What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-07-24 16:30:00 | La violation des données de l'hôpital général de Tampa a un impact de 1,2 million de patients Tampa General Hospital Data Breach Impacts 1.2 Million Patients (lien direct) |
TGH a déclaré qu'il avait d'abord détecté une activité inhabituelle sur ses systèmes informatiques le 31 mai 2023
TGH said it first detected unusual activity on its computer systems on May 31 2023 |
Data Breach | ★★ | |
 |
2023-07-24 04:01:49 | Rapport IBM: le coût moyen d'une violation de données atteint 4,45 millions de dollars IBM Report: Average Cost of a Data Breach Rises to $4.45 Million (lien direct) |
IBM Security a également fourni des conseils pour prévenir et atténuer les violations de données.
IBM Security also provided tips for how to prevent and mitigate data breaches. |
Data Breach | ★★★★ | |
 |
2023-07-24 04:01:00 | Ce qui est nouveau dans le coût en 2023 d'un rapport de violation de données What\\'s new in the 2023 Cost of a Data Breach report (lien direct) |
> Les coûts de violation de données continuent de croître, selon de nouvelles recherches, atteignant une moyenne mondiale record de 4,45 millions de dollars, ce qui représente une augmentation de 15% sur trois ans.Les coûts dans l'industrie des soins de santé ont continué à atteindre les graphiques, en tant que l'industrie la plus chère pour la 13e année consécutive.Pourtant, à mesure que les coûts de violation continuent de grimper, le [& # 8230;]
>Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry for the 13th year in a row. Yet as breach costs continue to climb, the […] |
Data Breach | ★ | |
 |
2023-07-21 18:56:00 | Le DHL enquête sur la violation de Moveit car le nombre de victimes dépasse 20 millions DHL investigating MOVEit breach as number of victims surpasses 20 million (lien direct) |
La branche du Royaume-Uni du géant de l'expédition DHL a déclaré qu'elle enquêtait sur une violation de données réapprochée de son utilisation du logiciel Moveit, qui a été exploitée par un groupe de ransomwares basé en Russie depuis près de deux mois.Dans une déclaration à la future nouvelle enregistrée, DHL a confirmé que l'un de ses fournisseurs de logiciels avait été touché par
The United Kingdom arm of shipping giant DHL said it is investigating a data breach sourced back to its use of the MOVEit software, which has been exploited by a Russia-based ransomware group for nearly two months. In a statement to Recorded Future News, DHL confirmed that one of its software providers was impacted by |
Ransomware Data Breach | ★★★ | |
 |
2023-07-20 14:11:43 | Géant des cosmétiques EST & Eacute; E Lauder ciblé par deux groupes de ransomwares Cosmetics Giant Estée Lauder Targeted by Two Ransomware Groups (lien direct) |
> Est & eacute; e Lauder a confirmé avoir subi une violation de données, tout comme deux groupes de ransomwares prétendaient avoir ciblé l'entreprise, tous deux voler de grandes quantités d'informations.
>Estée Lauder has confirmed suffering a data breach just as two ransomware groups claimed to have targeted the company, both allegedly stealing vast amounts of information. |
Ransomware Data Breach | ★★ | |
 |
2023-07-20 02:53:24 | Trois raisons pour lesquelles la sécurité des entreprises commence par la formation des employés Three Reasons Why Business Security Starts with Employee Education (lien direct) |
L'erreur humaine est un facteur contribuant majeur aux violations des données de l'entreprise.Plus de 340 millions de personnes ont peut-être déjà été affectées par une violation de données au cours des quatre premiers mois de 2023. Avec les taux de cybercriminalité qui planent dans le monde, c'est clairement un domaine où l'investissement et l'expertise sont nécessaires.Bien que la mise à jour des ordinateurs portables avec les derniers logiciels anti-logiciels et la configuration des travailleurs avec des mots de passe complexes, l'authentification à deux facteurs (2FA) pour l'accès aux e-mails et un VPN sécurisé sont toutes de bonnes pratiques, le véritable investissement consiste à éduquer les employés.Ici \\ est pourquoi: une équipe est aussi bonne que son maillon le plus faible ...
Human error is a major contributing factor to company data breaches. More than 340 million people may already have been affected by a data breach in the first four months of 2023. With cybercrime rates soaring around the world, it\'s clearly an area where investment and expertise are required. While updating laptops with the latest antimalware software and setting up workers with complex passwords, two-factor authentication (2FA) for email access, and a secure VPN are all good practices, the real investment is in educating employees. Here\'s why: A team is only as good as its weakest link... |
Data Breach | ★★ | |
|
2023-07-19 09:03:29 | Obtenez une vie de protection VPN puissante pour vos données commerciales pour seulement 70 $ Get a Lifetime of Powerful VPN Protection for Your Business Data for Just $70 (lien direct) |
Il n'y a aucune raison de prendre des risques que votre entreprise subisse une violation de données lorsqu'une vie de protection puissante est si abordable.
There\'s no reason to take chances of your business suffering a data breach when a lifetime of powerful protection is so affordable. |
Data Breach | ★★ | |
|
2023-07-18 14:00:00 | JumpCloud confirme la violation des données par l'acteur de l'État-nation JumpCloud Confirms Data Breach By Nation-State Actor (lien direct) |
Le vecteur d'attaque a été identifié comme injection de données dans le cadre des commandes de l'entreprise
The attack vector was identified as data injection into the firm\'s commands framework |
Data Breach | ★★★ | |
 |
2023-07-14 10:23:39 | La Colorado State University affirme que la violation des données a un impact sur les étudiants, le personnel Colorado State University says data breach impacts students, staff (lien direct) |
La Colorado State University (CSU) a confirmé que l'opération de ransomware de CloP avait volé des informations personnelles sensibles sur les étudiants et les employés actuels et anciens lors des récentes attaques de données de transfert de déplacement.[...]
Colorado State University (CSU) has confirmed that the Clop ransomware operation stole sensitive personal information of current and former students and employees during the recent MOVEit Transfer data-theft attacks. [...] |
Ransomware Data Breach | ★★ | |
|
2023-07-14 04:09:40 | Shutterfly dit que l'attaque des ransomwares CLOP n'a pas eu d'impact sur les données des clients Shutterfly says Clop ransomware attack did not impact customer data (lien direct) |
Shutterfly, une plate-forme de fabrication en ligne de vente au détail et de photographie, est parmi les dernières victimes frappées par des ransomwares de Clop.Au cours des derniers mois, CloP Ransomware Gang a exploité une vulnérabilité dans le service de transfert de fichiers Moveit pour violer des centaines d'entreprises pour voler leurs données et tenter l'extorsion contre eux.[...]
Shutterfly, an online retail and photography manufacturing platform, is among the latest victims hit by Clop ransomware. Over the last few months, Clop ransomware gang has been exploiting a vulnerability in the MOVEit File Transfer utility to breach hundreds of companies to steal their data and attempt extortion against them. [...] |
Ransomware Data Breach Vulnerability | ★★★ | |
 |
2023-07-13 00:00:00 | Le Ransomware Threat Landscape H1-23 Ce rapport fournit une analyse complète de toutes les attaques de ransomwares connues qui ont été signalées au cours des deux premiers trimestres de 2023. The Ransomware Threat Landscape H1-23This report provides a comprehensive analysis of all known ransomware attacks that were reported during the first two quarters of 2023.Read More (lien direct) |
IntroductionâIn this comprehensive report, Kovrr collected and analyzed data on all known ransomware attacks reported during the first two quarters of 2023. The data was collected from multiple sources, all aggregated and updated regularly in Kovrrâs Threat Intelligence Database. The database includes data on many different types of cyber incidents, but this report includes only data on ransomware attacks, excluding data on any other type of attacks. The ransomware groups covered in this report all operate as a RaaS (Ransomware as a Service), a business model through which the ransomware binary and operation are sold or leased to operators, called affiliates. This means that a ransomware operation is composed of many different individuals, with separate roles, and the extortion profits are divided between them. Some individuals are responsible for initial access to the targets, others to lateral movement to interesting and profitable areas in the victim network, while others are responsible for the ransomware infection itself, and others negotiate with the victim after infection. âSummaryâThese are the main insights from the collected data:There is a 32% drop in attack amounts in H1-23 compared to H2-22. It is important to note that this drop can also be due to delayed reporting of cyber incidents by attacked companies.The top ten most active groups observed during the first half of 2023 are AvosLocker, Bianlian, BlackBasta, BlackCat, Clop, Lockbit 3.0, MedusaLocker, Play, Royal, and ViceSociety. All 10 actors accounted for 87% of attacks during this period, while the top 3 groups (Lockbit 3.0, BlackCat, and Clop) accounted for 53% of all claimed attacks during this period. The average lifespan of a ransomware group is 262 days, while the median is 167 days. In an average month, 18.3 different ransomware groups are active.The most targeted industry is the Services industry, while companies with a revenue of $10M-$50M are the most common targets. âData Collection Methods and Possible BiasesâThe data for this research was collected from Kovrrâs Threat Intelligence Database, that collects data from multiple sources, and includes information on different types of cyber incidents. Specifically for this report, data was collected mainly from ransomware leak sites, public filings of attacked companies, and news reports on ransomware attacks. The data from ransomware leak sites was collected mainly from Double Extortion (https://doubleextortion.com), a data source providing up to date information from ransomware leak sites. The rest of the data was collected using proprietary sources and methods. This data was then combined with additional sources to collect company business information and is limited to ransomware attacks that occurred and were reported in the first two quarters of 2023, between January 1st 2023 and June 31st 2023. There are several possible biases in the data that may affect the results presented in the report. Data collection for this research relied either on a company filing a notification on a ransomware attack, or a ransomware group uploading information about a victim. Therefore, in the case that a company decided not to file a notice of a ransomware attack, for example due to not being legally required to do so, it will not be included in our data. This means that companies located in countries that require data breach notifications, such as companies in the United States or the European Union, are expected to have a higher representation in our data. This is also true for companies in more regulated industries, such as healthcare. Regarding data retrieved from ransom group sites, there may be cases where an attacker did not upload data on the attack victim, as the victim paid the ransom, or for other reasons. This means that some victims that have quickly paid ransoms following an attack might not appear in our data. Additionally,, we have previously researched | Ransomware Data Breach Vulnerability Threat Cloud | APT 17 | ★★★ |
 |
2023-07-12 19:25:00 | Console & Associates, P.C.Enquête sur les soins de santé HCA après le rapport de violation de données affectant environ 11 millions de patients Console & Associates, P.C. Investigates HCA Healthcare After Report of Data Breach Affecting an Estimated 11M Patients (lien direct) |
IntroductionâIn this comprehensive report, Kovrr collected and analyzed data on all known ransomware attacks reported during the first two quarters of 2023. The data was collected from multiple sources, all aggregated and updated regularly in Kovrrâs Threat Intelligence Database. The database includes data on many different types of cyber incidents, but this report includes only data on ransomware attacks, excluding data on any other type of attacks. The ransomware groups covered in this report all operate as a RaaS (Ransomware as a Service), a business model through which the ransomware binary and operation are sold or leased to operators, called affiliates. This means that a ransomware operation is composed of many different individuals, with separate roles, and the extortion profits are divided between them. Some individuals are responsible for initial access to the targets, others to lateral movement to interesting and profitable areas in the victim network, while others are responsible for the ransomware infection itself, and others negotiate with the victim after infection. âSummaryâThese are the main insights from the collected data:There is a 32% drop in attack amounts in H1-23 compared to H2-22. It is important to note that this drop can also be due to delayed reporting of cyber incidents by attacked companies.The top ten most active groups observed during the first half of 2023 are AvosLocker, Bianlian, BlackBasta, BlackCat, Clop, Lockbit 3.0, MedusaLocker, Play, Royal, and ViceSociety. All 10 actors accounted for 87% of attacks during this period, while the top 3 groups (Lockbit 3.0, BlackCat, and Clop) accounted for 53% of all claimed attacks during this period. The average lifespan of a ransomware group is 262 days, while the median is 167 days. In an average month, 18.3 different ransomware groups are active.The most targeted industry is the Services industry, while companies with a revenue of $10M-$50M are the most common targets. âData Collection Methods and Possible BiasesâThe data for this research was collected from Kovrrâs Threat Intelligence Database, that collects data from multiple sources, and includes information on different types of cyber incidents. Specifically for this report, data was collected mainly from ransomware leak sites, public filings of attacked companies, and news reports on ransomware attacks. The data from ransomware leak sites was collected mainly from Double Extortion (https://doubleextortion.com), a data source providing up to date information from ransomware leak sites. The rest of the data was collected using proprietary sources and methods. This data was then combined with additional sources to collect company business information and is limited to ransomware attacks that occurred and were reported in the first two quarters of 2023, between January 1st 2023 and June 31st 2023. There are several possible biases in the data that may affect the results presented in the report. Data collection for this research relied either on a company filing a notification on a ransomware attack, or a ransomware group uploading information about a victim. Therefore, in the case that a company decided not to file a notice of a ransomware attack, for example due to not being legally required to do so, it will not be included in our data. This means that companies located in countries that require data breach notifications, such as companies in the United States or the European Union, are expected to have a higher representation in our data. This is also true for companies in more regulated industries, such as healthcare. Regarding data retrieved from ransom group sites, there may be cases where an attacker did not upload data on the attack victim, as the victim paid the ransom, or for other reasons. This means that some victims that have quickly paid ransoms following an attack might not appear in our data. Additionally,, we have previously researched | Data Breach | ★★ | |
 |
2023-07-12 08:15:00 | Le dénonciateur contacte les clients de Natwest touchés par une violation de données vieille de décennies Whistleblower contacts NatWest customers affected by a decade-old data breach (lien direct) |
IntroductionâIn this comprehensive report, Kovrr collected and analyzed data on all known ransomware attacks reported during the first two quarters of 2023. The data was collected from multiple sources, all aggregated and updated regularly in Kovrrâs Threat Intelligence Database. The database includes data on many different types of cyber incidents, but this report includes only data on ransomware attacks, excluding data on any other type of attacks. The ransomware groups covered in this report all operate as a RaaS (Ransomware as a Service), a business model through which the ransomware binary and operation are sold or leased to operators, called affiliates. This means that a ransomware operation is composed of many different individuals, with separate roles, and the extortion profits are divided between them. Some individuals are responsible for initial access to the targets, others to lateral movement to interesting and profitable areas in the victim network, while others are responsible for the ransomware infection itself, and others negotiate with the victim after infection. âSummaryâThese are the main insights from the collected data:There is a 32% drop in attack amounts in H1-23 compared to H2-22. It is important to note that this drop can also be due to delayed reporting of cyber incidents by attacked companies.The top ten most active groups observed during the first half of 2023 are AvosLocker, Bianlian, BlackBasta, BlackCat, Clop, Lockbit 3.0, MedusaLocker, Play, Royal, and ViceSociety. All 10 actors accounted for 87% of attacks during this period, while the top 3 groups (Lockbit 3.0, BlackCat, and Clop) accounted for 53% of all claimed attacks during this period. The average lifespan of a ransomware group is 262 days, while the median is 167 days. In an average month, 18.3 different ransomware groups are active.The most targeted industry is the Services industry, while companies with a revenue of $10M-$50M are the most common targets. âData Collection Methods and Possible BiasesâThe data for this research was collected from Kovrrâs Threat Intelligence Database, that collects data from multiple sources, and includes information on different types of cyber incidents. Specifically for this report, data was collected mainly from ransomware leak sites, public filings of attacked companies, and news reports on ransomware attacks. The data from ransomware leak sites was collected mainly from Double Extortion (https://doubleextortion.com), a data source providing up to date information from ransomware leak sites. The rest of the data was collected using proprietary sources and methods. This data was then combined with additional sources to collect company business information and is limited to ransomware attacks that occurred and were reported in the first two quarters of 2023, between January 1st 2023 and June 31st 2023. There are several possible biases in the data that may affect the results presented in the report. Data collection for this research relied either on a company filing a notification on a ransomware attack, or a ransomware group uploading information about a victim. Therefore, in the case that a company decided not to file a notice of a ransomware attack, for example due to not being legally required to do so, it will not be included in our data. This means that companies located in countries that require data breach notifications, such as companies in the United States or the European Union, are expected to have a higher representation in our data. This is also true for companies in more regulated industries, such as healthcare. Regarding data retrieved from ransom group sites, there may be cases where an attacker did not upload data on the attack victim, as the victim paid the ransom, or for other reasons. This means that some victims that have quickly paid ransoms following an attack might not appear in our data. Additionally,, we have previously researched | Data Breach | ★★ | |
|
2023-07-11 19:36:00 | 11m Patients de santé HCA touchés par la violation de données 11M HCA Healthcare Patients Impacted by Data Breach (lien direct) |
Les pirates publiés en vente pour les données de santé HCA ont volé sur le forum Web Dark.
The hackers posted up for sale stolen HCA Healthcare data on Dark Web forum. |
Data Breach | ★★ | |
|
2023-07-11 15:35:00 | 11 millions de patients touchés sur la violation des données sur les soins de santé 11 Million Patients Impacted in Healthcare Data Breach (lien direct) |
HCA Healthcare a déclaré que des données personnelles d'environ 11 millions de patients ont été publiées sur un forum en ligne
HCA Healthcare said personal data of approximately 11 million patients was published on an online forum |
Data Breach | ★★ | |
|
2023-07-11 11:56:07 | Des informations personnelles de 11 millions de patients volés en violation de données chez HCA Healthcare Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare (lien direct) |
HCA Healthcare dit que les informations personnelles d'environ 11 millions de patients ont été volées dans une violation de données.
HCA Healthcare says the personal information of roughly 11 million patients was stolen in a data breach. |
Data Breach | ★★ | |
|
2023-07-11 11:51:04 | Deutsche Bank confirme la violation du fournisseur Deutsche Bank confirms provider breach exposed customer data (lien direct) |
Deutsche Bank AG a confirmé à BleepingComputer qu'une violation de données sur l'un de ses fournisseurs de services a exposé ses données sur une attaque de données de transfert de transfert de déplacement probable.[...]
Deutsche Bank AG has confirmed to BleepingComputer that a data breach on one of its service providers has exposed its customers\' data in a likely MOVEit Transfer data-theft attack. [...] |
Data Breach | ★★★ | |
|
2023-07-11 10:59:20 | HCA confirme la violation après le pirate vole les données de 11 millions de patients HCA confirms breach after hacker steals data of 11 million patients (lien direct) |
HCA Healthcare a révélé une violation de données ayant un impact sur environ 11 millions de patients qui ont reçu des soins dans l'un de ses hôpitaux et cliniques après qu'un acteur de menace a publié des échantillons de données volées sur un forum de piratage.[...]
HCA Healthcare disclosed a data breach impacting an estimated 11 million patients who received care at one of its hospitals and clinics after a threat actor posted samples of stolen data on a hacking forum. [...] |
Data Breach Threat | ★★ | |
|
2023-07-10 11:00:49 | Razer enquête sur les réclamations de violation de données, réinitialise les séances utilisateur Razer investigates data breach claims, resets user sessions (lien direct) |
La société d'équipement de jeu Razer a réagi aux rumeurs récentes d'une violation de données massive avec une brève déclaration sur Twitter, faisant savoir aux utilisateurs qu'ils ont commencé une enquête sur la question.[...]
Gaming gear company Razer reacted to recent rumors of a massive data breach with a short statement on Twitter, letting users know that they started an investigation into the matter. [...] |
Data Breach | ★★★ | |
 |
2023-07-07 10:00:00 | Qu'est-ce qu'un plan de réponse aux incidents (IRP) et quelle est l'efficacité de votre posture de réponse aux incidents? What is an incident response plan (IRP) and how effective is your incident response posture? (lien direct) |
As everyone looks about, sirens begin to sound, creating a sense of urgency; they only have a split second to determine what to do next. The announcer repeats himself over the loudspeaker in short bursts... This is not a drill; report to your individual formations and proceed to the allocated zone by following the numbers on your squad leader\'s red cap. I take a breather and contemplate whether this is an evacuation. What underlying danger is entering our daily activities? 1…2….3…. Let\'s get this party started!
When I come to… I find that the blue and red lights only exist in the security operations center. Intruders are attempting to infiltrate our defenses in real time; therefore, we are on high alert. The time has come to rely on incident response plans, disaster recovery procedures, and business continuity plans. We serve as security posture guardians and incident response strategy executors as organizational security leaders. It is vital to respond to and mitigate cyber incidents, as well as to reduce security, financial, legal, and organizational risks in an efficient and effective manner.
Stakeholder community
CISOs, as security leaders, must develop incident response teams to combat cybercrime, data theft, and service failures, which jeopardize daily operations and prevent consumers from receiving world-class service. To maintain operations pace, alert the on-the-ground, first-line-of-defense engagement teams, and stimulate real-time decision-making, Incident Response Plan (IRP) protocols must include end-to-end, diverse communication channels.
Stakeholder Types
What does an incident response plan (IRP) do?
That\'s an excellent question. The incident response plan gives a structure or guideline to follow to reduce, mitigate, and recover from a data breach or attack. Such attacks have the potential to cause chaos by impacting customers, stealing sensitive data or intellectual property, and damaging brand value. The important steps of the incident response process, according to the National Institute of Standards and Technology (NIST), are preparation, detection and analysis, containment, eradication, and recovery, and post-incident activity that focuses on a continual learning and improvement cycle.
Lifecycle of Incident Response
Many company leaders confront a bottleneck when it comes to assigning a severity rating that determines the impact of the incident and establishes the framework for resolution strategies and external messaging. For some firms, being able to inspect the damage and appropriately assign a priority level and impact rating can be stressful and terrifying.
Rating events can help prioritize limited resources. The incident\'s business impact is calculated by combining the functional effect on the organization\'s systems and the impact on the organization\'s information. The recoverability of the situation dictates the possible answers that the team may take while dealing with the issue. A high functional impact occurrence with a low recovery effort is suited for fast team action.
The heart beat
Companies should follow industry standards that have been tried and tested by fire departments to improve overall incident response effectiveness. This includes:
Current contact lists, on-cal |
Data Breach Vulnerability Threat Cloud | ★★ | |
|
2023-07-06 12:09:12 | 28 000 touchés par la violation de données à Pepsi Bottling Ventures 28,000 Impacted by Data Breach at Pepsi Bottling Ventures (lien direct) |
> Les informations personnelles, financières et de santé de plus de 28 000 personnes volées en violation de données à Pepsi Bottling Ventures.
>The personal, financial, and health information of over 28,000 individuals stolen in data breach at Pepsi Bottling Ventures. |
Data Breach | ★★ | |
 |
2023-07-06 12:00:00 | Nerve Center: Protégez votre réseau contre les nouvelles souches de ransomware avec notre dernière mise à jour RANSIM Nerve Center: Protect Your Network Against New Ransomware Strains with Our Latest RanSim Update (lien direct) |
ransomware continue d'être une menace majeure pour toutes les organisations et, selon le Verizon 2023 Data Breach Investigations Report , est toujours présent dans 24% des violations.
Ransomware continues to be a major threat for all organizations and, according to the Verizon 2023 Data Breach Investigations Report, is still present in 24% of breaches. |
Ransomware Data Breach Threat | ★★ | |
 |
2023-07-03 09:30:50 | Verizon 2023 DBIR: Ce qui est nouveau cette année et les meilleurs plats pour les PME Verizon 2023 DBIR: What\\'s new this year and top takeaways for SMBs (lien direct) |
> Voici quelques-unes des idées clés sur l'évolution du paysage de la violation de données, comme l'a révélé l'analyse de Verizon \\ de plus de 16 000 incidents
>Here are some of the key insights on the evolving data breach landscape as revealed by Verizon\'s analysis of more than 16,000 incidents |
Data Breach | ★ | |
|
2023-06-28 10:55:34 | Informations sensibles volées dans Letmespy Stalkerware Hack Sensitive Information Stolen in LetMeSpy Stalkerware Hack (lien direct) |
> Les e-mails, les numéros de téléphone, les journaux d'appels et les messages collectés volés en violation de données sur Android Stalkware LetMespy.
>Emails, phone numbers, calls logs, and collected messages stolen in data breach at Android stalkware LetMeSpy. |
Data Breach Hack | ★★ | |
|
2023-06-27 14:11:47 | Siemens Energy confirme la violation des données après l'attaque de vol de données Moveit Siemens Energy confirms data breach after MOVEit data-theft attack (lien direct) |
Siemens Energy a confirmé que les données avaient été volées lors des récentes attaques de données de données de ransomware CLOP en utilisant une vulnérabilité zéro-jour dans la plate-forme de transfert Moveit.[...]
Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform. [...] |
Ransomware Data Breach Vulnerability | ★★ | |
 |
2023-06-27 13:25:28 | Le processus de test de pénétration The Penetration Testing Process (lien direct) |
Data Breach | ★★ | ||
|
2023-06-26 21:51:00 | Genworth Financial Reports Breach Fvassing SSNS appartenant à 2,7 millions de policiers et clients Genworth Financial Reports Data Breach Leaking SSNs Belonging to 2.7M Policyholders and Customers (lien direct) |
Data Breach | ★★ | ||
|
2023-06-26 16:50:30 | American Airlines, Southwest Airlines affectée par la violation de données chez un fournisseur tiers American Airlines, Southwest Airlines Impacted by Data Breach at Third-Party Provider (lien direct) |
> Les informations personnelles d'American Airlines et de Southwest Airlines Pilots ont été exposées dans une violation de données d'un fournisseur de services tiers.
>The personal information of American Airlines and Southwest Airlines pilots was exposed in a data breach at a third-party services provider. |
Data Breach | ★★ | |
|
2023-06-26 14:00:00 | 3 étapes pour parcourir avec succès et éthiquement une violation de données 3 Steps to Successfully & Ethically Navigate a Data Breach (lien direct) |
En ce jour de «pas si, mais quand» pour les violations, la transparence et la divulgation complète sont importantes pour récupérer la réputation d'une entreprise et garder la confiance du public.
In this day of "not if, but when" for breaches, transparency and full disclosure are important to salvage a company\'s reputation and keep public trust. |
Data Breach | ★★ | |
|
2023-06-23 14:10:23 | Test de pénétration de l'équipe rouge avec Mitnick: à quoi s'attendre Red Team Penetration Testing With Mitnick: What to Expect (lien direct) |
Data Breach | ★★ | ||
|
2023-06-23 11:06:33 | Moveit Breach a un impact Genworth, CalPERS en tant que données pour 3,2 millions MOVEIt breach impacts GenWorth, CalPERS as data for 3.2 million exposed (lien direct) |
PBI Research Services (PBI) a subi une violation de données avec trois clients révélant que les données de 4,75 millions de personnes ont été volées dans les récentes attaques de données de transfert de Moveit.[...]
PBI Research Services (PBI) has suffered a data breach with three clients disclosing that the data for 4.75 million people was stolen in the recent MOVEit Transfer data-theft attacks. [...] |
Data Breach | ★★ | |
|
2023-06-21 18:01:32 | Iottie révèle la violation des données après le piratage du site pour voler des cartes de crédit iOttie discloses data breach after site hacked to steal credit cards (lien direct) |
L'automobile et le fabricant d'accessoires mobiles Iottie avertissent que son site a été compromis pendant près de deux mois pour voler les acheteurs en ligne \\ 'cartes de crédit et informations personnelles.[...]
Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online shoppers\' credit cards and personal information. [...] |
Data Breach | ★★ | |
|
2023-06-21 14:37:00 | Snack Food Company Mondelez avertit les employés du vol de données Snack food company Mondelez warns employees of data theft (lien direct) |
Mondelez, le fabricant américain d'Oreo Cookies et de Mila Chocolate, a averti les employés que leurs données personnelles ont été compromises par une violation du cabinet d'avocats Bryan Cave, qui fournit des services juridiques à Mondelez et à d'autres sociétés du Fortune 500.Mondelez a déclaré dans son préavis de violation de données quiplus de 50 000 de son actuel et
Mondelez, the U.S. manufacturer of Oreo cookies and Milka chocolate, has warned employees that their personal data has been compromised through a breach at the law firm Bryan Cave, which provides legal services to Mondelez and other Fortune 500 companies. Mondelez stated in its data breach notice that more than 50,000 of its current and |
Data Breach | ★★ | |
|
2023-06-21 13:43:49 | UPS révèle la violation des données après les informations sur les clients exposés utilisés dans le phishing SMS UPS discloses data breach after exposed customer info used in SMS phishing (lien direct) |
La société d'expédition multinationale UPS alerte les clients canadiens que certaines de leurs informations personnelles pourraient avoir été exposées via ses outils de recherche de packages en ligne et abusée dans des attaques de phishing.[...]
Multinational shipping company UPS is alerting Canadian customers that some of their personal information might have been exposed via its online package look-up tools and abused in phishing attacks. [...] |
Data Breach | ★★ | |
|
2023-06-20 13:00:00 | Cyberheistnews Vol 13 # 25 [empreintes digitales partout] Les informations d'identification volées sont la cause profonde n ° 1 des violations de données CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches (lien direct) |
CyberheistNews Vol 13 #25 | June 20th, 2023
[Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches
Verizon\'s DBIR always has a lot of information to unpack, so I\'ll continue my review by covering how stolen credentials play a role in attacks.
This year\'s Data Breach Investigations Report has nearly 1 million incidents in their data set, making it the most statistically relevant set of report data anywhere.
So, what does the report say about the most common threat actions that are involved in data breaches? Overall, the use of stolen credentials is the overwhelming leader in data breaches, being involved in nearly 45% of breaches – this is more than double the second-place spot of "Other" (which includes a number of types of threat actions) and ransomware, which sits at around 20% of data breaches.
According to Verizon, stolen credentials were the "most popular entry point for breaches." As an example, in Basic Web Application Attacks, the use of stolen credentials was involved in 86% of attacks. The prevalence of credential use should come as no surprise, given the number of attacks that have focused on harvesting online credentials to provide access to both cloud platforms and on-premises networks alike.
And it\'s the social engineering attacks (whether via phish, vish, SMiSh, or web) where these credentials are compromised - something that can be significantly diminished by engaging users in security awareness training to familiarize them with common techniques and examples of attacks, so when they come across an attack set on stealing credentials, the user avoids becoming a victim.
Blog post with links:https://blog.knowbe4.com/stolen-credentials-top-breach-threat
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever l |
Ransomware Data Breach Spam Malware Hack Vulnerability Threat Cloud | ChatGPT ChatGPT | ★★ |
 |
2023-06-19 20:00:38 | Verizon \\'s 2023 Data Breach Investigation Rapport: Prise à emporter et conseils Verizon\\'s 2023 Data Breach Investigation Report: Takeaways and Tips (lien direct) |
> DBIR 2023 de Verizon \\ fournit des statistiques et des tendances de violation de données importantes.Voici tout ce que vous avez besoin pour connaître nos conseils pour rester en sécurité dans l'année à venir.
>Verizon\'s DBIR 2023 delivers important data breach statistics and trends. Here\'s all you need to know-plus our tips on staying safe in the coming year. |
Data Breach | ★★★ | |
 |
2023-06-19 12:26:06 | 19 juin & # 8211;Rapport de renseignement sur les menaces 19th June – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes en cyberdes licences de conducteur.Cela vient après les ransomwares de Clop [& # 8230;]
>For the latest discoveries in cyber research for the week of 19th June, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES The Louisiana Office of Motor Vehicles (OMV) and the Oregon DMV Services have released statements warning US citizens of a data breach exposing millions of driver’s licenses. This comes after the Clop ransomware […] |
Ransomware Data Breach Threat | ★★ | |
|
2023-06-16 13:00:00 | Comment certaines entreprises sont-elles compromises encore et encore? How Do Some Companies Get Compromised Again and Again? (lien direct) |
> Hack-moi une fois, honte à toi.Hack-moi deux fois, honte à moi.La populaire société de marketing par e-mail, MailChimp, a subi une violation de données l'année dernière après que les cyberattaques ont exploité un outil d'entreprise interne pour accéder aux comptes clients.Les criminels ont pu examiner environ 300 comptes et exfiltrer des données sur 102 clients.Ils aussi [& # 8230;]
>Hack me once, shame on thee. Hack me twice, shame on me. The popular email marketing company, MailChimp, suffered a data breach last year after cyberattackers exploited an internal company tool to gain access to customer accounts. The criminals were able to look at around 300 accounts and exfiltrate data on 102 customers. They also […] |
Data Breach Hack Tool | ★★ | |
|
2023-06-16 10:28:13 | Des millions d'identifiants de l'Oregon, l'État de Louisiane, volés dans la violation de Moveit Millions of Oregon, Louisiana state IDs stolen in MOVEit breach (lien direct) |
La Louisiane et l'Oregon avertissent que des millions de licences de conducteur \\ ont été exposées dans une violation de données après qu'un gang de ransomware a piraté ses systèmes de transfert de fichiers de sécurité de transfert Moveit pour voler des données stockées.[...]
Louisiana and Oregon warn that millions of driver\'s licenses were exposed in a data breach after a ransomware gang hacked their MOVEit Transfer security file transfer systems to steal stored data. [...] |
Ransomware Data Breach | ★★ | |
 |
2023-06-14 13:48:31 | Étude: les taux de violation de données en Ukraine et en Russie montrent une baisse un an après le début de la guerre Study: Data breach rates in Ukraine and Russia show a decline one year after the war onset (lien direct) |
Les stratégies de guerre devenant de plus en plus sophistiquées, la menace des violations de données en temps de guerre augmente.Cette semaine, le graphique de \\ se plonge dans les violations de données soutenues dans la construction vers et tout au long de la guerre de Russo-Ukrainien, mettant en évidence l'échelle globale et l'impact.
-
rapports spéciaux
With war strategies becoming increasingly more sophisticated, the threat of war-time data breaches is rising. This week\'s chart delves into data breaches sustained in the build-up to and throughout the Russo-Ukrainian war, highlighting the overall scale and impact. - Special Reports |
Data Breach Threat | ★★★ | |
|
2023-06-13 20:00:00 | Exploiter le pouvoir de PKI pour lutter contre les violations de données Harness the Power of PKI to Battle Data Breaches (lien direct) |
Le coût moyen d'une violation de données est de 4,35 millions de dollars.Comprendre le pouvoir de l'infrastructure clé publique (PKI) et son rôle dans le chiffrement des données et la lutte contre les violations.
The average cost of a data breach is $4.35 million. Understand the power of public key infrastructure (PKI) and its role in encrypting data and battling breaches. |
Data Breach | ★★ | |
 |
2023-06-13 14:45:30 | Roundup de sécurité en juin 2023 Security Roundup June 2023 (lien direct) |
> Conseils, conseils, apprentissage et tendances organisés en cybersécurité et en vie privée, tels que choisis par nos consultants.Target l'humain, balayez l'argent: Verizon DBIR 2023 met en évidence les tendances de la criminalité gérer le risque humain et vous occuper de votre argent: ce sont deux principaux points à retenir du rapport d'enquête sur les violations de données de Verizon \\.Près des trois quarts de violations (74%) impliquent ...
>Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants. Target the human, swipe the cash: Verizon DBIR 2023 highlights crime trends Manage the human risk and mind your money: those are two key takeaways from Verizon\'s 2023 Data Breach Investigations Report. Almost three-quarters of breaches (74 per cent) involve ... |
Data Breach | ★★ | |
 |
2023-06-13 11:07:33 | Zacks Investment Research Faces Larger Data Breach Affecting 8.8 Million Users (lien direct) | A hacking forum has exposed a database containing the personal data of over 8.8 million users of Zacks Investment Research, surpassing the company’s initial data breach reported in January 2023. The database, as confirmed by data breach notification service Have I Been Pwned, includes names, addresses, phone numbers, email addresses, usernames, and unsalted SHA-256 hash […]
A hacking forum has exposed a database containing the personal data of over 8.8 million users of Zacks Investment Research, surpassing the company’s initial data breach reported in January 2023. The database, as confirmed by data breach notification service Have I Been Pwned, includes names, addresses, phone numbers, email addresses, usernames, and unsalted SHA-256 hash […] |
Data Breach | ★★ | |
 |
2023-06-13 10:53:30 | Violation de données chez Zacks Investment Research: 8,8 millions de dossiers clients sont exposés Data Breach at Zacks Investment Research: 8.8M Customer Records are Exposed (lien direct) |
Zacks Investment Research a subi une violation de données non divulguée.En conséquence, un acteur de menace ...
Zacks Investment Research has suffered an undisclosed data breach. As a result, a threat actor... |
Data Breach Threat | ★★ | |
|
2023-06-12 13:59:35 | Ai-je été averti de la violation des données de New Zacks qui a un impact sur 8 millions Have I Been Pwned warns of new Zacks data breach impacting 8 million (lien direct) |
Zacks Investment Research (ZACKS) aurait subi une violation de données plus âgée et non divulguée auparavant impactant 8,8 millions de clients, la base de données maintenant partagée sur un forum de piratage.[...]
Zacks Investment Research (Zacks) has reportedly suffered an older, previously undisclosed data breach impacting 8.8 million customers, with the database now shared on a hacking forum. [...] |
Data Breach | ★★ | |
|
2023-06-12 11:03:24 | Intellihartx informe 490 000 patients de violation de données liées à Goanywhere Intellihartx Informs 490k Patients of GoAnywhere-Related Data Breach (lien direct) |
> Intellihartx affirme que les informations personnelles d'environ 490 000 personnes ont été compromises dans l'attaque de Goanywhere Zero-Day plus tôt cette année.
>Intellihartx says the personal information of roughly 490,000 individuals was compromised in the GoAnywhere zero-day attack earlier this year. |
Data Breach | ★★ | |
|
2023-06-12 08:49:21 | Top 12 à retenir du rapport d'enquête sur les violations de données de Verizon 2023 Top 12 Takeaways from Verizon 2023 Data Breach Investigations Report (lien direct) |
> Verizon & # 8217; Le 16e rapport annuel d'enquête annuel sur les violations de données a été publié le 6 juin 2023. & # 160; Ce ...
>Verizon’s highly anticipated 16th annual data breach investigation report was released on June 6, 2023. This... |
Data Breach | ★★★★ | |
|
2023-06-12 02:33:29 | En attendant vos fuites de données: étapes simples pour aider à prévenir les fuites Minding Your Data Leaks: Simple Steps to Help Prevent Leaks (lien direct) |
Si vous mentionnez la fuite de données à la plupart des gens, ils peuvent penser que cela ressemble à un problème pour un plombier, mais l'expression «fuite de données» a des préoccupations spécifiques et troublantes pour une entreprise.La fuite de données est une menace de sécurité particulière et il existe de nombreuses sources de fuites de données.La violation de données par rapport aux influences de données de données sur les données se produit lorsqu'un attaquant de l'extérieur de votre organisation pénètre dans votre écosystème informatique et vole des informations privées ou sensibles.Des fuites de données se produisent de l'intérieur.Cela se produit lorsque quelqu'un à l'intérieur de l'organisation partage des données confidentielles avec des destinataires non autorisés ou laisse un écart ...
If you mention data leakage to most people, they may think that it sounds like a problem for a plumber, but the phrase “data leak” has specific and troubling concerns for a business. Data leakage is a particular security threat, and there are many sources for data leaks. Data Breach Versus Data Leak Data breaches occur when an attacker from outside your organization gets into your IT ecosystem and steals private or sensitive information. Data leaks occur from the inside out. This happens when someone inside the organization shares confidential data with unauthorized recipients or leaves a gap... |
Data Breach | ★★ | |
|
2023-06-09 21:02:00 | DBIR: les attaques DOS dominent, mais les intrusions du système provoquent la plupart des douleurs DBIR: DoS Attacks Dominate, But System Intrusions Cause Most Pain (lien direct) |
Dans le dernier rapport d'enquête sur les violations de données de Verizon, les attaques de déni de service sont le type le plus courant d'incident de sécurité, mais en ce qui concerne les violations, près de 40% des attaquants compromettent les systèmes.
In the latest Verizon Data Breach Investigations Report, denial-of-service attacks are the most common type of security incident, but when it comes to breaches, nearly 40% of attackers compromise systems. |
Data Breach | ★★ | |
|
2023-06-09 17:48:00 | Les 49ers de San Francisco acceptent de verser des victimes de 2022 violation de données San Francisco 49ers agree to pay out victims of 2022 data breach (lien direct) |
Les 49ers de San Francisco ont accepté de régler un recours collectif résultant d'une violation de données, atteignant un accord pour verser près de 21 000 employés et fans touchés.Juste avant le Super Bowl LVI, en février 2022, le Blackbyte Ransomware Gang a attaqué l'équipe de la NFL, obtenant l'accès aux numéros de sécurité sociale et autres personnellement identifiables
The San Francisco 49ers have agreed to settle a class action lawsuit stemming from a data breach, reaching a deal to pay out nearly 21,000 affected employees and fans. Just before Super Bowl LVI, in February 2022, the BlackByte ransomware gang attacked the NFL team, obtaining access to Social Security numbers and other personally identifiable |
Ransomware Data Breach | ★★ |
To see everything:
Our RSS (filtrered)
