What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-25 15:57:59 | The Verizon 2022 DBIR (lien direct) | The Verizon 2022 Data Breach Investigations Report is out, where Kaspersky collaborated as a contributor. The report provides interesting analysis of a full amount of global incident data. | Data Breach | ||
 |
2022-05-25 11:07:08 | 2022 Verizon Data Breach Investigations Report, Cyber Security Experts Reactions (lien direct) | The 2022 Verizon Data Breach Investigations Report has been released and the study provides an analysis of security breaches and attack vectors from the last year. | Data Breach | ||
 |
2022-05-24 23:21:49 | DBIR Makes a Case for Passwordless (lien direct) | Verizon's "2022 Data Breach Investigations Report" repeatedly makes the point that criminals are stealing credentials to carry out their attacks. | Data Breach | ||
|
2022-05-24 17:18:43 | Chicago Public Schools Data Breach – Expert Comments (lien direct) | Privacy and data security experts commented on data breach news from Chicago: Chicago Public Schools says ransomware attack affects nearly 500,000 students and 56,000 employees | Ransomware Data Breach | ||
 |
2022-05-24 12:23:20 | Parution du Data Breach Investigations Report 2022 de Verizon : le nombre de menaces par ransomware augmente (lien direct) | L'étude parue dans le Verizon Business 2022 Data Breach Investigations Report (2022 DBIR) démontre un cas de figure sans précédent dans l'histoire de la cybersécurité, il met aussi en avant certains des principaux problèmes qui affectent le paysage de la cybersécurité à l'échelle internationale. L'augmentation de 13 % des attaques par ransomware en une seule année est particulièrement préoccupante ; cela représente une hausse plus importante que les cinq dernières années combinées. Les criminels cherchent (...) - Investigations | Ransomware Data Breach | ||
 |
2022-05-24 10:29:45 | Cyberattack on General Motors exposes customer data (lien direct) | US automobile behemoth General Motors (GM) has confirmed that it suffered a credential stuffing attack last month. GM said that it detected malicious login activity between April 11-29 2022, resulting in the exposure of customer information and allowing hackers to redeem gift card reward points. GM sent a data breach notification to affected customers, saying: […] | Data Breach | ||
 |
2022-05-23 16:37:00 | Mark Zuckerberg Sued Over Cambridge Analytica Data Breach (lien direct) | An investigation found Zuckerberg had lax oversight of users and created misleading privacy agreements | Data Breach Guideline | ★★★★ | |
 |
2022-05-21 13:32:30 | Ransomware attack exposes data of 500,000 Chicago students (lien direct) | The Chicago Public Schools has suffered a massive data breach that exposed the data of almost 500,000 students and 60,000 employee after their vendor, Battelle for Kids, suffered a ransomware attack in December. [...] | Ransomware Data Breach | ||
|
2022-05-19 14:59:33 | (Déjà vu) Omnicell Suffers Ransomware Attack, Impact To Internal Systems (lien direct) | It has been reported that multinational company Omnicell recently confirmed that it had experienced a data breach following a reported ransomware attack, impacting internal systems. The company, headquartered in Mountain View, California, USA, learned of the ransomware attack, which it disclosed on May 9 2022 in a 10-Q filing with the Securities and Exchange Commission. […] | Ransomware Data Breach | ||
|
2022-05-19 14:56:45 | Texas State Dept. Of Insurance Consumer Data Breach (lien direct) | In a newly reported data leak, Social Security numbers, addresses, names, dates of birth, and phone numbers were accessible on the Texas Department of Insurance website: State website exposed 1.8 million Texans’ data over three years | Data Breach | ||
 |
2022-05-19 02:00:00 | Uber CISO\'s trial underscores the importance of truth, transparency, and trust (lien direct) | Truth, transparency and trust are the three T's that all CISOs and CSOs should embrace as they march through their daily grind of keeping their enterprise and the data safe and secure. Failure to adhere to the three T's can have serious consequences.Case in point: A federal judge recently ordered Uber Technologies to work with its former CSO, Joseph Sullivan (who held the position from April 2015 to November 2017), and review a plethora of Uber documents that Sullivan has requested in unredacted form for use in his defense in the upcoming criminal trial.The case against Uber's former CSO By way of background, Uber's former CSO faces a five-felony count superseding indictment associated with his handling of the company's 2016 data breach. The court document, filed in December 2021, alleges Sullivan “engaged in a scheme designed to ensure that the data breach did not become public knowledge, was concealed, and was not disclosed to the FTC and to impacted users and drivers.” Furthermore, the two individuals, who are believed to have affected the hack and subsequently requested payment for non-disclosure ultimately received $100,000 from Uber's bug bounty program. These individuals were identified in media as, Vasile Mereacre, a Canadian citizen living in Toronto, and Brandon Glover, a Florida resident, both of whom were later indicted for their breach of Lynda (a company acquired by Linkedin).To read this article in full, please click here | Data Breach Hack | Uber Uber | |
|
2022-05-18 16:32:00 | Pharmacy Giant Hit By Data Breach Affecting 3.6 Million Customers (lien direct) | Pharmacy retailer Dis-Chem announced that an unauthorized party gained access to its customer database | Data Breach | ||
|
2022-05-18 15:45:01 | Expert Commentary: Omnicell Hit By Cyber Attack (lien direct) | Multinational company Omnicell recently confirmed that it had experienced a data breach following a reported ransomware attack, impacting internal systems. The company, headquartered in Mountain View, California, USA, learned of the ransomware attack, which it disclosed on May 9 2022 in a 10-Q filing with the Securities and Exchange Commission. More details are likely to […] | Ransomware Data Breach | ||
|
2022-05-18 09:48:42 | Omnicell healthcare company hit by ransomware (lien direct) | Omnicell, a US based multinational healthcare company, has confirmed it suffered a data breach in the a wake of a suspected ransomware attack. The company disclosed the ransomware attack on May 9 2022 in a 10-Q filing with the Securities and Exchange Commission (SEC). In the filing, Omnicell stated: “Our IT systems and third-party cloud […] | Ransomware Data Breach | ||
|
2022-05-17 13:17:37 | Google & Other RTB Companies Behind \'Biggest Data Breach Ever Recorded\' (lien direct) | The Irish Council for Civil Liberties (ICCL) is reporting on the scale of Real-Time Bidding data broadcasts in the U.S. and Europe. Key insights RTB is the biggest data breach ever recorded. It tracks and shares what people view online and their real-world location 294 billion times in the U.S. and 197 billion times […] | Data Breach | ||
|
2022-05-16 10:33:40 | Cornwall Council Data Breach (lien direct) | The Cornwall council accidentally published the personal details of five schoolchildren in publicly accessible meeting documents. Cornwall Council has apologized for the data breach, including their names, addresses, and dates of birth. It made the error when it published online documents for a meeting of its School Transport Appeals Committee. | Data Breach | ||
|
2022-05-16 10:17:58 | Engineering firm Parker discloses data breach after ransomware attack (lien direct) | The Parker-Hannifin Corporation announced a data breach exposing employees' personal information after the Conti ransomware gang began publishing allegedly stolen data last month. [...] | Ransomware Data Breach | ||
|
2022-05-12 16:30:00 | Oklahoma City Indian Clinic Data Breach Affects 40,000 Individuals (lien direct) | Investigation revealed unauthorized party accessed and possibly retained sensitive customer information | Data Breach | ★★ | |
 |
2022-05-12 16:23:17 | Trezor Crypto Wallet Attacks Results in Class Action Lawsuit Against MailChimp Owner Intuit (lien direct) |
Months after the MailChimp data breach targeting 102 companies in the crypto sector, a new lawsuit has been filed seeking millions of dollars in damages. |
Data Breach | ★★★ | |
 |
2022-05-12 03:00:00 | CIS Control 18 Penetration Testing (lien direct) | >Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security's “Cost of a Data Breach Report 2021,” the average cost of a breach has […]… Read More | Data Breach | ||
|
2022-05-05 15:30:00 | Illuminate Data Breach Impacts More School Districts (lien direct) | Colorado now affected by incident that compromised data of 820,000 NYC students | Data Breach | ||
|
2022-05-05 15:20:05 | One Identity Guest Blog – The password checklist (lien direct) | By Dan Conrad, Security team lead at One Identity It is not a secret that passwords are not a particularly secure method of protection, furthermore in a world where multifactor authentication is becoming the norm, talking about password hygiene seems a little dated but still, according to the Verizon 2021 Data Breach Investigations Report, credentials […] | Data Breach Guideline | ||
 |
2022-05-04 04:02:00 | Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation (lien direct) |
Cybersecurity often focuses on malware campaigns or the latest zero-day exploit. Surveys and reports reveal the average cost of a data breach or how much it typically costs to recover from a ransomware attack. Those are the attacks that make noise and capture attention, though. The attacks that fly under the radar are often more insidious and much more costly. |
Ransomware Data Breach Malware | ||
|
2022-04-28 21:53:58 | Experts Insight On Coca Cola Potential Breach (lien direct) | Following the news that: Coca Cola Investigates Potential Data Breach Coca Cola is investigating reports of data breach after claim Stormous ransomware group stole data | Daily Mail Online Security experts commented below. | Ransomware Data Breach | ||
|
2022-04-27 09:30:00 | Coca-Cola Investigates Data Breach Claim (lien direct) | Ransomware group Stormous claims it has stolen 161GB of data from the soft drinks giant | Ransomware Data Breach | ||
|
2022-04-26 16:45:00 | Data Breach Disrupts UK Army Recruitment (lien direct) | British Army online recruitment system down since March following data breach | Data Breach | ||
|
2022-04-25 16:30:00 | Kansas Hospital Discloses Data Breach (lien direct) | Email accounts compromised for nearly a year in breach impacting 52,224 people | Data Breach | ||
|
2022-04-22 16:00:00 | Wawa Sues Mastercard Over Data Breach Penalties (lien direct) | Convenience store claims payment card network owes it $32m | Data Breach | ||
|
2022-04-22 15:30:00 | SuperCare Health Faces Lawsuits Over Data Breach (lien direct) | Respiratory patients seek legal redress after breach allegedly exposes medical records | Data Breach | ||
|
2022-04-21 17:15:00 | Bob\'s Red Mill Reports Data Breach (lien direct) | American natural foods company notifies online customers of data scraping attack | Data Breach | ||
|
2022-04-15 14:24:42 | Q1 Reported Data Compromises Up 14% Over 2021 (lien direct) | The Identity Theft Resource Center published a First Quarter 2022 Data Breach Analysis which found that Q1 of 2022 began with the highest number of publicly reported data compromises in the past three years. Among stated findings: Publicly reported data compromises totaled 404 through March 31, 2022, a 14 percent increase compared to Q1 2021. […] | Data Breach | ||
 |
2022-04-15 09:08:13 | Ways to Develop a Cybersecurity Training Program for Employees (lien direct) | Cybersecurity experts would have you believe that your organization's employees have a crucial role in bolstering or damaging your company’s security initiatives. While you may disagree, data breach studies show that employees and negligence are the most typical causes of security breaches, yet these prevalent issues are least discussed. According to a recent industry report […] | Data Breach Studies | ||
 |
2022-04-14 19:54:44 | Incomplete Fix for Apache Struts 2 Vulnerability (CVE-2021-31805) Amended (lien direct) | FortiGuard Labs is aware that the Apache Software Foundation disclosed and released a fix for a potential remote code execution vulnerability (CVE-2021-31805 OGNL Injection vulnerability ) that affects Apache Struts 2 on April 12th, 2022. Apache has acknowledged in an advisory that the fix was issued because the first patch released in 2020 did not fully remediate the issue. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also released an advisory on April 12th, 2022, warning users and administrators to review the security advisory "S2-062" issued by Apache and upgrade to the latest released version as soon as possible. Why is this Significant?This is significant because Apache Struts is widely used and successfully exploiting CVE-2021-31805 could result in an attacker gaining control of a vulnerable system. Because of the potential impact, CISA released an advisory urging users and administrators to review the security advisory "S2-062" issued by Apache and upgrade to the latest released version as soon as possible.On the side note, an older Struts 2 OGNL Injection vulnerability (CVE-2017-5638) was exploited in the wild that resulted in a massive data breach of credit reporting agency Equifax in 2017.What is Apache Struts 2?Apache Struts 2 is an open-source web application framework for developing Java web applications that extends the Java Servlet API to assist, encourage, and promote developers to adopt a model-view-controller (MVC) architecture.What is CVE-2021-31805?CVE-2021-31805 is an OGNL injection vulnerability in Struts 2 that enables an attacker to perform remote code execution on a vulnerable system. The vulnerability was originally assigned CVE-2020-17530, however CVE-2021-31805 was newly assigned to the vulnerability as some security researchers found a workaround for the original patch released in 2020.The vulnerability is described as "some of the tag's attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation."What Versions of Apache Struts are Vulnerable to CVE-2021-31805?Struts 2.0.0 - Struts 2.5.29 are vulnerable.Struts 2.0.0 and 2.5.29 were released in 2006 and 2022 respectively. Has the Vendor Released a Patch for CVE-2021-31805?Yes, Apache released a fixed version (2.5.30) of Apache Struts 2 on April 12th, 2022.Users and administrators are advised to upgrade to Struts 2.5.30 or greater as soon as possible.Has the Vendor Released an Advisory?Yes, Apache released an advisory on April 12th, 2022. See the Appendix for a link to "Security Bulletin: S2-062".What is the Status of Coverage?FortiGuard Labs provides the following IPS coverage for CVE-2020-17530, which applies for CVE-2021-31805:Apache.Struts.OGNL.BeanMap.Remote.Code.Execution | Data Breach Vulnerability Guideline | Equifax Equifax | |
|
2022-04-14 17:00:00 | MetroHealth Data Breach Involved 1700 Patients (lien direct) | The breach involved patient names, care provider names and appointment details | Data Breach | ||
|
2022-04-12 12:00:00 | Consumers Increasingly Numb to Data Breach Risks (lien direct) | Trust in organizations hits rock bottom but many don't care | Data Breach | ||
|
2022-04-11 16:30:00 | SuperCare Data Breach Involves More Than 300,000 Individuals (lien direct) | California-based respiratory care provider SuperCare Health discovered the incident on July 27 2021 | Data Breach | ||
|
2022-04-11 14:48:18 | SuperCare Health discloses a data breach that Impacted +300K people (lien direct) | SuperCare Health, a leading respiratory care provider in the Western U.S, disclosed a data breach that impacted more than 300,000 individuals. SuperCare Health disclosed a security breach that has led to the exposure of personal information belonging to its patients, patients/members of its partner organizations and others. The company notified impacted individuals and law enforcement […] | Data Breach Guideline | ||
 |
2022-04-11 10:41:32 | SuperCare Health Data Breach Impacts Over 300,000 People (lien direct) | California-based respiratory care provider SuperCare Health recently disclosed a data breach affecting more than 300,000 individuals. | Data Breach | ||
|
2022-04-06 14:01:25 | Block discloses data breach involving Cash App potentially impacting 8.2 million US customers (lien direct) | Block disclosed a data breach related to the Cash App investing app and is notifying 8.2 million current and former US customers. The data breach involved a former employee that downloaded some unspecified reports of its Cash App Investing app that contained some U.S. customer information. Cash App is an app that allows users to […] | Data Breach | ||
|
2022-04-06 10:54:42 | Cash App notifies 8 million customers of data breach (lien direct) | Cash App, a popular stock trading app, has suffered a data breach impacting up to 8.2 million former and current users. It has been reported that the breach was caused by a former employee illegitimately accessing customer information. Block, Cash App’s owner, notified the Security and Exchange Commission (SEC) of the breach on Monday. The filing […] | Data Breach | ||
 |
2022-04-06 02:01:34 | Block Admits Data Breach Involving Cash App Data Accessed by Former Employee (lien direct) | Block, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers. "While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after | Data Breach | ||
|
2022-04-05 14:57:04 | CashApp Says Ex-Employee Stole Customer Stock Trading Data (lien direct) | Financial services and stock trading platform CashApp on Tuesday fessed up to a data breach being blamed on a former employee who stole brokerage data, including portfolio values, from an unknown number of U.S. accounts. | Data Breach | ||
|
2022-04-05 04:39:05 | MailChimp breached, intruders conducted phishing attacks against crypto customers (lien direct) | Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. The fake data breach notification emails urged Trezort customers to reset the PIN of […] | Data Breach | ||
|
2022-04-05 02:28:02 | Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams (lien direct) | Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. The development was first reported by Bleeping Computer. The company, which was acquired by financial software firm Intuit in September 2021, told the publication that it became aware of the incident | Data Breach Tool | ||
|
2022-04-04 11:38:10 | Spanish energy giant hit by data breach (lien direct) | Iberdrola, a Spanish energy provider, has suffered a data breach affecting over one million customers, local reports suggest. The company is headquartered in Bilbao and is the parent company of Scottish Power. They have reported that the attack took place on March 15 this year. The breach reportedly resulted in the theft of customer ID […] | Data Breach | ||
|
2022-04-04 10:59:39 | Trezor customers phished following MailChimp breach (lien direct) | Trezor, who manufacture hardware devices designed to store digital currency, has warned its customers not to reply to official-looking emails after identifying a convincing phishing campaign. Several customers complained to Trezor’s twitter account over the weekend to complain about a scam email claiming that a data breach had hit over 100,000 customers. The email reportedly […] | Data Breach | ||
|
2022-04-04 08:30:00 | Scottish Power Parent Company Hit by Data Breach (lien direct) | Some 1.5 million customers have personal info stolen | Data Breach | ||
 |
2022-03-31 20:14:44 | Ubiquiti sues journalist, alleging defamation in coverage of data breach (lien direct) | Ubiquiti's market cap dropped $4 billion following news coverage. | Data Breach | ||
|
2022-03-31 12:32:26 | IT Giant Globant Confirms Source Code Repository Breach (lien direct) | IT giant Globant has confirmed suffering a data breach after the notorious hacker group Lapsus$ leaked tens of gigabytes of data allegedly stolen from the company. | Data Breach | ||
 |
2022-03-31 11:58:57 | GUEST ESSAY: The case for leveraging hardware to shore up security - via a co-processor (lien direct) | Cybersecurity has never felt more porous. You are no doubt aware of the grim statistics: •The average cost of a data breach rose year-over-year from $3.86 million to $4.24 million in 2021, according to IBM. •The majority of cyberattacks … (more…) | Data Breach |
To see everything:
Our RSS (filtrered)
