What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-09-27 10:00:00 | Combiner la sécurité et la sécurité des OT pour une gestion des cyber-risques améliorée Combining IT and OT security for enhanced cyber risk management (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Integrating IT and OT security for a comprehensive approach to cyber threats in the digital age. Historically, IT and OT have operated in separate worlds, each with distinct goals and protocols. IT, shaped by the digital age, has always emphasized the protection of data integrity and confidentiality. In this space, a data breach can lead to significant consequences, making it crucial to strengthen digital defenses. On the other hand, OT, a legacy of the Industrial Revolution, is all about ensuring machinery and processes run without interruptions. Any machine downtime can result in major production losses, making system availability and safety a top priority. This difference in focus has created a noticeable cultural gap. IT teams, often deep into data management, might not fully grasp the real-world impact of a stopped production line. Similarly, OT teams, closely connected to their machines, might not see the broader impact of a data breach. The technical challenges are just as significant. OT systems are made up of specialized equipment, many from a time before cybersecurity became a priority. When these older systems connect to modern IT networks, they can become weak points, open to today\'s cyber threats. This risk is even higher because many OT systems use unique protocols and hardware. These systems, once isolated, are now part of more extensive networks, making them accessible and vulnerable through different points in an organization\'s network. Additionally, common IT tasks, like updating software, can be more complex in OT. The equipment in OT often has specific requirements from their manufacturers. What\'s standard in IT can become a complicated task in OT because of the particular nature of its systems. Combining IT and OT is more than just a technical task; it\'s a significant change in how companies see and manage risks. From the physical risks during the Industrial Revolution, we\'ve moved to a time when online threats can have real-world effects. As companies become part of bigger digital networks and supply chains, the risks increase. The real challenge is how to unify IT and OT security strategies to manage cyber risks effectively. The imperative of unified security strategies According to a Deloitte study, a staggering 97% of organizations attribute many of their security challenges to their IT/OT convergence efforts. This suggests that the convergence of IT and OT presents significant challenges, highlighting the need for more effective security strategies that integrate both domains. Steps to integrate IT and OT security: Acknowledge the divide: The historical trajectories of IT and OT have been distinct. IT has emerged as a standardized facilitator of business processes, while OT has steadfastly managed tangible assets like production mechanisms and HVAC systems. Therefore, the first step towards a unified front is recognizing these inherent differences and fostering dialogues that bridge the understanding gap between IT and OT teams and leaders. Develop a unified security framework: Optimized architecture: Given the distinct design principles of OT, which traditionally prioritized isolated operations, it\'s crucial to devise an architecture that inherently safeguards each component. By doing so, any vulnerability in one part of the system won\'t jeopardize the overall network\'s stability and security. Regular vulnerability assessments: Both environments should be subjected to periodic assessments to identify and address potential weak links. Multi-factor authentication: For systems pivotal to critical inf | Data Breach Tool Vulnerability Threat Industrial | Deloitte | ★★ |
 |
2023-09-26 05:20:00 | SickKids affecté par la violation de données de Born Ontario qui a frappé 3,4 millions SickKids impacted by BORN Ontario data breach that hit 3.4 million (lien direct) |
L'hôpital pour les enfants malade, plus communément appelé SickKids, fait partie des prestataires de soins de santé qui ont été touchés par la récente violation de Born Ontario.L'hôpital pédiatrique canadien supérieur a révélé que dans le cadre de ses opérations, il partage des informations sur la santé personnelle avec Born Ontario «lié à la grossesse, à la naissance et aux soins aux nouveau-nés».[...]
The Hospital for Sick Children, more commonly known as SickKids, is among healthcare providers that were impacted by the recent breach at BORN Ontario. The top Canadian pediatric hospital disclosed that as a part of its operations, it shares personal health information with BORN Ontario "related to pregnancy, birth and newborn care." [...] |
Data Breach | ★★★ | |
 |
2023-09-25 17:18:22 | Pourquoi tu devrais phish dans ton propre étang Why You Should Phish In Your Own Pond (lien direct) |
Phishing & # 8211;ce fléau d'Internet depuis plusieurs décennies maintenant & # 8211;Reste & # 160; le vecteur d'attaque le plus populaire & # 160; quand il s'agit de mauvais acteurs essayant de mettre la main sur des informations confidentielles.Les cibles couvrent les entreprises commerciales, aux agences gouvernementales (il suffit de demander au service de police d'Irlande du Nord, qui a récemment subi une violation dévastatrice de données retracée au phishing).[& # 8230;]
Phishing – that scourge of the internet for several decades now – remains the most popular attack vector when it comes to bad actors trying to get their hands on confidential information. The targets span commercial enterprises, to government agencies (just ask the Police Service of Northern Ireland, which recently suffered a devastating data breach traced to phishing). […] |
Data Breach | ★★★ | |
|
2023-09-25 13:31:41 | La violation des données du registre des enfants nés de l'Ontario affecte 3,4 millions de personnes BORN Ontario child registry data breach affects 3.4 million people (lien direct) |
Le Registre & Network (né), une organisation de soins de santé financée par le gouvernement de l'Ontario, a annoncé qu'elle faisait partie des victimes de la Spree de piratage de ransomware de Clop Ransomware \\.[...]
The Better Outcomes Registry & Network (BORN), a healthcare organization funded by the government of Ontario, has announced that it is among the victims of Clop ransomware\'s MOVEit hacking spree. [...] |
Data Breach | ★★ | |
|
2023-09-23 10:04:15 | La violation nationale des données de la compensation des étudiants a un impact sur 890 écoles National Student Clearinghouse data breach impacts 890 schools (lien direct) |
US Educational National National Student Cleatinghouse a divulgué une violation de données affectant 890 écoles utilisant ses services aux États-Unis.[...]
U.S. educational nonprofit National Student Clearinghouse has disclosed a data breach affecting 890 schools using its services across the United States. [...] |
Data Breach | ★★ | |
|
2023-09-23 07:16:35 | Air Canada révèle la violation des données de l'employé et \\ 'certains enregistrements \\' Air Canada discloses data breach of employee and \\'certain records\\' (lien direct) |
Air Canada, le transporteur de drapeau et la plus grande compagnie aérienne du Canada, ont révélé un incident de cybersécurité cette semaine au cours de laquelle les pirates ont "brièvement" obtenu un accès limité à ses systèmes internes.L'incident a entraîné le vol d'une quantité limitée d'informations personnelles de certains de ses employés et de «certains dossiers».[...]
Air Canada, the flag carrier and the largest airline of Canada, disclosed a cyber security incident this week in which hackers "briefly" obtained limited access to its internal systems. The incident resulted in the theft of a limited amount of personal information of some of its employees and "certain records." [...] |
Data Breach | ★★★ | |
 |
2023-09-22 13:43:00 | Le NY College a obligé d'investir 3,5 millions de dollars en cybersécurité après une violation affectant 200 000 NY college forced to invest $3.5 million in cybersecurity after breach affecting 200,000 (lien direct) |
Le procureur général de l'État de New York oblige un collège à investir 3,5 millions de dollars dans la cybersécurité après qu'une violation de données de 2021 a divulgué des troves d'informations sensibles sur près de 200 000 personnes.Le procureur général Letitia James et Marymount Manhattan College (MMC) annoncée accord jeudi qui verra l'institution des arts libéraux de New York investir fortement
New York state\'s attorney general is forcing a college to invest $3.5 million into cybersecurity after a 2021 data breach leaked troves of sensitive information about almost 200,000 people. Attorney General Letitia James and Marymount Manhattan College (MMC) announced an agreement on Thursday that will see the New York City liberal arts institution invest heavily |
Data Breach | ★★ | |
|
2023-09-22 13:22:43 | La société cryptographique Nansen demande aux utilisateurs de réinitialiser les mots de passe après la violation du fournisseur Crypto firm Nansen asks users to reset passwords after vendor breach (lien direct) |
La société d'analyse d'Ethereum Blockchain Nansen demande à un sous-ensemble de ses utilisateurs de réinitialiser les mots de passe à la suite d'une violation récente de données chez son fournisseur d'authentification.[...]
Ethereum blockchain analytics firm Nansen asks a subset of its users to reset passwords following a recent data breach at its authentication provider. [...] |
Data Breach | ★★ | |
|
2023-09-22 11:05:02 | T-Mobile nie de nouvelles rumeurs de violation de données, indique le détaillant autorisé T-Mobile denies new data breach rumors, points to authorized retailer (lien direct) |
T-Mobile a nié avoir souffert d'une autre violation de données après des rapports de jeudi soir qu'un acteur de menace a divulgué une grande base de données contenant des données de T-Mobile \\ '.[...]
T-Mobile has denied suffering another data breach following Thursday night reports that a threat actor leaked a large database allegedly containing T-Mobile employees\' data. [...] |
Data Breach Threat | ★★ | |
|
2023-09-21 19:30:00 | La Nouvelle-Écosse affirme que toutes les victimes de la violation de Moveit ont été informées Nova Scotia says all victims of MOVEit breach have been notified (lien direct) |
L'une des premières organisations nord-américaines à subir une violation de données en raison d'une vulnérabilité dans le logiciel de transfert de fichiers Moveit indique qu'elle a informé plus de 165 000 personnes que leurs informations personnelles ont été volées.Le gouvernement de la Nouvelle-Écosse a déclaré jeudi qu'il avait fini d'envoyer des lettres à toutes les victimes de l'incident
One of the first North American organizations to suffer a data breach because of a vulnerability in the MOVEit file-transfer software says it has notified more than 165,000 people that their personal information was stolen. The government of Nova Scotia said on Thursday that it has finished sending letters to all victims of the incident |
Data Breach Vulnerability | ★★ | |
|
2023-09-21 17:15:00 | Air Canada affirme que les pirates ont accédé à des registres d'employés limités pendant la cyberattaque Air Canada says hackers accessed limited employee records during cyberattack (lien direct) |
La plus grande compagnie aérienne du Canada a annoncé une violation de données cette semaine qui impliquait les informations des employés, mais a déclaré que ses opérations et ses données clients n'avaient pas été touchées.Air Canada, l'une des plus anciennes compagnies aériennes du monde \\, avec plus de 1 300 vols par jour, a publié mercredi une déclaration expliquant une récente violation de données.L'entreprise n'a pas répondu
Canada\'s largest airline announced a data breach this week that involved the information of employees, but said its operations and customer data was not impacted. Air Canada, one of the world\'s oldest airlines running more than 1,300 flights a day, released a statement on Wednesday explaining a recent data breach. The company did not respond |
Data Breach | ★★ | |
|
2023-09-21 11:50:45 | Pizza Hut Australia avertit 193 000 clients d'une violation de données Pizza Hut Australia warns 193,000 customers of a data breach (lien direct) |
Pizza Hut Australia envoie des notifications de violation de données aux clients, avertissant qu'une cyberattaque a permis aux pirates de pirates d'accéder à leurs informations personnelles.[...]
Pizza Hut Australia is sending data breach notifications to customers, warning that a cyberattack allowed hackers to access their personal information. [...] |
Data Breach | ★★ | |
 |
2023-09-21 06:28:12 | La violation de données révèle des informations pénibles: les personnes qui commandent l'ananas sur pizza Data breach reveals distressing info: people who order pineapple on pizza (lien direct) |
Pizza Hut Australia avertit 190 000 clients \\ 'Data & # 8211;y compris l'historique des commandes & # 8211;a été accessible Pizza Hut \'s Australian Outpost a subi une violation de données.…
Pizza Hut Australia warns 190,000 customers\' data – including order history – has been accessed Pizza Hut\'s Australian outpost has suffered a data breach.… |
Data Breach | ★★ | |
 |
2023-09-20 12:10:03 | Les coûts de violation des données augmentent, mais les pros de la cybersécurité prennent toujours des risques Data Breach Costs Rise, But Cybersecurity Pros Still Take Risks (lien direct) |
|
Data Breach | ★★ | |
|
2023-09-20 10:02:01 | Les enquêtes coûteuses entraînent des coûts de violation de données croissants Expensive Investigations Drive Surging Data Breach Costs (lien direct) |
Les violations de données et leurs enquêtes deviennent extrêmement coûteuses pour l'entreprise.Apprenez de l'OutPost24 ci-dessous sur ce que votre entreprise peut faire pour réduire ces coûts.[...]
Data breaches and their investigations are becoming extremely costly for the enterprise. Learn from Outpost24 below about what your business can do to reduce these costs. [...] |
Data Breach | ★★ | |
 |
2023-09-20 05:00:47 | Toutes les vulnérabilités ne sont pas créées égales: les risques d'identité et les menaces sont la nouvelle vulnérabilité Not All Vulnerabilities Are Created Equal: Identity Risks and Threats Are the New Vulnerability (lien direct) |
If the history of cyber threats has taught us anything, it\'s that the game is always changing. The bad actors show us a move. We counter the move. Then, the bad actors show us a new one. Today, that “new move” is the vulnerable state of identities. Attackers realize that even if the network and every endpoint and device are secured, they can still compromise an enterprise\'s resources by gaining access to one privileged account. There is a lot of opportunity to do that, too. Within companies, one in six endpoints has an exploitable identity risk, as research for the Analyzing Identity Risks (AIR) Research Report from Proofpoint found. “Well, that escalated quickly.” The latest Data Breach Investigations Report from Verizon highlights the risks of complex attacks that involve system intrusion. It also underscores the need to disrupt the attacker once they are inside your environment. Once they have that access, they will look for ways to escalate privileges and maintain persistence. And they will search for paths that will allow them to move across the business so that they can achieve their goals, whatever they may be.hey may be. This problem is getting worse because managing enterprise identities and the systems to secure them is complex. Another complication is the constant changes to accounts and their configurations. Attackers are becoming more focused on privileged identity account takeover (ATO) attacks, which allow them to compromise businesses with ease and speed. At least, as compared with the time, effort and cost that may be required to exploit a software vulnerability (a common vulnerability and exposure or CVE). We should expect this trend to continue, given that ATOs have reduced attacker dwell times from months to days. And there is little risk that attackers will be detected before they are able to complete their crimes. How can IT and security leaders and their teams respond? A “back to the basics” approach can help. Shifting the focus to identity protection Security teams work to protect their networks, systems and endpoints in their infrastructure, and they have continued moving up the stack to secure applications. Now, we need to focus more on ways to improve how we protect identities. That is why an identity threat detection and response (ITDR) strategy is so essential today. We tend to think of security in battle terms; as such, identity is the next “hill” we need to defend. As we have done with the network, endpoint and application hills in the past, we should apply basic cyber hygiene and security posture practices to help prevent identity risk. There is value in using preventative and detective controls in this effort, but the former type of control is preferred. (It can cost less to deploy, too.) In other words, as we take this next hill to secure identity threats, we should keep in mind that an ounce of prevention is worth a pound of cure. Identity as a vulnerability management asset type Businesses should consider managing remediation of the identity vulnerabilities that are most often attacked in the same or a similar way to how they manage the millions of other vulnerabilities across their other asset types (network, host, application, etc.). We need to treat identity risk as an asset type. Its vulnerability management should be included in the process for prioritizing vulnerabilities that need remediation. A requirement for doing this is the ability to scan the environment on a continuous basis to discover identities that are vulnerable now-and learn why are at risk. Proofpoint SpotlightTM provides a solution. It enables: The continuous discovery of identity threats and vulnerability management Their automated prioritization based on the risk they pose Visibility into the context of each vulnerability And Spotlight enables fully automated remediation of vulnerabilities where the remediation creates no risk of business interruption. Prioritizing remediation efforts across asset types Most enterprises have millions of vulnerabilities across their | Data Breach Vulnerability Threat Prediction | ★★ | |
 |
2023-09-19 12:56:01 | Plus d'un tiers de la population britannique pense que la prison est la punition la plus appropriée pour les personnes responsables de la violation des données Over a Third of UK Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach (lien direct) |
Les nouvelles statistiques de la cyber-exo internationale révèlent qu'en cas de violation de données dans une organisation, près d'une personne sur cinq (19%) à travers le Royaume-Uni croient que la ou les personnes qui ont permis l'entrée initiale via le phishing, la mauvaise sécuritéles pratiques, etc. doivent être tenues les plus responsables et faire face à la pénalité la plus sévère.De plus, de ces individus, [& # 8230;]
New statistics by International Cyber Expo reveal that in the event of a data breach at an organisation, nearly one in every five (19%) individuals across the UK believe the person(s) who allowed initial entry via phishing, poor security practices etc. should be held most responsible and face the harshest penalty. Additionally, of these individuals, […] |
Data Breach Studies | ★★ | |
 |
2023-09-19 09:30:00 | L'acteur de menace réclame une violation de données de transunion majeure Threat Actor Claims Major TransUnion Data Breach (lien direct) |
Le compromis de la base de données remonte à mars 2022
Database compromise dates back to March 2022 |
Data Breach Threat | ★★ | |
|
2023-09-19 05:00:12 | Pourquoi les données sur les soins de santé sont difficiles à protéger et quoi faire à ce sujet Why Healthcare Data Is Difficult to Protect-and What to Do About It (lien direct) |
Hospitals, clinics, health insurance providers and biotech firms have long been targets for cyber criminals. They handle data like protected health information (PHI), intellectual property (IP), clinical trial data and payment card data, giving attackers many options to cash in. And as healthcare institutions embrace the cloud, remote work and telehealth, the risks of attacks on this data only increase. Besides outside attackers, insider risk is another concern in an industry where employees face high and sustained levels of stress. And then there\'s the increasing risk of ransomware. In the 2022 Internet Crime Report from the FBI\'s Internet Crime Complaint Center, healthcare was called out as the critical infrastructure industry hardest hit by ransomware attacks. In this blog, we\'ll take a look at some of the information protection challenges faced by the healthcare industry today. And we\'ll look at some solutions. Healthcare data breach costs Not only are data breaches in healthcare on the rise, but the costs for these breaches are high for this industry, too. IBM\'s Cost of a Data Breach Report 2023 says that the average cost of a healthcare data breach in the past year was $11 million. These costs can include: Ransoms paid Systems remediation Noncompliance fines Litigation Brand degradation There\'s a high cost in terms of disruptions to patient care as well. System downtime or compromised data integrity due to cyber attacks can put patients at risk. For example, when Prospect Medical Holdings faced a recent cyber attack, its hospitals had to shut down their IT networks to prevent the attack\'s spread. They also needed to revert to paper charts. The Rhysida ransomware gang claimed responsibility for that attack, where a wealth of data, including 500,000 Social Security numbers, patient files, and legal documents, was stolen. Information protection challenges in healthcare Healthcare firms face many challenges in protecting sensitive data. They include: Insider threats and electronic health record (EHR) snooping What are some insider threats that can lead to data breaches in healthcare? Here\'s a short list of examples: Employees might sneak a peek at the medical records of a famous patient and share the details with the media. Careless workers could click on phishing emails and open the door to data theft. Malicious insiders can sell patient data on the dark web. Departing employees can take valuable research data with them to help along own careers. A growing attack surface due to cloud adoption Most healthcare businesses are increasing their use of cloud services. This move is helping them to improve patient care by making information more accessible. But broad sharing of files in cloud-based collaboration platforms increases the risk of a healthcare data breach. It is a significant risk, too. Proofpoint threat intelligence shows that in 2022, 62% of all businesses were compromised via cloud account takeover. Data at risk across multiple data loss channels When EHRs are housed on-premises, patient records can still be accessed, shared and stored on remote endpoint and cloud-based collaboration and email systems. And as healthcare data travels across larger geographies, protecting it becomes much more of a challenge. How Proofpoint can help Our information protection platform, Proofpoint Sigma, provides unmatched visibility and control over sensitive data across email, cloud, web and endpoints. This unified platform allows healthcare businesses to manage data risk, while saving time and reducing operational costs. We can help protect your data from accidental disclosure, malicious attacks and insider risk. As the healthcare industry continues to adopt remote work and telehealth, there is one particular Proofpoint solution that stands out for its ability to help safeguard data. That\'s Proofpoint Insider Threat Management (ITM). It monitors user and data activity on endpoints. And it allows security teams to detect, investigate and respond to potential data l | Ransomware Data Breach Threat Medical Cloud | ★★ | |
|
2023-09-18 05:00:09 | Comment mieux sécuriser et protéger votre environnement Microsoft 365 How to Better Secure and Protect Your Microsoft 365 Environment (lien direct) |
Microsoft 365 has become the de facto standard for email and collaboration for most global businesses. At the same time, email continues to be the most common attack vector for threat actors. And spam, phishing, malware, ransomware and business email compromise (BEC) attacks keep increasing in both their sophistication and impact. Verizon\'s 2023 Data Breach Investigations Report highlights the upward trend BEC attacks, noting that they have doubled over the past year and comprise 60% of social engineering incidents. While Microsoft 365 includes basic email hygiene capabilities with Exchange Online Protection (EOP), you need more capabilities to protect your business against these attacks. Microsoft offers Defender for Office 365 (MDO) as part of its security tool set to bolster security. And it\'s a good place to start, but it simply can\'t stop today\'s most sophisticated email threats. That\'s why analysts suggest you augment native Microsoft 365 security to protect against advanced threats, like BEC and payload-less attacks such as TOAD (telephone-oriented attack delivery). “Supplement the native capabilities of your existing cloud email solutions with third-party security solutions to provide phishing protection for collaboration tools and to address both mobile- and BEC-type phishing scenarios.” Source: 2023 Gartner Market Guide for Email Security The rise of cloud-based email security solutions Email threats are nothing new. For years now, secure email gateways (SEG) have been the go-to solution to stop them. They filter spam, phishing emails and malware before they can get to users\' inboxes. But with more businesses adopting cloud-based email platforms-particularly Microsoft 365-alternative email security solutions have appeared on the market. Gartner calls them integrated cloud email security (ICES); Forrester refers to them as cloud-native API-enabled email security (CAPES). These solutions leave the basic email hygiene and handling of email traffic to Microsoft. Then, they examine the emails that are allowed through. Essentially, they identify threats that have slipped past Microsoft\'s defenses. The main advantage of ICES and CAPES is their ease of deployment and evaluation. They simply require a set of permissions to the Microsoft 365 installation, and they can start detecting threats right away. It\'s easy to remove these solutions, too, making it simple and straightforward to evaluate them. Two deployment models: the good and the bad When you\'re augmenting Microsoft 365 email security, you have several options for deployment. There\'s the post-delivery, API-based approach, which is used by ICES and CAPEs. And there\'s the pre-delivery, MX-based approach used by SEGs. Post-delivery deployment (API-based model) In this scenario, Microsoft provides an API to allow third-party vendors to receive a notification when a new email is delivered to a user\'s mailbox. Then, they process the message with their platform. If a threat is found, it can be deleted or moved to a different folder, like quarantine or junk. However, this approach presents a risk. Because a message is initially delivered to the mailbox, a user still has a chance to click on it until the threat is retracted. Emails must be processed fast or hidden altogether while the solution scans the message for threats. Analyzing attachments for malware or running them through a sandbox is time-consuming, especially for large or complex attachments. There are also limits on how many alerts from Microsoft 365 that cloud-based email security solutions can receive. Pre-delivery deployment (MX-based model) This approach is useful for businesses that want to detect and prevent email threats before they reach their users\' inboxes. As the name suggests, email is processed before it is delivered to a user\'s inbox. To enable this model, an organization\'s DNS email exchange (MX) record must be configured to a mail server. The MX record indicates how email messages should be routed in | Ransomware Data Breach Malware Tool Threat Prediction Cloud | ★★★ | |
 |
2023-09-15 16:43:00 | L'interdépendance entre la collection automatisée des renseignements sur les menaces et les humains The Interdependence between Automated Threat Intelligence Collection and Humans (lien direct) |
Le volume des vulnérabilités de la cybersécurité augmente, avec près de 30% de vulnérabilités supplémentaires trouvées en 2022 contre 2018. Les coûts augmentent également, avec une violation de données en 2023 coûtant 4,45 millions de dollars en moyenne contre 3,62 millions de dollars en 2017.
Au deuxième trimestre 2023, un total de 1386 victimes ont été réclamées par des attaques de ransomwares contre seulement 831 au premier tri
The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1 2023. The MOVEit attack has claimed over 600 victims so far and that number is still |
Ransomware Data Breach Vulnerability Threat | ★★★ | |
 |
2023-09-15 06:00:00 | Manchester Police Data Breach Un incident de chaîne d'approvisionnement classique Manchester police data breach a classic supply chain incident (lien direct) |
Le volume des vulnérabilités de la cybersécurité augmente, avec près de 30% de vulnérabilités supplémentaires trouvées en 2022 contre 2018. Les coûts augmentent également, avec une violation de données en 2023 coûtant 4,45 millions de dollars en moyenne contre 3,62 millions de dollars en 2017.
Au deuxième trimestre 2023, un total de 1386 victimes ont été réclamées par des attaques de ransomwares contre seulement 831 au premier tri
The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1 2023. The MOVEit attack has claimed over 600 victims so far and that number is still |
Data Breach | ★★★ | |
|
2023-09-14 05:00:42 | Maximiser les soins aux patients: sécuriser le cheval de travail des e-mails des portails de santé, des plateformes et des applications Maximizing Patient Care: Securing the Email Workhorse of Healthcare Portals, Platforms and Applications (lien direct) |
In the modern healthcare industry, healthcare portals, platforms and applications serve as tireless workers. They operate around the clock, making sure that crucial information reaches patients and providers. At the heart of it all is email-an unsung hero that delivers appointment reminders, test results, progress updates and more. Healthcare portals, platforms and applications and many of the emails they send contain sensitive data. That means they are a top target for cyber criminals. And data breaches can be expensive for healthcare businesses. Research from IBM shows that the average cost of a healthcare data breach-$10.93 million-is the highest of any industry. In addition, IBM reports that since 2020 data breach costs have increased 53.3% for the industry. In this post, we explore how a Proofpoint solution-Secure Email Relay-can help healthcare institutions to safeguard patient information that is transmitted via these channels. Healthcare technology in use today First, let\'s look at some of the main types of healthcare portals, platforms and applications that are in use today. Patient portals. Patient portals have transformed the patient and provider relationship by placing medical information at patients\' fingertips. They are a gateway to access medical records, view test results and schedule appointments. And they offer patients a direct line to communicate with their healthcare team. The automated emails that patient portals send to patients help to streamline engagement. They provide useful information and updates that help people stay informed and feel more empowered. Electronic health record (EHR) systems. EHR applications have revolutionized how healthcare providers manage and share patient information with each other. These apps are digital repositories that hold detailed records of patients\' medical journeys-data that is used to make medical decisions. EHR apps send automated emails to enhance how providers collaborate on patient care. Providers receive appointment reminders, critical test results and other vital notifications through these systems. Health and wellness apps. For many people, health and wellness apps are trusted companions. These apps can help them track fitness goals, monitor their nutrition and access mental health support, to name a few services. Automated emails from these apps can act as virtual cheerleaders, too. They provide users with reminders, progress updates and the motivation to stick with their goals. Telemedicine platforms. Telemedicine platforms offer patients access to virtual medical consultations. They rely on seamless communication-and emails are key to that experience. Patients receive emails to remind them about appointments, get instructions on how to join virtual consultations, and more. The unseen protector: security in healthcare emails Healthcare providers need to safeguard patient information, and that includes when they rely on healthcare portals, platforms and applications to send emails to their patients. Proofpoint Secure Email Relay (SER) is a tool that can help them protect that data. SER is more than an email relay. It is a security-centric solution that can ensure sensitive data is only exchanged within a healthcare ecosystem. The solution is designed to consolidate and secure transactional emails that originate from various clinical and business apps. SER acts as a guardian. It helps to ensure that compromised third-party entities cannot exploit domains to send malicious emails-which is a go-to tactic for many attackers. Key features and benefits of Proofpoint SER Here are more details about what the SER solution includes. Closed system architecture Proofpoint SER features a closed-system approach. That means it permits only verified and trusted entities to use the email relay service. This stringent measure can lead to a drastic reduction in the risk associated with vulnerable or compromised email service providers. No more worrying about unauthorized users sending emails in your business\'s name. Enhanced security contro | Data Breach Tool Medical Cloud | ★★ | |
|
2023-09-13 15:57:05 | Rollbar divulgue la violation des données après que les pirates ont volé des jetons d'accès Rollbar discloses data breach after hackers stole access tokens (lien direct) |
La société de suivi des bogues logicielles Rollbar a divulgué une violation de données après que des attaquants inconnus ont piraté ses systèmes début août et ont eu accès aux jetons d'accès client.[...]
Software bug-tracking company Rollbar disclosed a data breach after unknown attackers hacked its systems in early August and gained access to customer access tokens. [...] |
Data Breach | ★★ | |
 |
2023-09-13 13:00:00 | Coût d'une violation de données 2023: Impacts de l'industrie pharmaceutique Cost of a data breach 2023: Pharmaceutical industry impacts (lien direct) |
> Les violations de données sont à la fois courantes et coûteuses dans l'industrie médicale.& # 160; deux verticales de l'industrie qui relèvent du parapluie médical & # 8212;Healthcare and Pharmaceuticals & # 8212;Asseyez-vous en haut de la liste du coût moyen le plus élevé d'une violation de données, selon le coût d'un rapport de violation de données IBM.
>Data breaches are both commonplace and costly in the medical industry. Two industry verticals that fall under the medical umbrella — healthcare and pharmaceuticals — sit at the top of the list of the highest average cost of a data breach, according to IBM’s Cost of a Data Breach Report 2023. The health industry’s place […] |
Data Breach Medical | ★★★ | |
|
2023-09-12 18:32:48 | AP StyleBook Bravel compromet les informations personnelles des clients AP Stylebook Data Breach Compromises Customer Personal Information (lien direct) |
|
Data Breach | ★★★ | |
|
2023-09-12 16:15:00 | Les entreprises britanniques pourraient échapper aux amendes de violation de données si elles s'engagent avec le NCSC sur les cyber-incidents UK businesses could escape data breach fines if they engage with NCSC over cyber incidents (lien direct) |
Les organisations britanniques qui subissent une violation de données peuvent faire face à des amendes plus faibles si - au lieu de tenter de cacher l'incident - elles signalent de manière proactive et s'engagent avec l'agence de cybersécurité du pays \\, selon un nouvel accord entre l'agence et le régulateur de protection des données.Les chefs de la direction du Centre national de cybersécurité du Royaume-Uni \\
British organizations that suffer a data breach may face lower fines if - instead of attempting to conceal the incident - they proactively report and engage with the country\'s cybersecurity agency, according to a new agreement between the agency and the data protection regulator. The chief executives of the United Kingdom\'s National Cyber Security Centre |
Data Breach | ★★ | |
 |
2023-09-12 14:36:39 | Utilisateur de l'administrateur racine: Quand les noms d'utilisateur communs représentent-ils une menace? Root Admin User: When Do Common Usernames Pose a Threat? (lien direct) |
> Notre PDG Brian Honan parle à la violation de données aujourd'hui au Group de médias de sécurité de l'information (ISMG) sur la nécessité de supprimer ou de restreindre les noms d'utilisateur par défaut.Lire la suite>
>Our CEO Brian Honan speaks to Data Breach Today at Information Security Media Group (ISMG) about the need to remove or restrict default usernames. Read More > |
Data Breach | ★★ | |
|
2023-09-12 12:10:07 | Les violations de sécurité sont en hausse, ici \\ est comment les identités vérifiées peuvent aider Security Breaches Are On The Rise, Here\\'s How Verified Identities Can Help (lien direct) |
Il n'y a que trois certitudes dans la vie.Décès, taxes et cybercriminels qui tentent de voler des informations qu'ils peuvent retourner pour de l'argent.Le rapport annuel d'enquête annuel sur les violations de données de Verizon a analysé plus de 23 000 incidents de sécurité survenus en 2022 seulement, démontrant comment les tentatives de récolte d'informations illicites ont proliféré.L'une des tendances les plus intéressantes pour émerger [& # 8230;]
There are only three certainties in life. Death, taxes and cybercriminals attempting to steal information they can flip for money. Verizon\'s annual Data Breach Investigation Report analyzed more than 23,000 security incidents that occurred in 2022 alone, demonstrating just how attempts at illicit information harvesting have proliferated. One of the more interesting trends to emerge […] |
Data Breach | ★★ | |
 |
2023-09-11 12:01:19 | Les dymocks de la chaîne de librairies divulguent la violation de données qui éventuellement un impact sur 800k Bookstore Chain Dymocks Discloses Data Breach Possibly Impacting 800k Customers (lien direct) |
> Les informations personnelles de plus de 800 000 individus ont été volées dans des dymocks de la chaîne de librairies dans une cyberattaque la semaine dernière.
>The personal information of more than 800,000 individuals was stolen from bookstore chain Dymocks in a cyberattack last week. |
Data Breach | ★★★ | |
|
2023-09-11 11:21:48 | La violation des données d'application de la caricature pharmaceutique Janssen \\ a expose les informations personnelles Janssen Pharmaceutical\\'s CarePath Application Data Breach Exposes Personal Information (lien direct) |
Dans un récent incident de cybersécurité, l'application de caricature de Janssen Pharmaceutical a connu une violation de données, exposant potentiellement des informations personnelles et médicales sensibles de ses clients.La violation a été liée au fournisseur de services technologiques tiers de l'application, IBM.Carepath, une demande appartenant à la filiale Johnson et Johnson, Janssen Pharmaceutical, est conçue pour aider les patients à accéder aux médicaments Janssen, [& # 8230;]
In a recent cybersecurity incident, Janssen Pharmaceutical’s CarePath application experienced a data breach, potentially exposing sensitive personal and medical information of its customers. The breach was linked to the application’s third-party technology service provider, IBM. CarePath, an application owned by Johnson and Johnson’s subsidiary, Janssen Pharmaceutical, is designed to assist patients in accessing Janssen medications, […] |
Data Breach Medical | ★ | |
|
2023-09-11 11:21:31 | Utilisateurs de style associé de style associé ciblé dans l'attaque de phishing après une violation de données Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach (lien direct) |
> Les cybercriminels ont violé un site Web de style AP et ont obtenu des informations sur les clients qui ont ensuite été ciblés dans des attaques de phishing.
>Cybercriminals breached an AP Stylebook website and obtained information on customers who were then targeted in phishing attacks. |
Data Breach | ★★★ | |
|
2023-09-10 13:22:02 | Associated Press avertit que la violation de données de style AP Stylebook a conduit à une attaque de phishing Associated Press warns that AP Stylebook data breach led to phishing attack (lien direct) |
L'Associated Press précède une violation de données ayant un impact sur les clients AP Stylebook où les attaquants ont utilisé les données volées pour mener des attaques de phishing ciblées.[...]
The Associated Press is warning of a data breach impacting AP Stylebook customers where the attackers used the stolen data to conduct targeted phishing attacks. [...] |
Data Breach | ★★ | |
 |
2023-09-08 19:35:16 | Les coûts de violation de données australiens augmentent - que peuvent faire les dirigeants? Australian Data Breach Costs are Rising - What Can IT Leaders Do? (lien direct) |
Les coûts de violation de données australiens ont bondi au cours des cinq dernières années à 2,57 millions de dollars, selon IBM.La priorité des DevSecops et la planification de la réponse aux incidents peuvent aider les dirigeants informatiques à minimiser le risque financier.
Australian data breach costs have jumped over the last five years to $2.57 million USD, according to IBM. Prioritizing DevSecOps and incident response planning can help IT leaders minimize the financial risk. |
Data Breach | ★★ | |
|
2023-09-08 13:13:04 | Les libraires Dymocks subissent une violation de données impactant 836k clients Dymocks Booksellers suffers data breach impacting 836k customers (lien direct) |
Dymocks Booksellers avertit les clients que leurs informations personnelles ont été exposées dans une violation de données après que la base de données de la société \\ a été partagée sur les forums de piratage.[...]
Dymocks Booksellers is warning customers their personal information was exposed in a data breach after the company\'s database was shared on hacking forums. [...] |
Data Breach | ★★ | |
|
2023-09-07 13:00:00 | IBM rapporte la violation des données des patients chez Johnson & Johnson filiale IBM Reports Patient Data Breach at Johnson & Johnson Subsidiary (lien direct) |
Les attaquants peuvent avoir accédé à des informations sensibles aux patients, telles que l'assurance maladie et les détails des médicaments
The attackers may have accessed sensitive patient information, such as health insurance and medication details |
Data Breach | ★★★ | |
|
2023-09-07 11:02:20 | Johnson & Johnson révèle la violation des données IBM impactant les patients Johnson & Johnson discloses IBM data breach impacting patients (lien direct) |
Johnson & Johnson Health Care Systems ("Janssen") a informé ses clients de Carepath que leurs informations sensibles ont été compromises dans une violation de données tierce impliquant IBM.[...]
Johnson & Johnson Health Care Systems ("Janssen") has informed its CarePath customers that their sensitive information has been compromised in a third-party data breach involving IBM. [...] |
Data Breach | ★★★ | |
|
2023-09-07 10:09:49 | IBM révèle la violation des données impactant la plateforme de soins de santé Janssen IBM Discloses Data Breach Impacting Janssen Healthcare Platform (lien direct) |
> IBM a divulgué une violation de données impliquant une plate-forme de santé Janssen qui a aidé l'an dernier plus d'un million de patients.
>IBM has disclosed a data breach involving a Janssen healthcare platform that last year helped more than 1 million patients. |
Data Breach | ★ | |
|
2023-09-06 13:15:00 | Le district scolaire de Minneapolis affirme que la violation des données a affecté plus de 100 000 personnes Minneapolis school district says data breach affected more than 100,000 people (lien direct) |
Les écoles publiques de Minneapolis ont commencé à informer plus de 100 000 personnes que leurs informations personnelles peuvent avoir été divulguées après une cyberattaque au début de cette année.Le système scolaire a commencé à envoyer des lettres à la fin de la semaine dernière, selon le local Media Rapports , Et mardi un avis Publié Sur le site de notification de violation de données du Maine \\ a déclaré que 105 617 personnes étaient
Minneapolis Public Schools has begun notifying more than 100,000 people that their personal information may have been leaked after a cyberattack early this year. The school system started sending letters late last week, according to local media reports, and on Tuesday a notice posted on Maine\'s data breach notification site said that 105,617 people were |
Data Breach | ★★ | |
|
2023-09-05 15:08:00 | La Commission électorale britannique échoue au test de cybersécurité au milieu de la violation de données UK Electoral Commission Fails Cybersecurity Test Amid Data Breach (lien direct) |
Les auditeurs ont cité des logiciels obsolètes et des iPhones non pris en charge comme des raisons clés de l'échec du test
Auditors cited outdated software and unsupported iPhones as key reasons for the failed test |
Data Breach | ★★ | |
 |
2023-09-05 14:37:13 | Commentaire: violation de données MOD - les données étaient-elles vraiment sécurisées? Comment: MoD data breach - was the data really secure? (lien direct) |
Commentaire: violation de données MOD - Les données étaient-elles vraiment sécurisées?Le commentaire de Mark Semenenko, Director Solutions Architecture at Immuta About the Need for ABAC (Control d'accès basé sur des attributs) qui permet à l'accès basé sur l'objectif aux données de limiter le risque de violations de données d'erreur humaine.
-
opinion
Comment: MoD data breach - was the data really secure? The comment from Mark Semenenko, Director Solutions Architecture at Immuta about the need for ABAC (attribute-based access control) which enables purpose-based access to data to limit the risk of human error data breaches. - Opinion |
Data Breach | ★★ | |
|
2023-09-05 14:24:13 | FreeCycle offre aux utilisateurs le don d'un avis de violation de données Freecycle gives users the gift of a data breach notice (lien direct) |
Modifiez vos mots de passe.Et peut-être que le recyclage manquait cette fois FreeCycle, l'organisme de bienfaisance visant à recycler les détritus qui autrement se dirigeraient vers la décharge, est devenu la dernière organisation à souffrir aux mains des cyberattaquants et à admettre une violation.…
Change your passwords. And maybe give the recycling a miss this time Freecycle, the charity aimed at recycling detritus that would otherwise be headed for landfill, has become the latest organization to suffer at the hands of cyber attackers and admit to a breach.… |
Data Breach | ★★ | |
|
2023-09-05 12:34:19 | 7 millions d'utilisateurs peuvent être impactés par la violation des données de freecycle 7 Million Users Possibly Impacted by Freecycle Data Breach (lien direct) |
> FreeCycle.org incite des millions d'utilisateurs à réinitialiser leurs mots de passe après que leurs informations d'identification ont été compromises dans une violation de données.
>Freecycle.org is prompting millions of users to reset their passwords after their credentials were compromised in a data breach. |
Data Breach | ★★★ | |
|
2023-09-05 11:45:56 | Le Top COP de l'Irlande du Nord quitte dans le sillage d'une violation de données et d'une controverse disciplinaire Northern Ireland top cop quits in wake of data breach and disciplinary controversy (lien direct) |
Simon Byrne a fait face à des contrecoups sur FOI Blunder, et les agents des affirmations ont été punis \\ 'pour apaiser Sinn F & eacute; dans le chef de la police d'Irlande du Nord, Simon Byrne, a démissionné hier soirAprès une réunion d'urgence de la Commission de police au milieu du mécontentement du rang de la violation de données qui a exposé des informations sur les agents de service, ainsi que des nouvelles, il envisageait d'appeler une décision de justice liée aux problèmes.…
Simon Byrne faced backlash over FoI blunder, plus claims officers were \'punished\' to appease Sinn Féin Northern Ireland\'s police chief, Simon Byrne, resigned last night after an emergency meeting of the Policing Board amid discontent in the rank and file over a data breach that exposed serving officers\' info, as well as news he was considering appealing a court ruling linked to the Troubles.… |
Data Breach | ★★ | |
|
2023-09-05 09:23:00 | Le cabinet d'avocats Fieldfisher lance l'outil de gestion des violations de données Law firm Fieldfisher launches data breach management tool (lien direct) |
Simon Byrne a fait face à des contrecoups sur FOI Blunder, et les agents des affirmations ont été punis \\ 'pour apaiser Sinn F & eacute; dans le chef de la police d'Irlande du Nord, Simon Byrne, a démissionné hier soirAprès une réunion d'urgence de la Commission de police au milieu du mécontentement du rang de la violation de données qui a exposé des informations sur les agents de service, ainsi que des nouvelles, il envisageait d'appeler une décision de justice liée aux problèmes.…
Simon Byrne faced backlash over FoI blunder, plus claims officers were \'punished\' to appease Sinn Féin Northern Ireland\'s police chief, Simon Byrne, resigned last night after an emergency meeting of the Policing Board amid discontent in the rank and file over a data breach that exposed serving officers\' info, as well as news he was considering appealing a court ruling linked to the Troubles.… |
Data Breach Tool | ★★ | |
 |
2023-09-05 03:44:15 | 2023 Coût d'une violation de données: plats clés à retenir 2023 Cost of a Data Breach: Key Takeaways (lien direct) |
2023 Coût d'une violation de données: clés à retenir, c'est cette période de l'année - IBM a publié son «Rapport sur le coût d'un rapport de violation de données».Le rapport de cette année est rempli de nouvelles recherches et conclusions qui mettent en évidence la façon dont les organisations mettent en œuvre des techniques de sécurité et d'atténuation des risques pour aider à identifier et contenir des violations de données.Les principaux points à retenir Le coût total moyen d'une violation de données a atteint un niveau record en 2023 de 4,45 millions de dollars.Il s'agit d'une augmentation de 2,3% par rapport à 4,35 millions de dollars de l'année dernière.Même avec la hausse des coûts de violation de données, les entreprises interrogées ont été divisées de 49% à 51% sur l'opportunité d'augmenter ...
2023 Cost of a Data Breach: Key Takeaways It\'s that time of year - IBM has released its “ Cost of a Data Breach Report .” This year\'s report is jam-packed with some new research and findings that highlight how organizations are implementing security and risk mitigation techniques to help identify and contain data breaches. Key Takeaways The average total cost of a data breach has reached an all-time high in 2023 of $4.45 million. This is an increase of 2.3% from last year\'s $4.35 million. Even with data breach costs rising, surveyed companies were split 49% to 51% on whether to increase... |
Data Breach | ★★ | |
|
2023-09-04 14:09:38 | FreeCycle confirme une violation de données massive impactant 7 millions d'utilisateurs Freecycle confirms massive data breach impacting 7 million users (lien direct) |
FreeCycle, un forum en ligne dédié à l'échange d'éléments utilisés plutôt que de les détruire, a confirmé une violation de données massive qui a affecté plus de 7 millions d'utilisateurs.[...]
Freecycle, an online forum dedicated to exchanging used items rather than trashing them, confirmed a massive data breach that affected more than 7 million users. [...] |
Data Breach | ★ | |
|
2023-09-04 12:33:13 | Les flics d'Irlande du Nord publient 2 hommes après le terrorisme Act. Northern Irish cops release 2 men after Terrorism Act arrests linked to data breach (lien direct) |
est venu dans le sillage de la force publiant les données de leur propre peuple dans le foi près de quatre semaines après que le service de police d'Irlande du Nord (PSNI) a publié des données sur 10 000 employés dans une réponse bâcléeÀ une demande de liberté d'information, deux autres hommes, âgés de 21 et 22 ans, ont été libérés sous caution après avoir été arrêtés en vertu de la loi sur le terrorisme.…
Came in wake of the force publishing their own people\'s data in botched FoI Nearly four weeks after the Police Service of Northern Ireland (PSNI) published data on 10,000 employees in a botched response to a Freedom of Information request, another two men, aged 21 and 22, have been released on bail after being arrested under the Terrorism Act.… |
Data Breach | ★★ | |
|
2023-09-03 11:13:15 | La violation de données de l'Université de Sydney a un impact sur les candidats récents University of Sydney data breach impacts recent applicants (lien direct) |
L'Université de Sydney (USYD) a annoncé qu'elle avait subi une violation de données par le biais d'un fournisseur de services tiers, exposant les données personnelles des candidats internationaux récemment appliqués et inscrits.[...]
The University of Sydney (USYD) has announced it has suffered a data breach through a third-party service provider, exposing the personal data of recently applied and enrolled international applicants. [...] |
Data Breach | ★★★ | |
|
2023-09-01 17:31:00 | Près de 540 000 personnes ont divulgué SSNS après la cyberattaque sur le détaillant pour toujours 21 Nearly 540,000 people have SSNs leaked after cyberattack on retailer Forever 21 (lien direct) |
La grande marque de vêtements Forever 21 a révélé une violation de données de grande envergure cette semaine affectant près de 540 000 personnes.Dans un dossier de réglementation , le rapide-Le géant de la mode a admis que les pirates avaient accès à ses systèmes du 5 janvier au 21 mars de cette année.La société a découvert la violation le 20 mars et a lancé une enquête, constatant que les noms,
Major clothing brand Forever 21 revealed a wide-ranging data breach this week affecting almost 540,000 people. In a regulatory filing, the fast-fashion giant admitted that hackers had access to its systems from January 5 to March 21 of this year. The company discovered the breach on March 20 and launched an investigation, finding that names, |
Data Breach | ★★ |
To see everything:
Our RSS (filtrered)
