What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-20 19:20:47 | Ferrari discloses data breach after receiving ransom demand (lien direct) | Ferrari a divulgué une violation de données à la suite d'une demande de rançon reçue après que les attaquants ont eu accès à certains des systèmes informatiques de la société.[...]
Ferrari has disclosed a data breach following a ransom demand received after attackers gained access to some of the company\'s IT systems. [...] |
Data Breach | ★★ | |
 |
2023-03-20 16:19:35 | 20th March – Threat Intelligence Report (lien direct) | >For the latest discoveries in cyber research for the week of 20th March, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES Hitachi Energy reported a data breach caused by the Clop ransomware group which exploited a zero-day vulnerability (CVE-2023-0669) in the Fortra GoAnywhere MFT system, which was used by Hitachi. Check Point IPS, Threat […] | Ransomware Data Breach Vulnerability Threat | ★★ | |
 |
2023-03-20 11:53:33 | Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm (lien direct) | >Hitachi Energy has blamed a data breach affecting employees on the recent exploitation of a zero-day vulnerability in Fortra's GoAnywhere solution. | Ransomware Data Breach Vulnerability | ★★ | |
|
2023-03-20 10:42:12 | NBA Notifying Individuals of Data Breach at Mailing Services Provider (lien direct) | >NBA is notifying individuals that their information was stolen in a data breach at a third-party mailing services provider. | Data Breach | ★★ | |
 |
2023-03-17 16:57:59 | Healthcare Firm ILS Alerts 4.2 Million People Of Data Breach (lien direct) | A data breach at Independent Living Systems (ILS), a Miami-based supplier of healthcare administration and managed care solutions, exposed 4,226,508 people’s data. This year’s largest revealed healthcare data breach, according to the number of affected individuals. ILS owns and manages Florida Community Care, a network of long-term care providers serving Medicaid beneficiaries throughout the state, […] | Data Breach Medical | ★★★ | |
|
2023-03-17 16:21:13 | NBA alerts fans of a data breach exposing personal information (lien direct) | The NBA (National Basketball Association) is notifying fans of a data breach after some of their personal information, "held" by a third-party newsletter service, was stolen. [...] | Data Breach | ★★ | |
|
2023-03-17 15:05:58 | Latitude Financial Services Data Breach Impacts 300,000 Customers (lien direct) | Latitude Financial Services says the personal information of 300,000 customers was stolen in a cyberattack. | Data Breach | ★★ | |
|
2023-03-17 12:20:58 | Hitachi Energy confirms data breach after Clop GoAnywhere attacks (lien direct) | Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability. [...] | Ransomware Data Breach Industrial | ★★★ | |
 |
2023-03-16 12:45:00 | Healthcare software firm ILS announces data breach affecting more than 4 million people (lien direct) |
The sensitive healthcare data of more than four million people was accessed by hackers who broke into the network of Independent Living Systems (ILS), a healthcare software company based in Miami. The company has provided third-party administrative services to health plans, providers, hospitals, and pharmaceutical and medical device companies for nearly two decades. ILS began |
Data Breach Medical | ★★ | |
|
2023-03-16 12:31:59 | Data Breach at Independent Living Systems Impacts 4 Million Individuals (lien direct) | >Health services company Independent Living Systems has disclosed a data breach that impacts more than 4 million individuals. | Data Breach | ★★ | |
 |
2023-03-16 00:00:00 | Trois dispositions clés de la nouvelle proposition de règle de la FCC \\ pour la déclaration de violation de données Three Key Provisions in the FCC\\'s New Rule Proposal for Data Breach Reporting (lien direct) |
>Health services company Independent Living Systems has disclosed a data breach that impacts more than 4 million individuals. | Data Breach | ★★ | |
 |
2023-03-15 19:37:00 | Telerik Bug Exploited to Steal Federal Agency Data, CISA Warns (lien direct) | An unpatched Microsoft Web server allowed multiple cybersecurity threat groups to steal data from a federal civilian executive branch. | Data Breach Threat | ★★★ | |
 |
2023-03-15 15:13:00 | The Different Methods and Stages of Penetration Testing (lien direct) | The stakes could not be higher for cyber defenders. With the vast amounts of sensitive information, intellectual property, and financial data at risk, the consequences of a data breach can be devastating. According to a report released by Ponemon institute, the cost of data breaches has reached an all-time high, averaging $4.35 million in 2022. Vulnerabilities in web applications are often the | Data Breach | ★★★ | |
|
2023-03-15 11:50:03 | Healthcare provider ILS warns 4.2 million people of data breach (lien direct) | Independent Living Systems (ILS), a Miami-based healthcare administration and managed care solutions provider, suffered a data breach that exposed the personal information of 4,226,508 individuals. [...] | Data Breach | ★★ | |
|
2023-03-15 10:59:00 | Hawaii Health Department Says Death Records Compromised in Recent Data Breach (lien direct) | The Hawaii DOH says roughly 3,400 death records were accessed via the compromised account of a former employee. | Data Breach | ★★ | |
 |
2023-03-15 10:00:00 | 10 Ways B2B companies can improve mobile security (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Mobile security refers to the technologies and processes that are used to protect mobile devices from malicious attacks, data breaches, and other forms of cybercrime. It also includes measures taken to safeguard personal information stored on these devices, as well as protecting them from physical damage or theft. Mobile security is becoming increasingly important due to the rapid proliferation of smartphones and tablets being used for business purposes around the world. Businesses need to take steps to ensure their data remains secure when accessing company networks via mobile devices, including implementing a few key measures. Below are ten ways B2B companies can do better mobile security. 1. Use a secure email provider A secure domain email address is one of the most important ways to ensure that company emails and other sensitive data remain safe. Email providers such as Google, Microsoft, Zoho, and Postale offer secure domain email addresses which encrypt all emails sent and received in transit. This makes it more difficult for hackers to gain access to confidential information or launch attacks on vulnerable systems. Using a secure email provider is essential for any organization looking to maximize its data protection efforts. By taking advantage of these services, businesses can rest assured knowing their emails are secure and protected from malicious actors. 2. Implement strong authentication Strong authentication refers to the use of two or more forms of authentication to authenticate a user's identity. This could include using a one-time password for each login, biometric factors such as fingerprints, or utilizing an encrypted token. Strong authentication ensures that only authorized users can access company networks and confidential data. Having strong authentication measures in place is an essential step in protecting data, as it helps to prevent unauthorized access and keeps sensitive information secure. 3. Install mobile security software Mobile security software (also known as mobile device management or MDM) can help protect devices from malicious attacks. Mobile security software can be installed on all company-owned devices, providing a layer of protection by scanning for and blocking malicious applications. It can also offer additional layers of protection such as remote wiping capability, encryption, and the ability to remotely lock lost or stolen devices. 4. Enforce use policies By having clear use policies in place, businesses can ensure their employees understand the importance of mobile security and that they are adhering to the established rules. These policies should include restrictions on downloading or installing unapproved apps, accessing unknown or suspicious websites, or sharing confidential information with unauthorized personnel. Enforcing use policies is essential for keeping company networks and data secure. By ensuring that all employees abide by the same set of rules, businesses can greatly reduce their risk of a data breach or other malicious attack. 5. Utilize cloud storage Cloud storage provides an effective way to store business data securely off-site. Data stored in the cloud is encrypted and kept safe from physical damage or theft. It also eliminates the need for large servers and other physical infrastructure, reducing both costs and the potential risk of data breaches. Additionally, cloud storage allows employees to access their data from any device, anytime and anywhere | Data Breach Malware Guideline Cloud | ★★★ | |
|
2023-03-14 13:09:20 | 1 Million People Affected By Zoll Medical Data Breach (lien direct) | Zoll Medical, a medical technology developer, recently announced that it had suffered a data breach. The company said that the breach was detected at the end of January when it found some unusual activity on its internal network. After investigation, it found that the personal information of approximately one million individuals might have been compromised. […] | Data Breach Medical | ★★ | |
 |
2023-03-14 13:00:00 | CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears (lien direct) |
CyberheistNews Vol 13 #11 | March 14th, 2023
[Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes.
I'm giving you a short extract of the story and the link to the whole article is below.
"Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service.
"In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM.
"In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company.
"And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven.
"'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'"
Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this.
Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl |
Ransomware Data Breach Spam Malware Threat Guideline Medical | ChatGPT ChatGPT | ★★ |
|
2023-03-14 10:00:00 | Broken Object Level Authorization: API security\'s worst enemy (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. According to the Open Web Application Security Project (OWASP, 2019), broken object-level authorization (BOLA) is the most significant vulnerability confronting modern application programming interfaces (APIs). It can be exciting to pursue innovations in the API area, but while doing so, programmers must ensure that they are adequately attentive to security concerns and that they develop protocols that can address such concerns. This article will describe the problem of BOLA and its consequences, and then it will present potential actions that can be taken to solve the problem. The problem OWASP (2019) indicates the following regarding BOLA: “Attackers can exploit API endpoints that are vulnerable to broken object-level authorization by manipulating the ID of an object that is sent within the request” (para. 1). For example, a hacker may access information regarding how various shops make requests to an e-commerce platform. The hacker may then observe that a certain pattern exists in the codes for these requests. If the hacker can gain access to the codes and has the authorization to manipulate them, then they could establish a different endpoint in the code and thereby redirect all the data to themselves. The exploitation of BOLA vulnerabilities is very common because, without the implementation of an authorization protocol, APIs essentially have no protection whatsoever against hackers. To attack this kind of APIs, the hacker only needs the capability to access request code systems and intercept data by manipulating the codes, which can be done rather easily by anyone who has the requisite skills and resources (Viriya & Muliono, 2021). APIs that do not have security measures in place are thus simply hoping that no one will know how to conduct such an attack or have the desire to do so. Once a willing hacker enters the picture, however, the APIs would have no actual protections to stop the hacker from gaining access to the system and all the data contained within it and transmitted across it. The consequences BOLA attacks have significant consequences in terms of data security: “Unauthorized access can result in data disclosure to unauthorized parties, data loss, or data manipulation. Unauthorized access can also lead to full account takeover” (OWASP, 2019, para. 3). In short, BOLA attacks produce data breaches. Stories about data breaches are all too common in the news, with a very recent one involving a healthcare organization in Texas (Marfin, 2022). While not all data breaches are the result of BOLA attacks, many of them are, given that BOLA is a very common vulnerability in APIs. The specific consequences of a successful BOLA attack, as well as the magnitude of those consequences, would depend on the target of the attack. For example, if the target is a healthcare organization, then the data breach could lead to hackers gaining access to patients' private health insurance. If the target is a bank, then the hackers would likely be able to access customers’ social security numbers. If the target is an e-commerce website, then data regarding customers’ credit card numbers and home addresses would be compromised. In all cases, the central consequence of a BOLA attack is that hackers can gain access to personal information due to a lack of adequate security measures within the APIs in question. The solution The solution to BOLA is for programmers to implement authorization protocols for accessing any d | Data Breach Vulnerability Guideline | ★★★ | |
|
2023-03-13 16:18:58 | AT&T Data Breach Hits Nine Million Customer Accounts (lien direct) | In the AT&T data breach, nine million user accounts were compromised after a third-party marketing partner was breached. As a result of the breach, customer data, including first names, account numbers, phone numbers, and email addresses, were exposed. Nonetheless, the compromise did not have an impact on AT&T’s own systems. Customers of AT&T have been […] | Data Breach | ★★ | |
|
2023-03-13 15:51:33 | LA housing authority discloses data breach after ransomware attack (lien direct) | The Housing Authority of the City of Los Angeles (HACLA) is warning of a "data security event" after the LockBit ransomware gang targeted the organization and leaked data stolen in the attack. [...] | Ransomware Data Breach | ★★ | |
 |
2023-03-13 14:11:33 | Expert commentary: AT&T data breach (lien direct) | After the news that AT&T have alerted nine million customers of a data breach after vendor hack, Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity: - Malware Update | Data Breach | ★★ | |
|
2023-03-13 11:16:54 | Zoll Medical Data Breach Impacts 1 Million Individuals (lien direct) | >Zoll Medical is notifying one million individuals that their personal information was compromised in a data breach earlier this year. | Data Breach Medical | ★★ | |
 |
2023-03-11 14:00:00 | How a Catholic Group Doxed Gay Priests (lien direct) | Plus: A data breach exposes Washington, Ring camera footage has a new problem, and the George Santos scandal slips into the world of cybercrime. | Data Breach | ★★★ | |
|
2023-03-10 13:39:39 | Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor (lien direct) | AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor. | Data Breach | ★★ | |
|
2023-03-10 10:43:16 | Mental health provider Cerebral alerts 3.1M people of data breach (lien direct) | Healthcare platform Cerebral is sending data breach notices to 3.18 million people who have interacted with its websites, applications, and telehealth services. [...] | Data Breach | ★★ | |
 |
2023-03-10 10:37:01 | Third-Party Breach Led to Exposure of 9M AT&T Customers\' Information (lien direct) | Recently, AT&T revealed that a data breach in January compromised the personal information of about 9 million of their... | Data Breach | ★★★ | |
 |
2023-03-10 04:16:00 | AT&T informs 9M customers about data breach (lien direct) | The company's marketing vendor suffered a security failure in January and exposed CPNI data that included first names, wireless account numbers, wireless phone numbers, and email addresses. | Data Breach | ★★★ | |
|
2023-03-09 18:15:00 | DC healthcare exchange breach leaked sensitive data of Congress members, staff (lien direct) |
A data breach involving Washington, D.C.'s healthcare exchange platform includes sensitive information of Congress members and staff, the legislative body was informed on Wednesday. According to a letter from Catherine Szpindor, the House's chief administrative officer, the breach leaked the personal information from enrollees on the DC Health Link website. The Daily Caller first obtained |
Data Breach | ★★ | |
|
2023-03-09 12:24:39 | AT&T alerts 9 million customers of data breach after vendor hack (lien direct) | AT&T is notifying roughly 9 million customers that some of their information has been exposed after one of its marketing vendors was hacked in January. [...] | Data Breach Hack | ★★ | |
|
2023-03-09 10:39:57 | Congress Members Warned of Significant Health Data Breach (lien direct) | >House and Senate members informed that hackers may have gained access to their sensitive personal data in DC Health Link breach. | Data Breach | ★★ | |
|
2023-03-09 10:35:58 | There\'s A RAT In mi Note, What Am I Gonna Do? (lien direct) | Cybercriminals use Microsoft OneNote attachments in phishing emails to spread malware and password stealers. Phishing campaigns are one of the most typical ways criminals obtain private or sensitive information. According to Verizon Data Breach Investigations Report, 94% of the malware is delivered by email. Malicious Word and Excel attachments for phishing have been prevalent for […] | Data Breach Malware | ★★★ | |
 |
2023-03-09 10:15:00 | House Members at Risk After Insurer Data Breach (lien direct) | Threat actor claims to have info on 170,000 victims | Data Breach Threat | ★★★ | |
|
2023-03-08 17:48:41 | FBI investigates data breach impacting U.S. House members and staff (lien direct) | The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account and personal information was stolen from DC Health Link's servers. [...] | Data Breach | ★★ | |
 |
2023-03-08 11:00:00 | Securing Your Supply Chain Through Cyber Risk Management (lien direct) | >Supply chain risk is now recognized as a top challenge, with more than half of security breaches attributed to supply chain and third-party suppliers. This can be a costly vulnerability. The global average data breach cost was $4.35 million last year, according to IBM’s Cost of a Data Breach 2022 report. These risks stem from […] | Data Breach | ★★ | |
|
2023-03-07 15:07:35 | Acer\'s Sensitive Data Allegedly For Sale On A Hacker Forum (lien direct) | Taiwan-based computer hardware and electronics company Acer is facing another potential data breach as a threat actor claimed to have posted the company’s sensitive data for sale on a popular hacking forum. According to reports, the data allegedly contains confidential product model documentation, binaries, backend infrastructure, and other sensitive data, which the attacker claims was […] | Data Breach Threat | ★ | |
|
2023-03-07 11:51:00 | LastPass Hack: Engineer\'s Failure to Update Plex Software Led to Massive Data Breach (lien direct) | The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged information stolen from an earlier incident that took place prior to August 12, 2022, along with | Data Breach | LastPass LastPass | ★★ |
|
2023-03-07 10:38:43 | Acer confirms breach after 160GB of data for sale on hacking forum (lien direct) | Taiwanese computer giant Acer confirmed that it suffered a data breach after threat actors hacked a server hosting private documents used by repair technicians. [...] | Data Breach Threat | ★★★★ | |
|
2023-03-02 14:35:13 | Trezor Wallet Alerts Of Major Crypto Phishing Campaign (lien direct) | Trezor wallet is involved in an ongoing phishing attack that attempts to steal a target’s cryptocurrency wallet and assets by impersonating Trezor data breach alerts. Trezor is a cryptocurrency wallet that allows users to keep their cryptocurrency offline as opposed to in cloud-based or device-based wallets. This is because a hardware wallet like a Trezor […] | Data Breach | ★★★ | |
|
2023-03-02 14:33:21 | Hatch Bank discloses data breach after GoAnywhere MFT hack (lien direct) | Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company's Fortra GoAnywhere MFT secure file-sharing platform. [...] | Data Breach Hack | ★★ | |
|
2023-03-02 09:59:05 | British retail chain WH Smith says data stolen in cyberattack (lien direct) | British retailer WH Smith has suffered a data breach that exposed information belonging to current and former employees. [...] | Data Breach | ★★★ | |
|
2023-03-01 18:14:47 | Trezor warns of massive crypto wallet phishing campaign (lien direct) | An ongoing phishing campaign is pretending to be Trezor data breach notifications attempting to steal a target's cryptocurrency wallet and its assets. [...] | Data Breach | ★★★ | |
 |
2023-02-28 20:55:00 | Cyber Security Risks of Remote Employee Offboarding (lien direct) |
Remote work options are popular trends that provide flexibility for the employee and potentially a less expensive option for the employer. However, remote work devices can pose a real threat to your organization, especially after recent layoffs or organizational restructuring. We'll explore the potential vulnerabilities caused by unprotected devices as well as data breach prevention techniques to keep your organization's private data secure. |
Data Breach Threat | ★★ | |
|
2023-02-28 11:46:00 | LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (lien direct) | LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home computer breached and infected with a keylogger as part of a sustained cyber attack that exfiltrated | Data Breach Threat | LastPass | ★ |
 |
2023-02-28 06:59:07 | US Marshals Service leaks \'law enforcement sensitive information\' in ransomware incident (lien direct) | It's not just another data breach when the victim oversees witness protection programs The US Marshals Service, the enforcement branch of the nation's federal courts, has admitted to a “major” breach of its information security defenses allowed a ransomware infection and exfiltration of “law-enforcement sensitive information”.… | Ransomware Data Breach | ★ | |
 |
2023-02-27 17:21:30 | Émission Tv perturbée aprés un piratage informatique (lien direct) | Les émissions de Virgin Media Télévision ont été temporairement suspendues en Irlande après la découverte d'une tentative d'accès illégal aux systèmes.... | Data Breach | ★★ | |
|
2023-02-27 16:07:21 | 27th February – Threat Intelligence Report (lien direct) | >For the latest discoveries in cyber research for the week of 27th February, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES Stanford University experienced a data breach in which files containing Economics Ph.D. program admission information were leaked. Personal and health information of 897 applicants might have been exposed. Dish Network, a major American TV and satellite broadcast provider, had been experiencing an unexplained outage with its websites and apps. Shortly after, the company's employees detected suspicious activity on their desktops and reported it as a cyberattack. Canadian telecom TELUS is investigating a potential data breach after a threat […] | Data Breach Threat | ★★ | |
|
2023-02-27 10:42:19 | Media Giant News Corp Discloses New Details of Data Breach (lien direct) | >News Corp says a threat group, previously linked to the Chinese government, had access to its systems for two years before the breach was discovered. | Data Breach Threat | ★★ | |
|
2023-02-25 00:42:12 | DNA Diagnostics Center to pay $400,000 fine for 2021 data breach (lien direct) |  One of the largest commercial DNA testing companies in the world agreed to pay a $400,000 fine to Ohio and Pennsylvania after a 2021 data breach compromised the information of more than 2 million people. The announcement from DNA Diagnostics Center (DDC) comes after a lawsuit filed by the two states’ attorneys general accused the [… |
Data Breach | ★★★ | |
|
2023-02-24 11:27:59 | Stanford University discloses data breach affecting PhD applicants (lien direct) | Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023. [...] | Data Breach | ★★ |
To see everything:
Our RSS (filtrered)
