opportunistic attacks use, they tend to be less automated in nature so as to avoid possible detection for as long as possible. In addition, they may involve a more frequent use of previously unknown exploit vectors (“zero day’s”) to reach their goals or abuse trusted connections with third parties to gain access to your organization. Ultimately it doesn’t matter which of these kinds of attacks results in a breach event, but it is important to think of both when aligning your people, processes and technology for maximum effect to mitigate that risk.
There have been many articles written regarding best practices for minimizing the risk of a cyber-security incident. Rather than recount a list of commonly cited controls, I would like to approach the topic from a slightly different perspective and focus on the top six technical controls that I feel are likely to help mitigate the most risk, provided that all the “table stakes” items are in place (i.e. you have a firewall, etc.).
Patch and Update Constantly: Ultimately the most hacker-resistant environment is the one that is best administered. Organizations are short cutting system and network administration activities through budget / staff reductions and lack of training. This practice often forces prioritization and choice about what tasks get done sooner, later or at all. Over time this creates a large, persistent baseline of low to medium risk issues in the environment that can contribute to a wildfire event under the right conditions. Lack |
Data Breach Malware Hack | ||
|
2019-09-16 04:57:16 | How Cloud-Based Automation Can Keep Business Operations Secure (lien direct) | The massive data breach at Capital One – America's seventh-largest bank, according to revenue – has challenged many common assumptions about cloud computing for the first time.
Ironically, the incident, which exposed some 106 million Capital One customers' accounts, has only reinforced the belief that the cloud remains the safest way to store sensitive data.
"You have to compare [the cloud] |
Data Breach | ||
|
2019-09-12 10:45:02 | 5 Things You Can Do After a Data Breach to Help Mitigate Cost (lien direct) | >Reading Time: 5 minutes The cost of a data breach is rising, and a carefully planned and regularly rehearsed response can go a long way toward saving your company money in the wake of a security incident. | Data Breach | ||
 |
2019-09-12 08:00:22 | How to Foil the 6 Stages of a Network Intrusion (lien direct) | The cost of a breach is on the rise. A recent report from IBM revealed that the average cost of a data breach had risen 12 percent over the past five years to $3.92 million per incident on average. Additionally, this publication uncovered that data breaches originating from malicious digital attacks were both the most […]… Read More | Data Breach | ||
|
2019-09-12 03:00:42 | (Déjà vu) What to Do If You Receive a Legitimate \'Unusual Account Activity\' Notice (lien direct) | Sadly, it's all too common for consumers to receive notices of “unusual account activity” these days. Yes, service providers might send out these letters after learning of a data breach that affected a large portion of their customer base. But sprawling security incidents aren't the only motivation here for issuing these types of notifications. Indeed, […]… Read More | Data Breach | ||
|
2019-09-12 03:00:04 | What to Do If You Receive a Legitimate “Unusual Account Activity” Notice (lien direct) | Sadly, it's all too common for consumers to receive notices of “unusual account activity” these days. Yes, service providers might send out these letters after learning of a data breach that affected a large portion of their customer base. But sprawling security incidents aren't the only motivation here for issuing these types of notifications. Indeed, […]… Read More | Data Breach |
To see everything:
Our RSS (filtrered)
