What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-12 16:30:00 | Oklahoma City Indian Clinic Data Breach Affects 40,000 Individuals (lien direct) | Investigation revealed unauthorized party accessed and possibly retained sensitive customer information | Data Breach | ★★ | |
 |
2022-05-12 16:23:17 | Trezor Crypto Wallet Attacks Results in Class Action Lawsuit Against MailChimp Owner Intuit (lien direct) |
Months after the MailChimp data breach targeting 102 companies in the crypto sector, a new lawsuit has been filed seeking millions of dollars in damages. |
Data Breach | ★★★ | |
 |
2022-05-12 03:00:00 | CIS Control 18 Penetration Testing (lien direct) | >Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security's “Cost of a Data Breach Report 2021,” the average cost of a breach has […]… Read More | Data Breach | ||
|
2022-05-05 15:30:00 | Illuminate Data Breach Impacts More School Districts (lien direct) | Colorado now affected by incident that compromised data of 820,000 NYC students | Data Breach | ||
 |
2022-05-05 15:20:05 | One Identity Guest Blog – The password checklist (lien direct) | By Dan Conrad, Security team lead at One Identity It is not a secret that passwords are not a particularly secure method of protection, furthermore in a world where multifactor authentication is becoming the norm, talking about password hygiene seems a little dated but still, according to the Verizon 2021 Data Breach Investigations Report, credentials […] | Data Breach Guideline | ||
 |
2022-05-04 04:02:00 | Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation (lien direct) |
Cybersecurity often focuses on malware campaigns or the latest zero-day exploit. Surveys and reports reveal the average cost of a data breach or how much it typically costs to recover from a ransomware attack. Those are the attacks that make noise and capture attention, though. The attacks that fly under the radar are often more insidious and much more costly. |
Ransomware Data Breach Malware | ||
 |
2022-04-28 21:53:58 | Experts Insight On Coca Cola Potential Breach (lien direct) | Following the news that: Coca Cola Investigates Potential Data Breach Coca Cola is investigating reports of data breach after claim Stormous ransomware group stole data | Daily Mail Online Security experts commented below. | Ransomware Data Breach | ||
|
2022-04-27 09:30:00 | Coca-Cola Investigates Data Breach Claim (lien direct) | Ransomware group Stormous claims it has stolen 161GB of data from the soft drinks giant | Ransomware Data Breach | ||
|
2022-04-26 16:45:00 | Data Breach Disrupts UK Army Recruitment (lien direct) | British Army online recruitment system down since March following data breach | Data Breach | ||
|
2022-04-25 16:30:00 | Kansas Hospital Discloses Data Breach (lien direct) | Email accounts compromised for nearly a year in breach impacting 52,224 people | Data Breach | ||
|
2022-04-22 16:00:00 | Wawa Sues Mastercard Over Data Breach Penalties (lien direct) | Convenience store claims payment card network owes it $32m | Data Breach | ||
|
2022-04-22 15:30:00 | SuperCare Health Faces Lawsuits Over Data Breach (lien direct) | Respiratory patients seek legal redress after breach allegedly exposes medical records | Data Breach | ||
|
2022-04-21 17:15:00 | Bob\'s Red Mill Reports Data Breach (lien direct) | American natural foods company notifies online customers of data scraping attack | Data Breach | ||
|
2022-04-15 14:24:42 | Q1 Reported Data Compromises Up 14% Over 2021 (lien direct) | The Identity Theft Resource Center published a First Quarter 2022 Data Breach Analysis which found that Q1 of 2022 began with the highest number of publicly reported data compromises in the past three years. Among stated findings: Publicly reported data compromises totaled 404 through March 31, 2022, a 14 percent increase compared to Q1 2021. […] | Data Breach | ||
 |
2022-04-15 09:08:13 | Ways to Develop a Cybersecurity Training Program for Employees (lien direct) | Cybersecurity experts would have you believe that your organization's employees have a crucial role in bolstering or damaging your company’s security initiatives. While you may disagree, data breach studies show that employees and negligence are the most typical causes of security breaches, yet these prevalent issues are least discussed. According to a recent industry report […] | Data Breach Studies | ||
 |
2022-04-14 19:54:44 | Incomplete Fix for Apache Struts 2 Vulnerability (CVE-2021-31805) Amended (lien direct) | FortiGuard Labs is aware that the Apache Software Foundation disclosed and released a fix for a potential remote code execution vulnerability (CVE-2021-31805 OGNL Injection vulnerability ) that affects Apache Struts 2 on April 12th, 2022. Apache has acknowledged in an advisory that the fix was issued because the first patch released in 2020 did not fully remediate the issue. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also released an advisory on April 12th, 2022, warning users and administrators to review the security advisory "S2-062" issued by Apache and upgrade to the latest released version as soon as possible. Why is this Significant?This is significant because Apache Struts is widely used and successfully exploiting CVE-2021-31805 could result in an attacker gaining control of a vulnerable system. Because of the potential impact, CISA released an advisory urging users and administrators to review the security advisory "S2-062" issued by Apache and upgrade to the latest released version as soon as possible.On the side note, an older Struts 2 OGNL Injection vulnerability (CVE-2017-5638) was exploited in the wild that resulted in a massive data breach of credit reporting agency Equifax in 2017.What is Apache Struts 2?Apache Struts 2 is an open-source web application framework for developing Java web applications that extends the Java Servlet API to assist, encourage, and promote developers to adopt a model-view-controller (MVC) architecture.What is CVE-2021-31805?CVE-2021-31805 is an OGNL injection vulnerability in Struts 2 that enables an attacker to perform remote code execution on a vulnerable system. The vulnerability was originally assigned CVE-2020-17530, however CVE-2021-31805 was newly assigned to the vulnerability as some security researchers found a workaround for the original patch released in 2020.The vulnerability is described as "some of the tag's attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation."What Versions of Apache Struts are Vulnerable to CVE-2021-31805?Struts 2.0.0 - Struts 2.5.29 are vulnerable.Struts 2.0.0 and 2.5.29 were released in 2006 and 2022 respectively. Has the Vendor Released a Patch for CVE-2021-31805?Yes, Apache released a fixed version (2.5.30) of Apache Struts 2 on April 12th, 2022.Users and administrators are advised to upgrade to Struts 2.5.30 or greater as soon as possible.Has the Vendor Released an Advisory?Yes, Apache released an advisory on April 12th, 2022. See the Appendix for a link to "Security Bulletin: S2-062".What is the Status of Coverage?FortiGuard Labs provides the following IPS coverage for CVE-2020-17530, which applies for CVE-2021-31805:Apache.Struts.OGNL.BeanMap.Remote.Code.Execution | Data Breach Vulnerability Guideline | Equifax Equifax | |
|
2022-04-14 17:00:00 | MetroHealth Data Breach Involved 1700 Patients (lien direct) | The breach involved patient names, care provider names and appointment details | Data Breach | ||
|
2022-04-12 12:00:00 | Consumers Increasingly Numb to Data Breach Risks (lien direct) | Trust in organizations hits rock bottom but many don't care | Data Breach | ||
|
2022-04-11 16:30:00 | SuperCare Data Breach Involves More Than 300,000 Individuals (lien direct) | California-based respiratory care provider SuperCare Health discovered the incident on July 27 2021 | Data Breach | ||
|
2022-04-11 14:48:18 | SuperCare Health discloses a data breach that Impacted +300K people (lien direct) | SuperCare Health, a leading respiratory care provider in the Western U.S, disclosed a data breach that impacted more than 300,000 individuals. SuperCare Health disclosed a security breach that has led to the exposure of personal information belonging to its patients, patients/members of its partner organizations and others. The company notified impacted individuals and law enforcement […] | Data Breach Guideline | ||
 |
2022-04-11 10:41:32 | SuperCare Health Data Breach Impacts Over 300,000 People (lien direct) | California-based respiratory care provider SuperCare Health recently disclosed a data breach affecting more than 300,000 individuals. | Data Breach | ||
|
2022-04-06 14:01:25 | Block discloses data breach involving Cash App potentially impacting 8.2 million US customers (lien direct) | Block disclosed a data breach related to the Cash App investing app and is notifying 8.2 million current and former US customers. The data breach involved a former employee that downloaded some unspecified reports of its Cash App Investing app that contained some U.S. customer information. Cash App is an app that allows users to […] | Data Breach | ||
|
2022-04-06 10:54:42 | Cash App notifies 8 million customers of data breach (lien direct) | Cash App, a popular stock trading app, has suffered a data breach impacting up to 8.2 million former and current users. It has been reported that the breach was caused by a former employee illegitimately accessing customer information. Block, Cash App’s owner, notified the Security and Exchange Commission (SEC) of the breach on Monday. The filing […] | Data Breach | ||
 |
2022-04-06 02:01:34 | Block Admits Data Breach Involving Cash App Data Accessed by Former Employee (lien direct) | Block, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that contained information about its U.S. customers. "While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after | Data Breach | ||
|
2022-04-05 14:57:04 | CashApp Says Ex-Employee Stole Customer Stock Trading Data (lien direct) | Financial services and stock trading platform CashApp on Tuesday fessed up to a data breach being blamed on a former employee who stole brokerage data, including portfolio values, from an unknown number of U.S. accounts. | Data Breach | ||
|
2022-04-05 04:39:05 | MailChimp breached, intruders conducted phishing attacks against crypto customers (lien direct) | Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. During the weekend, multiple owners of Trezor hardware cryptocurrency wallets reported having received fake data breach notifications from Trezor, BleepingComputer first reported. The fake data breach notification emails urged Trezort customers to reset the PIN of […] | Data Breach | ||
|
2022-04-05 02:28:02 | Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams (lien direct) | Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. The development was first reported by Bleeping Computer. The company, which was acquired by financial software firm Intuit in September 2021, told the publication that it became aware of the incident | Data Breach Tool | ||
|
2022-04-04 11:38:10 | Spanish energy giant hit by data breach (lien direct) | Iberdrola, a Spanish energy provider, has suffered a data breach affecting over one million customers, local reports suggest. The company is headquartered in Bilbao and is the parent company of Scottish Power. They have reported that the attack took place on March 15 this year. The breach reportedly resulted in the theft of customer ID […] | Data Breach | ||
|
2022-04-04 10:59:39 | Trezor customers phished following MailChimp breach (lien direct) | Trezor, who manufacture hardware devices designed to store digital currency, has warned its customers not to reply to official-looking emails after identifying a convincing phishing campaign. Several customers complained to Trezor’s twitter account over the weekend to complain about a scam email claiming that a data breach had hit over 100,000 customers. The email reportedly […] | Data Breach | ||
|
2022-04-04 08:30:00 | Scottish Power Parent Company Hit by Data Breach (lien direct) | Some 1.5 million customers have personal info stolen | Data Breach | ||
 |
2022-03-31 20:14:44 | Ubiquiti sues journalist, alleging defamation in coverage of data breach (lien direct) | Ubiquiti's market cap dropped $4 billion following news coverage. | Data Breach | ||
|
2022-03-31 12:32:26 | IT Giant Globant Confirms Source Code Repository Breach (lien direct) | IT giant Globant has confirmed suffering a data breach after the notorious hacker group Lapsus$ leaked tens of gigabytes of data allegedly stolen from the company. | Data Breach | ||
 |
2022-03-31 11:58:57 | GUEST ESSAY: The case for leveraging hardware to shore up security - via a co-processor (lien direct) | Cybersecurity has never felt more porous. You are no doubt aware of the grim statistics: •The average cost of a data breach rose year-over-year from $3.86 million to $4.24 million in 2021, according to IBM. •The majority of cyberattacks … (more…) | Data Breach | ||
 |
2022-03-31 09:23:10 | Globant admits to data breach after Lapsus$ releases source code (lien direct) | The hacking group criticized Globant's "poor security practices." | Data Breach | ||
|
2022-03-30 13:54:58 | Shutterfly Discloses Data Breach After Conti Ransomware Attack (lien direct) | Online retail and photography manufacturing platform Shutterfly has disclosed a data breach that exposed employee information after threat actors stole data during a Conti ransomware attack. Shutterfly offers photography-related services to consumers, the enterprise, and education through various brands, including Shutterfly.com, BorrowLenses, GrooveBook, Snapfish, and Lifetouch. Today, Shutterfly disclosed that its network was breached on December […] | Ransomware Data Breach Threat | ||
|
2022-03-30 11:25:23 | As Lapsus$ comes back from \'vacation,\' Sitel clarifies position on data breach (lien direct) | Lapsus$ also claims to have compromised a software solutions provider. | Data Breach | ||
 |
2022-03-28 20:30:53 | Welcoming the Bulgarian Government to Have I Been Pwned (lien direct) | Data breaches impact us all as individuals, companies and as governments. Over the last 4 years, I've been providing additional access to data breach information in Have I Been Pwned for government agencies responsible for protecting their citizens. The access is totally free and amounts to APIs designed | Data Breach | ||
|
2022-03-28 17:15:00 | Washington Health District Suffers Another Data Breach (lien direct) | Phishing attacks on Spokane Regional Health District triggers two data breach announcements in 2022 | Data Breach | ||
 |
2022-03-24 17:11:40 | HubSpot Data Breach Ripples Through Crytocurrency Industry (lien direct) | ~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up. | Data Breach | ||
|
2022-03-24 06:34:03 | Okta says 375 customers impacted by the hack, but Lapsus$ gang says it is lying (lien direct) | The provider of access management systems Okta confirmed the data breach and revealed that 2.5% of its customers were impacted. This week Lapsus$ extortion group claimed to have stolen sensitive data from the identity and access management giant Okta solutions. The gang announced the alleged hack through its Telegram channel and shared a series of screenshots […] | Data Breach Hack | ||
|
2022-03-22 17:15:00 | Background Check Company Sued Over Data Breach (lien direct) | Four parallel lawsuits filed against Creative Services Inc over alleged data security failings | Data Breach | ||
|
2022-03-22 12:34:53 | Over 1 Million Impacted in Data Breach at Texas Dental Services Provider (lien direct) | Dental and orthodontic care provider JDC Healthcare Management (JDC) has revealed that the information of a large number of Texans was compromised in a data breach discovered last year. | Data Breach | ||
 |
2022-03-22 12:00:04 | Cloud security: How your public cloud environment may be vulnerable to data breach (lien direct) | Half of the security pros surveyed by Laminar said their cloud environments were hit by a data breach in 2020 or 2021. | Data Breach | ||
|
2022-03-21 17:15:00 | FTC Accuses CafePress of Data Breach "Cover-Up" (lien direct) | Commission orders e-commerce platform to compensate small businesses and improve security | Data Breach | ||
|
2022-03-21 17:00:00 | Dental Care Data Breach May Impact 1 Million Texans (lien direct) | Social Security numbers at risk in state's largest reported breach since notification law enacted | Data Breach | ||
|
2022-03-21 12:11:40 | Cryptocurrency Services Hit by Data Breach at CRM Company HubSpot (lien direct) | Cambridge, MA-based customer relationship management (CRM) company HubSpot over the weekend confirmed being targeted by hackers after several cryptocurrency services started informing their customers about a cybersecurity incident involving HubSpot. | Data Breach | ||
|
2022-03-18 14:48:47 | TransUnion Confirms Data Breach at South Africa Business (lien direct) | Credit reporting giant TransUnion has confirmed a data breach affecting its South Africa business. The company appears to have been targeted by profit-driven cybercriminals. | Data Breach | ||
|
2022-03-17 14:31:22 | FTC Fines CafePress After Data Breach – Expert Reaction (lien direct) | The U.S. Federal Trade Commission (FTC) wants to slap the former owner of the CafePress custom t-shirt and merchandise site with a $500,000 fine for failing to secure its users’ data and attempting to cover up a significant data breach impacting millions. As the consumer protection watchdog explained, CafePress’ former owner, Residual Pumpkin Entity, stored […] | Data Breach | ||
|
2022-03-17 10:23:00 | Ex CafePress owner fined $500,000 for \'shoddy\' security, covering up data breach (lien direct) | When victim accounts were closed after being hacked in one incident, CafePress went so far as to charge them a $25 fee. | Data Breach | ||
|
2022-03-16 17:30:00 | Irish Watchdog Fines Meta $19m Over Data Breach (lien direct) | Ireland's data regulator imposes penalty after inquiry into 2018 data breach notifications | Data Breach |
To see everything:
Our RSS (filtrered)
