What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-05 10:59:33 | US defense contractor Electronic Warfare hit by data breach (lien direct) | US defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach after threat actors hacked their email system and stole files containing personal information. [...] | Data Breach Threat | ||
 |
2021-11-03 21:35:52 | (Déjà vu) The U.K. Labour Party discloses a data breach (lien direct) | The U.K. Labour Party discloses a data breach after a ransomware attack hit a service provider that is managing its data. The U.K. Labour Party discloses a data breach after a service provider that manages its data was hit by a ransomware attack. The party notified relevant authorities and members that some of their information […] | Ransomware Data Breach | ||
|
2021-11-03 13:22:25 | (Déjà vu) UK Labour Party discloses data breach after ransomware attack (lien direct) | The UK Labour Party notified members that some of their information was impacted in a data breach after a ransomware attack hit a third-party organization that was managing the party's data. [...] | Ransomware Data Breach | ||
 |
2021-11-03 13:00:00 | Report: Cost of a Data Breach in Energy and Utilities (lien direct) | On average, the cost of a data breach rose by 10% from 2020 to 2021. The energy industry ranked fifth in data breach costs, surpassed only by the health care, financial, pharmaceutical and technology verticals, according to the 17th annual Cost of a Data Breach Report. Some energy cybersecurity measures can help reduce the cost […] | Data Breach | ||
 |
2021-11-03 11:15:00 | UK\'s Labour Party hit by third-party data breach (lien direct) | On average, the cost of a data breach rose by 10% from 2020 to 2021. The energy industry ranked fifth in data breach costs, surpassed only by the health care, financial, pharmaceutical and technology verticals, according to the 17th annual Cost of a Data Breach Report. Some energy cybersecurity measures can help reduce the cost […] | Data Breach | ||
 |
2021-11-02 13:29:52 | After Security Flaw Found, Missouri Hires Data Breach Group (lien direct) | Two weeks after a newspaper discovered a security flaw on a state website, Gov. Mike Parson's administration has hired a company that performs data breach and credit monitoring services. | Data Breach | ||
 |
2021-11-01 19:42:00 | California Health Network Reports Data Breach (lien direct) | PHI of more than 650K patients of Community Medical Centers may have been exposed | Data Breach | ||
 |
2021-10-27 15:41:13 | Launching a collaborative minimum security baseline (lien direct) | Posted by Royal Hansen, Vice President, Security According to an Opus and Ponemon Institute study, 59% of companies have experienced a data breach caused by one of their vendors or third parties. Outsourcing operations to third-party vendors has become a popular business strategy as it allows organizations to save money and increase operational efficiency. While these are positives for business operations, they do create significant security risks. These vendors have access to critical systems and customer data and so their security posture becomes equally as important.Up until today, organizations of all sizes have had to design and implement their own security baselines for vendors that align with their risk posture. Unfortunately, this creates an impossible situation for vendors and organizations alike as they try to accommodate thousands of different requirements.To solve this challenge, organizations across the industry teamed up to design Minimum Viable Secure Product or MVSP – a vendor-neutral security baseline that is designed to eliminate overhead, complexity and confusion during the procurement, RFP and vendor security assessment process by establishing minimum acceptable security baselines. With MVSP, the industry can increase clarity during each phase so parties on both sides of the equation can achieve their goals, and reduce the onboarding and sales cycle by weeks or even months.MVSP was developed and is backed by companies across the industry, including Google, Salesforce, Okta, Slack and more. Our goal is to increase the minimum bar for security across the industry while simplifying the vetting process.MVSP is a collaborative baseline focused on developing a set of minimum security requirements for business-to-business software and business process outsourcing suppliers. Designed with simplicity in mind, it contains only those controls that must, at a minimum, be implemented to ensure a reasonable security posture. MVSP is presented in the form of a minimum baseline checklist that can be used to verify the security posture of a solution.How can MVSP help you? Security teams measuring vendor offerings against a set of minimum security baselinesMVSP ensures that vendor selection and RFP include a minimum baseline that is backed by the industry. Communicating minimum requirements up front ensures everyone understands where they stand and that the expectations are clear.Internal teams looking to measure your security against minimum requirementsMVSP provides a set of minimum security baselines that can be used as a checklist to understand gaps in the security of a product or service. This can be used to highlight opportunities for improvement and raise their visibility within the organization, with clearly defined benefits.Procurement teams gathering information about vendor servicesMVSP provides a single set of security-relevant questions that are publicly available and industry-backed. Aligning on a single set of baselines allows clearer understanding from vendors, resulting in a quicker and more accurate response.Legal teams negotiating |
Data Breach | ||
|
2021-10-22 10:06:38 | Italian celebs\' data exposed in ransomware attack on SIAE (lien direct) | The Italian data protection authority Garante per la Protezione dei Dati Personali (GPDP) has announced an investigation into a data breach of the country's copyright protection agency. [...] | Ransomware Data Breach | ||
|
2021-10-20 13:19:49 | Acer suffers a second data breach in a week (lien direct) | Tech giant Acer was hacked again in a few days, after the compromise of the servers in India, threat actors also breached some of its systems in Taiwan. Tech giant Acer was hacked twice in a week, the same threat actor (Desorden) initially breached some of its servers in India, now it is claiming to […] | Data Breach Threat | ||
|
2021-10-20 13:00:00 | Exploring the Costs, Risks and Causes of a Government Data Breach (lien direct) | In nearly every part of the world, people associate the word ‘government’ with order. Government services bring societal order, economic stability and security at all levels. However, the past decade of data breaches has challenged this. Federal and local governments battle worldwide breaches and cyber attacks. Data security flaws have been so pervasive in public […] | Data Breach | ||
|
2021-10-20 10:27:59 | Missouri Budget Officials Outline $50M Cost of Data Breach (lien direct) | Help for roughly 100,000 teachers whose Social Security numbers were made vulnerable in a massive state data breach could cost Missouri as much as $50 million, the governor's office confirmed Tuesday. | Data Breach | ||
|
2021-10-18 09:03:00 | Twitch: No Passwords Were Taken in Data Breach (lien direct) | Firm claims only a “small fraction” of users were impacted | Data Breach | ||
|
2021-10-15 20:17:29 | Accenture discloses data breach after LockBit ransomware attack (lien direct) | IT and consulting giant Accenture confirmed a data breach after the ransomware attack conducted by LockBit operators in August 2021. Global IT consultancy giant Accenture discloses a data breach after the LockBit ransomware attack that hit the company in August 2021. News about the attack was included in the company’s financial report for the fourth quarter […] | Ransomware Data Breach | ||
|
2021-10-15 10:49:18 | Accenture confirms data breach after August ransomware attack (lien direct) | Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company's systems in August 2021. [...] | Ransomware Data Breach | ||
|
2021-10-13 13:00:00 | What Is the True Cost of a Health Care Data Breach? (lien direct) | The health care industry has remained the top data breach target for eleven years in a row. Highly sensitive and personally identifiable information (PII) held by health care systems is an attractive target. After all, it contains all the information used for identity theft. In addition, that data may be stored on less secure networks […] | Data Breach | ||
 |
2021-10-11 15:10:14 | An Overview of the 2021 Twitch Live Streaming Data Breach (lien direct) |
Online video gamers everywhere had their eyes and ears on the news, curious to learn more about their popular live streaming service Twitch and its recent data breach. |
Data Breach | ||
 |
2021-10-10 05:10:26 | Weekly Update 264 (lien direct) | A lot of cyber things this week: loads of data breach (or "scrape", In LinkedIn's case) incidents, Windows 11 upgrade experiences and then bricking my house courtesy of a Home Assistant update that fundamentally changed the Tuya integration. So pretty much "same, same but different& | Data Breach | ||
 |
2021-10-08 13:27:51 | Cybersecurity experts discuss the Twitch data breach (lien direct) | The Amazon-owned video game streaming platform Twitch has exposed roughly 135 gigabytes of data, revealing source code and payout figures for streamers. Twitch confirmed the leak after the data was advertised on 4chan. Here’s what cybersecurity experts had to say on the matter: Javvad Malik, lead security awareness advocate, KnowBe4 The Twitch breach is a […] | Data Breach Guideline | ||
|
2021-10-07 10:45:56 | (Déjà vu) Twitch data breach updates: login credentials or card numbers not exposed (lien direct) | An anonymous individual has leaked the source code and data of the popular video streaming platform Twitch via a torrent file posted on 4chan. An anonymous 4chan user has published a torrent link to a 128GB file on the 4chan discussion board, the leaked archive contains sensitive data stolen from 6,000 internal Twitch Git repositories. […] | Data Breach | ||
|
2021-10-07 05:58:00 | Twitch data breach investigations continue (lien direct) | An anonymous individual has leaked the source code and data of the popular video streaming platform Twitch via a torrent file posted on 4chan. An anonymous 4chan user has published a torrent link to a 128GB file on the 4chan discussion board, the leaked archive contains sensitive data stolen from 6,000 internal Twitch Git repositories. […] | Data Breach | ||
|
2021-10-07 03:39:35 | Twitch: No credentials or card numbers exposed in data breach (lien direct) | Twitch says that no login credentials and credit card numbers belonging to users or streamers were exposed following yesterday's massive data leak. [...] | Data Breach | ||
 |
2021-10-06 19:31:12 | Twitch source code, creator earnings exposed in 125GB leak (lien direct) | Twitch confirms the data breach but is investigating the full extent. | Data Breach | ||
 |
2021-10-06 15:47:57 | A Devastating Twitch Hack Sends Streamers Reeling (lien direct) | The data breach apparently includes source code, gamer payouts, and more. | Data Breach Hack | ||
 |
2021-10-06 14:30:00 | Making the Case for a Threat Intelligence Platform (lien direct) | Cyber Risks As the cyber threat landscape becomes rapidly more complex, the risk of breaches increases. The potential for severe financial loss, reputational damage, and non-compliance with regulations drive companies to invest in threat intelligence platforms. Threat Intelligence Platforms Threat intelligence platforms (TIP) are critical security tools that use global intelligence data to help proactively identify, mitigate and remediate security risks. A TIP pulls together key cyber threat defense functions, creating a holistic threat intelligence system. Some of the key benefits are operationalizing data gathering, processing data into intelligence, integrating information from various sources, streamlining the intelligence cycle, and better navigate the threat landscape. While this tool has obvious advantages to security professionals, making the business case to invest in a TIP can be a challenge. Making the Business Case for a TIP Speaking in a Language Management Understands The case needs to be made from management's perspective to justify the investment in a TIP. Start with mapping security objectives with management objectives, understanding the business risks that concern them vs. cyber threats in general, and quantifying the return on investment. Interviewing the heads of key intelligence stakeholders throughout the organization is a good way of gaining the insight needed to understand the business and how it is affected by cybersecurity. This communication can also create the trust that the security teams are working for them and their goals. Communication style is also essential. Security terms that are part of the everyday vocabulary of SOC analysts and threat intelligence teams may not be readily understandable by those in other functional areas. More technical language should be translated into basic concepts, and information should be contextualized to resonate with the audience. Visual mapping and use cases can be persuasive communication techniques. Visual mapping of the relationships between intelligence stakeholders can describe solutions in a way that transcends security terminology. Use cases from your own company or others in similar industries is an effective way of giving real-world context to a TIP implementation. Threat Intelligence Platform Return on Investment The bottom line for any investment is the quantifiable return it will have for the company. Cost savings are the most obvious contribution that threat intelligence tools can make to an organization. However, revenue generation can also be a significant payback of operationalized threat intelligence. Regulatory compliance can also contribute to a positive ROI. TIP Cost Reductions The cost of a devastating data breach is always top of mind for a company. Investing in a TIP that minimizes financial risk can be justified by focusing on relevant threats. Depending on the industry, the pure financial losses can be enormous. Breaches like those at Home Depot and Target have run into tens of millions of dollars. Potential direct operational fees for legal and forensic services, consultants, and customer care are most easily quantified. Harder to quantify but potentially just as costly are loss of brand equity and reputational damage. Better utilization of assets is also a significant contribution to cost reductions. Automation of data gathering, processing, and intelligence reporting saves threat intelligence analysts' time, freeing them for more strategic threat hunting, etc. A TIP can also eliminate the need for additional headcount and reduce time spent on chasing false positives. By replacing unnecessary security tools with a TIP that functions more effectively, you can further reduce costs. TIP Revenue Generation While cost reductions are a more typical contributor to calcu | Data Breach Tool Threat | ||
|
2021-10-06 13:00:00 | Banking and Finance Data Breaches: Costs, Risks and More To Know (lien direct) | As each year passes, cybersecurity becomes more important for businesses and agencies of every size, in nearly every industry. In 2020, ransomware cases grew by 150%, and every 39 seconds, a new attack is launched somewhere on the web. A data breach also causes rising costs in banking and finance. What Happens in a Banking […] | Ransomware Data Breach | ||
 |
2021-10-05 14:30:59 | Facebook Blames Outage on Faulty Router Configuration (lien direct) | One easily disproved conspiracy theory linked the ~six-hour outage to a supposed data breach tied to a Sept. 22 hacker forum ad for 1.5B Facebook user records. | Data Breach | ||
|
2021-10-05 12:19:08 | Telecoms Giant Syniverse Discloses Years-Long Data Breach (lien direct) | Syniverse, a company whose connectivity services are used by nearly all mobile carriers in the world, said hackers had access to its information technology (IT) and operational technology (OT) systems for years. | Data Breach | ||
|
2021-10-01 16:30:00 | Major Data Breach Hits Neiman Marcus (lien direct) | American luxury department store warns 4.6 million customers that their personal data may have been stolen | Data Breach | ||
|
2021-10-01 16:05:00 | Deploying Proven Data Security Tools to Combat the Rising Cost of a Data Breach (lien direct) | It can be hard to navigate which solutions really protect you from the effects of a data breach. Take a look at defending against data breaches by the numbers. That way, you can focus on the modern data security approaches that make next year’s results more promising. According to the annual Cost of a Data […] | Data Breach | ||
|
2021-10-01 13:32:49 | Neiman Marcus discloses data breach, payment card data exposed (lien direct) | Luxury retail company Neiman Marcus Group has announced this week that it has suffered a data breach that impacted customer information. The attack against Neiman Marcus Group took place in May 2020, as a result of the attack, threat actors had access to customers’ information, including payment card data. Exposed personal information includes names and […] | Data Breach Threat | ||
|
2021-10-01 12:32:30 | Neiman Marcus data breach impacts 4.6 million customers (lien direct) | Users were asked to change passwords-but were not offered free credit monitoring. | Data Breach | ||
|
2021-10-01 11:49:22 | Neiman Marcus sends notices of breach to 4.3 million customers (lien direct) | Neiman Marcus, the Texas-based luxury department stores chain, is sending notices of a data breach to roughly 4.3 million customers. [...] | Data Breach | ||
|
2021-10-01 11:38:30 | Neiman Marcus Confirms Payment Cards Compromised in Data Breach (lien direct) | Luxury retail company Neiman Marcus Group on Thursday confirmed that customer information was indeed stolen in a data breach. During the incident, which occurred in May 2020, hackers were able to exfiltrate information associated with online customer accounts, including payment card data, the company says. | Data Breach | ||
 |
2021-09-30 02:09:19 | ImmuniWeb Launches Free Cloud Security Test to Detect Unprotected Storage (lien direct) | The IDC cloud security survey 2021 states that as many as 98% of companies were victims of a cloud data breach within the past 18 months.
Fostered by the pandemic, small and large organizations from all over the world are migrating their data and infrastructure into a public cloud, while often underestimating novel and cloud-specific security or privacy issues.
Nearly every morning, the |
Data Breach | ||
|
2021-09-29 18:15:00 | Know the Four Pillars of Cloud Security That Reduce Data Breach Risk (lien direct) | Can having a mature, comprehensive cloud security strategy reduce the impact of data breaches on your organization? Results from the latest Cost of a Data Breach Report indicate that taking this approach might produce potential savings for your business. Among other findings, the report noted that the mature use of security analytics was associated with […] | Data Breach | ||
|
2021-09-29 13:47:24 | Trucking giant Forward Air reports ransomware data breach (lien direct) | Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information. [...] | Ransomware Data Breach Threat | ||
|
2021-09-27 19:04:00 | California Hospital Sued Over Data Breach (lien direct) | UC San Diego Health facing lawsuit over security incident that may have impacted 500K individuals | Data Breach | ||
|
2021-09-22 11:40:22 | UK Minister Sorry Over Afghan Interpreters\' Data Breach (lien direct) | Britain's defense minister apologized and his ministry suspended an official Tuesday after a “significant” data breach involving the email addresses of dozens of Afghan interpreters hoping to settle in the U.K. | Data Breach | ||
|
2021-09-21 16:00:00 | Cybersecurity Solutions to Know in 2021: Open Source and Scaling Up (lien direct) | Speed is of the essence in digital defense. As the latest Ponemon Institute Cost of a Data Breach Report makes clear, businesses and agencies that are able to respond to and contain an incident rapidly will save millions over their slower peers. The average total cost of a data breach increased by nearly 10%, the largest […] | Data Breach | ||
|
2021-09-20 12:32:41 | Epik data breach impacts 15 million users, including non-customers (lien direct) | Scraped WHOIS data of NON-Epik customers also exposed in the 180 GB leak. | Data Breach | ||
|
2021-09-20 09:43:58 | Republican Governors Association email server breached by state hackers (lien direct) | The Republican Governors Association (RGA) revealed in data breach notification letters sent last week that its servers were breached during an extensive Microsoft Exchange hacking campaign that hit organizations worldwide in March 2021. [...] | Data Breach | ★★ | |
|
2021-09-14 20:36:00 | Massachusetts AG Launches Probe into T-Mobile Data Breach (lien direct) | T-Mobile data breach under investigation by Massachusetts attorney general Maura Healey | Data Breach | ||
 |
2021-09-14 20:35:54 | Cyber Insurance: How to Meet Requirements, Save Money and Reduce Risk (lien direct) | As the average cost of a data breach reaches a record high of $4.24 million, one successful zero-day exploit or ransomware attack has the potential to take down a business completely. Having cyber insurance, or... | Ransomware Data Breach | ||
|
2021-09-14 09:13:00 | Mass health tracker data breach has UK impact (lien direct) | As the average cost of a data breach reaches a record high of $4.24 million, one successful zero-day exploit or ransomware attack has the potential to take down a business completely. Having cyber insurance, or... | Data Breach | ||
 |
2021-09-14 04:04:51 | Grâce à l'objectif de l'analyste: la puissance réelle des services de détection et de réponse gérés Through the Analyst Lens: The Real Power of Managed Detection and Response Services (lien direct) |
La menace constante de la violation de données fait que les organisations examinent leur capacité à protéger l'entreprise de la prochaine grande attaque.Mais la technologie à elle seule n'a pas réduit votre temps moyen à détecter et à répondre.Selon Craig Robinson, directeur de programme au sein de la pratique de recherche sur les services de sécurité d'IDC \\ et auteur de la dernière étude IDC Marketscape dans les services de détection et de réponse gérés aux États-Unis, «Il y aura de plus en plus de besoin de MDRServices à l'avenir.Dans les talons de la publication IDC Marketscape, je me suis assis avec Craig pour découvrir ce que les clients et les vendeurs voient
The constant threat of data breach has organizations scrutinizing their ability to protect the business from the next big attack. But technology alone won\'t reduce your mean-time-to-detect and respond. According to Craig Robinson, Program Director within IDC\'s Security Services research practice and author of the latest IDC MarketScape study in U.S. Managed Detection and Response (MDR) Services, “there is going to be more and more of a need for MDR Services in the future.” On the heels of the IDC MarketScape publication, I sat down with Craig to discover what customers and vendors are seeing |
Data Breach Threat Studies | ★★★ | |
 |
2021-09-12 00:00:00 | Règlements et ransomwares: un aperçu rapide de la vue d'ensemble de ce que les entreprises doivent savoir sur les ransomwares et les réglementations connexes. Regulations & Ransomware: A Quick OverviewAn overview of what enterprises need to know about ransomware and related regulations.Read More (lien direct) |
As cybersecurity threats continue to evolve, ransomware has recently come into focus as one of the more prominent and challenging types of attacks to deal with. Not only do companies need to face the security implications of having their data fall into the hands of cybercriminals, but there can be significant costs around paying ransoms and/or recovering systems and files. Plus, paying ransoms can raise some ethical if not legal issues. There are already several existing regulations that enterprises need to keep in mind if hit with a ransomware attack. And as the risk grows, a number of new regulations are under consideration around the world.In this brief overview, weâll explore what enterprises need to know about ransomware and related regulations.What Is Ransomware?Before diving into what to do about ransomware and what regulations to follow, itâs important to understand what ransomware is.âRansomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption,â explains the U.S. Cybersecurity & Infrastructure Security Agency (CISA).In other words, ransomware can lock a user out of their own files/systems, which can bring work to a halt. Even if the ransom is paid and everything gets unlocked, itâs possible that the cybercriminals stole data meanwhile. While some of the more headline-grabbing attacks have been at large, well-known companies, ransomware can essentially affect anyone, regardless of size, industry or location.How to Reduce the Risk of RansomwareAlthough ransomware is on the rise, there are still several steps organizations can take to reduce the risk of a ransomware attack or at least mitigate the damage.âAs with all risks posed by external actors, the likelihood that a ransomware attack is successful can be drastically reduced by tightening the security of the data controlling environment,â notes the European Data Protection Board (EDPB).From updating software and systems with appropriate security patches, to using anti-malware software or related monitoring services, there are many cybersecurity best practices that can potentially keep ransomware out, as the EDPB highlights.If ransomware does take hold, having complete backups can help. As the EDPB notes, the impact of ransomware âcould effectively be contained,â by resetting systems to wipe out the ransomware and then âfixing the vulnerabilities and restoring the affected data soon after the attack.âOrganizations can also get a better handle on ransomware risk via cyber risk quantification (CRQ), such as through Kovrrâs insurance-validated risk models. CRQ works by analyzing factors such as past cyber events and the technologies and service providers that a company uses to then quantify what companies might lose if a cyber attack like ransomware occurs. Part of being prepared means knowing how much is at stake financially, and CRQ can help organizations focus on the areas that present the largest financial risk. âWhat Ransomware Regulations Exist?Current ransomware regulations differ around the world, so the specific rules an enterprise needs to follow depends on factors like what markets they operate in and whether they fall under certain jurisdictions.Communicating AttacksOne of the more notable rules that relates to ransomware is the EUâs General Data Protection Regulation (GDPR), which can still apply to companies outside Europe, such as those that have customers in the EU. Under GDPR, explains the EDPB, a personal data breach needs to be reported to relevant authorities and potentially to the people whose data gets exposed. So, for example, if a ransomware incident involves a cybercriminal locking up files that contain personal information, such as financial or medical records, then the affected company may need to report that to those affected.In the U.S. the | Ransomware Data Breach Malware Vulnerability Prediction Medical | ★★★ | |
|
2021-09-10 20:17:59 | MyRepublic Data Breach Raises Data-Protection Questions (lien direct) | The incident raises considerations for security for critical data housed in third-party infrastructure, researchers say. | Data Breach | ||
|
2021-09-10 14:47:38 | MyRepublic discloses data breach exposing government ID cards (lien direct) | MyRepublic Singapore has disclosed a data breach exposing the personal information of approximately 80,000 mobile subscribers. [...] | Data Breach | ||
 |
2021-09-07 18:50:08 | Data Privacy Day 6 months later: A look at privacy trends and solutions (lien direct) | Does your company need a head of data privacy, a data breach response plan, blockchain technology or something else to keep its data safe? Here are some challenges and recommendations. | Data Breach |
To see everything:
Our RSS (filtrered)
