What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-12-15 09:53:04 | Delta Dental of California Data Breach Info Exposé de 7 millions de personnes Delta Dental of California data breach exposed info of 7 million people (lien direct) |
Delta Dental of California et ses affiliés avertissent près de sept millions de patients qu'ils ont subi une violation de données après que les données personnelles ont été exposées dans une violation du logiciel de transfert Moveit.[...]
Delta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. [...] |
Data Breach | ★★ | |
 |
2023-12-15 09:30:00 | Plus de 45 000 employés frappés par une infraction au laboratoire de recherche nucléaire Over 45,000 Employees Hit By Nuclear Research Lab Breach (lien direct) |
Le laboratoire national de l'Idaho affirme que 45 000 employés avaient des informations personnelles compromises en violation de données
Idaho National Laboratory says 45,000 employees had personal information compromised in data breach |
Data Breach | ★★ | |
 |
2023-12-15 06:00:41 | Comment empêcher les attaques basées sur l'identité avec ITDR How to Prevent Identity-Based Attacks with ITDR (lien direct) |
Identity-based attacks are on the rise. Research from the Identity Defined Security Alliance found that 84% of businesses experienced an identity-related breach in the past year. While that\'s a huge percentage, it\'s not all that surprising. Just consider how focused attackers have been in recent years on gaining access to your user\'s identities. In the latest Verizon 2023 Data Breach Investigations Report, Verizon found that 40% of all data breaches in 2022 involved the theft of credentials which is up from 31% in 2021. With access to just one privileged account an attacker can move around undetected on a company\'s network and cause havoc. When they look like the right employee, they have the freedom to do almost anything, from stealing sensitive data to launching ransomware attacks. What\'s worse, attackers usually have tools that make it fast and easy to exploit stolen credentials, escalate privilege and move laterally. That makes this type of attack all the more appealing. There are a bevy of cybersecurity tools that are supposed to protect companies from these attacks. So why do they fall short? The simple answer is that it\'s not their job-at least not completely. Take tools used for identity access management (IAM) as an example. Their role is to administer identities and manage their access to applications and resources. They don\'t detect malicious activity after a “legitimate” user has been authenticated and authorized. And tools for anomaly detection, like security information and event management (SIEM) systems, alert on abnormal or malicious user activity. But they are even less capable of flagging attempts at lateral movement and privilege escalation. As a result, these tools tend to generate high levels of false positives, which overwhelm security teams. However, there is a way to address the security gaps these solutions aren\'t well equipped to cover. It\'s called identity threat detection and response, or ITDR for short. What is ITDR? ITDR is an umbrella term coined by Gartner to describe a new category of security tools and best practices that companies can use to detect and respond more effectively to identity-based attacks. ITDR protects the middle of the attack chain-the point where enterprise defenses are usually the weakest. ITDR tools offer robust analytics, integrations and visibility that can help you to: Detect, investigate and respond to active threats Stop privilege escalations Identify and halt lateral movement by attackers Reduce the identity-centric attack surface before the threat actor even arrives When you use ITDR, you\'re not replacing existing tools or systems for IAM and threat detection and response like privileged access management (PAM) or endpoint detection and response (EDR). Instead, you\'re complementing them. Those tools can continue to do what they do best while ITDR addresses the identity security gaps they\'re not designed to cover. How ITDR solutions work-and help to prevent identity-based attacks ITDR tools are designed to continuously monitor user behavior patterns across systems. They scan every endpoint-clients and servers, PAM systems and identity repositories-to look for unmanaged, misconfigured and exposed identities. With a holistic view of identity risks, your security team can remove key attack pathways through Active Directory (AD) that threat actors use to install ransomware and steal data. ITDR tools can help defenders stop identity attacks and proactively get rid of risks. They allow defenders to see exactly how attackers can access and use identities to compromise the business. Essentially, ITDR provides answers to these three critical questions: Whose identity provides an attack path? What is the identity threat blast radius, and the impact to my business? Are there any identity-based attacks in progress? Leading ITDR tools can help you catch adversaries in the act by planting deceptive content, or trip wires, throughout your environment that only attackers would in | Ransomware Data Breach Tool Vulnerability Threat | ★★ | |
 |
2023-12-14 15:55:00 | La FCC met à jour les règles de violation des données, avec les consommateurs à l'esprit FCC updates data breach rules, with consumers in mind (lien direct) |
La Federal Communications Commission a mis à jour ses règles de violation de données pour la première fois en 16 ans mercredi, élargissant comment une violation est définie et qui alerter quand il y en a une.L'ordonnance de la FCC, décidée dans un vote 3-2 des parties, élargira les règles de notification de violation de la Commission pour inclure certaines informations personnellement identifiables appartenant à
The Federal Communications Commission updated its data breach rules for the first time in 16 years Wednesday, expanding how a breach is defined and who to alert when there is one. The FCC order, decided in a 3-2 party-line vote, will broaden the commission\'s breach notification rules to include certain personally identifiable information belonging to |
Data Breach | ★★ | |
|
2023-12-14 12:59:50 | La violation des données du laboratoire de recherche nucléaire américaine a un impact sur 45 000 personnes U.S. nuclear research lab data breach impacts 45,000 people (lien direct) |
Le Laboratoire national de l'Idaho (INL) a confirmé que les attaquants ont volé les informations personnelles de plus de 45 000 personnes après avoir enfreint sa plate-forme de gestion HCM RH Oracle basée sur le cloud le mois dernier.[...]
The Idaho National Laboratory (INL) confirmed that attackers stole the personal information of more than 45,000 individuals after breaching its cloud-based Oracle HCM HR management platform last month. [...] |
Data Breach | ★★ | |
 |
2023-12-14 11:00:00 | Protéger l'entreprise des fuites de mot de passe Web sombres Protecting the enterprise from dark web password leaks (lien direct) |
Referenced in popular films and television programs, “The Dark Web” has achieved what many cyber security concerns fail to do in that it has entered the public consciousness. It is generally understood that the dark web is a collection of on-line sites and marketplaces, notorious for facilitating illegal activities and harboring stolen information. The details of how this underground economy function, the various levels of sophistication of its participants, and how information ends up in these forums is less broadly understood. The trade in compromised passwords in dark web markets is particularly damaging. Cybercriminals often exploit password leaks to access sensitive data, commit fraud or launch further attacks. Let’s explore the various ways passwords are leaked to the dark web and discuss strategies for using dark web data to protect your organization. Data breaches One of the most common ways passwords are leaked to the dark web is through data breaches. Cybercriminals target organizations and gain unauthorized access to their systems and databases. Once inside, they can steal large volumes of user data, including passwords, which are then sold or traded on the dark web. A “first party” data breach is when that breach occurs in a network you are responsible for (i.e. your company). This is typically a top-of-mind concern for security and IT professionals. However, breaches of third parties that hold information about your users can be equally damaging. Because users often reuse passwords across multiple services, or use slight variations or formulaic passwords, these disclosures are critical. They result in threat actors gaining access to your network or SaaS services by simply logging or through brute forcing a greatly reduced key space which may go unnoticed. Phishing attacks Phishing attacks are another prevalent method used by cybercriminals to obtain passwords. These attacks involve sending deceptive emails, text messages, or social media messages that trick users into revealing their login credentials. Once the attacker has the victim\'s password, they can easily access their accounts or sell the information on the dark web. Keyloggers and malware Keyloggers and malware are stealthy tools used by cybercriminals to record a user\'s keystrokes, including passwords. These can be installed on a victim\'s device through malicious emails, downloads, or infected websites. This is particularly concerning in cases where the endpoints in question are not fully managed by the company. Contractors, network devices provided by service providers, users with BYOD equipment or other semi-public or public devices users might access a cloud service from are all examples of devices which can result in loss of credentials because of malware infection - regardless of the endpoint security measures taken on company owned devices. What is particularly insidious about these infections is that, unless addressed, they continue to report current credentials up to the command-and-control services across password changes and platforms. Insider threats Sometimes, passwords are leaked to the dark web through insider threats. Disgruntled employees, contractors, or other individuals with access to sensitive information may intentionally leak passwords as an act of revenge or for financial gain. Protecting Your Passwords: Best Practices While the risks associated with password leaks on the dark web are real, there are steps you can take to protect your organization from being impacted by these disclosures: Educate users: By now it is difficult to find an organization that doesn’t have a policy and technical controls to enforce the use of strong passwords in their environment. Building on that to train users when it is acceptable to use a company provide email address for service | Data Breach Malware Tool Threat Cloud Technical | ★★ | |
|
2023-12-14 09:44:32 | Atténuation des menaces d'initié: 5 meilleures pratiques pour réduire le risque Insider Threat Mitigation: 5 Best Practices to Reduce Risk (lien direct) |
(This is an updated version of a blog that was originally published on 1/28/21.) Most security teams focus on detecting and preventing external threats. But not all threats come from the outside. The shift to hybrid work, accelerated cloud adoption and high rates of employee turnover have created a perfect storm for data loss and insider threats over the past several years. Today, insider threats rank amongst the top concerns for security leaders-30% of chief information security officers report that insider threats are their biggest cybersecurity threat over the next 12 months. It\'s easy to understand why. Insider threats have increased 44% since 2020 due to current market dynamics-and security teams are struggling to keep pace. According to the Verizon 2023 Data Breach Investigations Report, 74% of all breaches involve the human element. In short, data doesn\'t lose itself. People lose it. When the cybersecurity risk to your company\'s vital systems and data comes from the inside, finding ways to mitigate it can be daunting. Unlike with tools that combat external threats, security controls for data loss and insider threats can impact users\' daily jobs. However, with the right approach and insider threat management tools, that doesn\'t have to be the case. In this blog post, we\'ll share best practices for insider threat mitigation to help your business reduce risk and overcome common challenges you might face along the way. What is an insider threat? But first, let\'s define what we mean by an insider threat. In the cybersecurity world, the term “insider” describes anyone with authorized access to a company\'s network, systems or data. In other words, it is someone in a position of trust. Current employees, business partners and third-party contractors can all be defined as insiders. As part of their day-to-day jobs, insiders have access to valuable data and systems like: Computers and networks Intellectual property (IP) Personal data Company strategy Financial information Customer and partner lists All insiders pose a risk given their position of trust-but not all insiders are threats. An insider threat occurs when someone with authorized access to critical data or systems misuses that access-either on purpose or by making a mistake. The fallout from an insider threat can be dire for a business, including IP loss, legal liability, financial consequences and reputational damage. The challenge for security firms is to determine which insiders are threats, and what type of threats they are, so they know how to respond. There are three insider threat types: Careless. This type of risky insider is best described as a user with good intentions who makes bad decisions that can lead to data loss. The 2022 Cost of Insider Threats Global Report from Ponemon Institute notes that careless users account for more than half (56%) of all insider-led incidents. Malicious. Some employees-or third parties, like contractors or business partners-are motivated by personal gain. Or they might be intent on harming the business. In either case, these risky users might want to exfiltrate trade secrets or take IP when they leave the company. Industrial espionage and sabotage are examples of malicious insider activity. Ponemon research shows malicious insiders account for 26% of insiders. Compromised. Sometimes, external threat actors steal user login information or other credentials. They then use those credentials to access applications and systems. Ponemon reports that compromised users account for 18% of insiders. Insider threat mitigation best practices Companies can minimize brand and financial damage by detecting and stopping insider threats. How each security team approaches insider threats will vary depending on the industry, maturity and business culture. However, every organization can use the five best practices we\'ve outlined below to improve their insider threat prevention. 1. Identify your risky users Most insiders fall into the “care | Data Breach Tool Threat Industrial Cloud Technical | ★★ | |
|
2023-12-13 11:00:00 | Qu'est-ce que la sécurité centrée sur les données? What is data-centric security? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Data is the lifeblood of organizations. It drives decision-making, fosters innovation, and underpins business operations. However, this wealth of data is scattered across multiple cloud platforms, making it an attractive target for cybercriminals, and rendering traditional approaches to data protection obsolete. This is where data-centric security comes into play. This article will explore the concept of data-centric security, why businesses need it, and the benefits it offers. Understanding data-centric security Data-centric security is a comprehensive approach to safeguarding sensitive data by focusing on the data itself rather than the network or perimeter. It revolves around protecting data throughout its lifecycle, ensuring that even if security perimeters are breached, the data remains secure. Data-centric security comprises several key components and principles, including: Data discovery and classification: Identifying and categorizing data based on its sensitivity is the first step in protecting it. By knowing what data is most critical, you can allocate resources and protection measures accordingly. Access controls and permissions: Fine-grained access controls and role-based permissions are essential to restrict data access to authorized users and roles, reducing the risk of data exposure. Encryption: Encrypting data at rest and in transit adds an extra layer of protection, making data inaccessible to unauthorized individuals. Activity monitoring: Real-time activity monitoring and auditing capabilities help detect unusual data access or transfer patterns, allowing for immediate response to potential security incidents. Incident response and mitigation: Effective incident response is crucial in case of a breach or unauthorized access, enabling quick identification of the issue and mitigating any damage. Why businesses need data-centric security The amount of data being used by organizations for day-to-day operations is increasing rapidly. The importance of adopting a data-centric approach to data protection can be summarized into three main reasons: 1. Traditional security is insufficient. Businesses leverage multiple cloud environments, and sensitive data, such as personal information or intellectual property, are migrated and sprawled across these platforms, expanding the attack surface. Data vulnerabilities become increasingly common when network perimeters are hard to define in a hybrid work environment. Applying safeguards directly to data is needed to create more barriers that repel unauthorized data distribution. Data-centric security protects data from all kinds of threats, such as external attackers or negligent employees. 2. Apply granular access controls. Data-centric security is a vital approach to protect your data dynamically. It enables you to have more flexibility in managing your systems and networks by providing fine-grained access controls, which are more effective than traditional access controls. This framework is particularly critical in scenarios where not every user should have access to the entire data within their department. 3. Integrate with existing tech stack. Data-centric security is an effective way to protect a company\'s data from cyber threats. It can be added to existing infrastructure without disrupting normal operations or requiring drastic changes. This allows companies to gradually improve their security measures while freeing up resources for other purposes. Benefits of data-centric security As data becomes increasingly valuable as a competitive advantage, organizations have | Data Breach Tool Vulnerability Cloud | ★★ | |
|
2023-12-13 10:00:00 | Le ministère britannique de la Défense a été condamné à une infraction aux données afghans UK Ministry of Defence Fined For Afghan Data Breach (lien direct) |
L'ICO a infligé une amende du ministère de la Défense après qu'une violation de données par e-mail a mis des vies en danger
The ICO has fined the Ministry of Defence after an email data breach put lives in danger |
Data Breach | ★★ | |
|
2023-12-13 00:00:00 | Le ministère britannique de la Défense condamné à une amende de 440 000 $ pour une violation des données d'évacuation afghane UK Ministry of Defence fined $440K for Afghan evacuation data breach (lien direct) |
Le ministère de la Défense du Royaume-Uni a été condamné à une amende et à 350 000 (environ 440 000 $) pour son incapacité à protéger les informations des Afghans qui ont travaillé avec le gouvernement britannique et ont demandé une délocalisation peu de temps après que les talibans ont pris le contrôle de l'Afghanistan en 2021.Le bureau du commissaire à l'information (ICO) a déclaré qu'il émettait l'amende parce que l'erreur «pourrait
The United Kingdom\'s Ministry of Defence has been fined £350,000 (about $440,000) for its failure to protect the information of Afghans who worked with the British government and sought relocation shortly after the Taliban took control of Afghanistan in 2021. The Information Commissioner\'s Office (ICO) said it is issuing the fine because the mistake “could |
Data Breach | ★★ | |
 |
2023-12-12 22:15:48 | Toyota avertit des informations financières personnelles et financières peuvent avoir été exposées dans la violation de données Toyota Warns Personal, Financial Info May Have Been Exposed In Data Breach (lien direct) |
Toyota Financial Services (TFS), une filiale financière de la populaire constructeur automobile Toyota Motor Corporation, avertit les clients qu'il a subi une violation de données qui a exposé les informations personnelles, y compris les informations de compte bancaire, dans l'attaque (via BleepingComputer ). Pour ceux qui ne le savent pas, certains des systèmes de TFS \\ en Europe et en Afrique ont subi une attaque de ransomware le mois dernier. The Medusa Ransomware Gang Responsabilité affirmée pourL'attaque et les TF répertoriés comme site de fuite de données sur le Web Dark. Le groupe a exigé que l'entreprise paie une rançon de 8 millions de dollars américains en 10 jours pour supprimer les données qui auraient été volées à la société japonaise, avec la possibilité de payer 10 000 $ pour une extension de jour. . Pour soutenir sa réclamation, le gang de ransomware a également publié des captures d'écran de plusieurs documents, aux côtés d'une arborescence de fichiers de toutes les données exfiltrées. Il comprenait des documents financiers, des feuilles de calcul, des mots de passe du compte hachée, des factures d'achat, des analyses de passeport, des identifiants utilisateur en texte clair et des mots de passe, des adresses e-mail du personnel, des graphiques d'organisation interne, des rapports de performances financières, des accords, et plus encore. «Toyota Motor Corporation est un fabricant d'automobile multinational japonais dont le siège est à Toyota City, Aichi, Japon.Toyota est l'un des plus grands constructeurs automobiles au monde, produisant environ 10 millions de véhicules par an », a déclaré le site de fuite de Medusa \\, qui comprenait une brève description du piratage. «Les données divulguées proviennent de Toyota Financial Services en Allemagne.Toyota Deutschland GmbH est une société affiliée détenue par Toyota Motor Europe (TME) à Bruxelles / Belgique et située à K & OUML; LN (Cologne). » Suite à la menace de fuite de données par Medusa Ransomware, un porte-parole de Toyota a confirmé à BleepingComputer qu'il a détecté un accès non autorisé sur certains de ses systèmes en Europe et en Afrique. À l'époque, TFS n'a confirmé pas si l'une de ses données avait été volée dans la violation, mais a déclaré qu'elle avait pris des systèmes hors ligne pour atténuer les risques et aider ses enquêtes. Il semble que Toyota n'a pas cédé aux demandes du gang de ransomware de Medusa, car toutes les données divulguées ont été publiées sur le portail d'extorsion de Medusa & # 8217; Plus tôt ce mois-Germany-Toyota-KreditBank-GmbH-2 / Texte "Data-Wpel-Link =" External "rel =" Nofollow Noopener NoreFerrer "> Identifié comme l'une des divisions affectées, admettant que certains fichiers TKG étaient accessibles parpirates pendant l'attaque. Les lettres de notification de violation qui ont été envoyées en allemand aux clients touchés de Toyota \\ ont été accessibles par le point de presse allemand heise . Il les informe que les informations compromises dans la violation de données sur la base de l'enquête en cours comprennent les noms de premier et de famille, les adresses résidentielles, les informations du contrat, les détails de l'achat de location et Iban (numéro de compte bancaire international). Étan | Ransomware Data Breach Hack Threat | ★★★ | |
|
2023-12-12 15:30:00 | Les défauts de sécurité généralisés blâmés pour la violation des données de la police d'Irlande du Nord Widespread Security Flaws Blamed for Northern Ireland Police Data Breach (lien direct) |
Un examen indépendant de la violation des données du PSNI d'août 2023 a trouvé des défaillances de sécurité majeures dans les systèmes informatiques du service de police
An independent review of the August 2023 PSNI data breach found major security failings in the police department\'s IT systems |
Data Breach | ★★ | |
 |
2023-12-12 13:46:05 | Les flics d'Irlande du Nord comptent le coût humain de la violation de données Northern Ireland cops count human cost of August data breach (lien direct) |
Les officiers potentiellement ciblés par les dissidents ne peuvent pas se permettre de déménager pour leur sécurité, tandis que d'autres cherchent un soutien à changer leurs noms un examen officiel du service de police des \\ \\ \'s du nord (s (PSNI) La violation des données d'août a révélé l'étendue complète de l'impact sur le personnel.… | Data Breach | ★★ | |
 |
2023-12-12 11:15:00 | Facteur clé de pratique de protection des données obsolètes dans la violation des données PSNI Outdated data protection practice key factor in PSNI data breach (lien direct) |
Les officiers potentiellement ciblés par les dissidents ne peuvent pas se permettre de déménager pour leur sécurité, tandis que d'autres cherchent un soutien à changer leurs noms un examen officiel du service de police des \\ \\ \'s du nord (s (PSNI) La violation des données d'août a révélé l'étendue complète de l'impact sur le personnel.… | Data Breach | ★★ | |
 |
2023-12-12 10:22:07 | Le FBI émet des conseils pour retarder la divulgation de violation de données requise par la SEC FBI Issues Guidance for Delaying SEC-Required Data Breach Disclosure (lien direct) |
> Le FBI a émis des conseils pour les exigences de déclaration des violations de données SEC et comment les divulgations peuvent être retardées.
>The FBI has issued guidance for SEC data breach reporting requirements and how disclosures can be delayed. |
Data Breach | ★★ | |
|
2023-12-11 12:50:49 | Le géant du stockage à froid Americold révèle la violation des données après l'attaque de logiciels malveillants d'avril Cold storage giant Americold discloses data breach after April malware attack (lien direct) |
Le géant du stockage et de la logistique à froid, Americold a confirmé que plus de 129 000 employés et leurs personnes à charge se sont fait voler leurs informations personnelles lors d'une attaque en avril, affirmé plus tard par Cactus Ransomware.[...]
Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware. [...] |
Ransomware Data Breach Malware | ★★ | |
|
2023-12-11 11:46:05 | 23andMe répond à la violation avec de nouvelles conditions d'utilisateur limitant la combinaison 23andMe responds to breach with new suit-limiting user terms (lien direct) |
Aussi: \\ 'Bay Area bien connu Tech Tech \' Firm \'s Ordays volé et consultez certaines vulns critiques Sécurité en bref la saga de23andMe \'s Mega Data Breach est parvenue à une conclusion, la société affirmant que sa sonde a déterminé que des millions de dossiers divulgués provenaient de casse-nins illicites en seulement 14 000 comptes.…
Also: \'well-known Bay Area tech\' firm\'s laptops stolen and check out some critical vulns Security in brief The saga of 23andMe\'s mega data breach has reached something of a conclusion, with the company saying its probe has determined millions of leaked records originated from illicit break-ins into just 14,000 accounts.… |
Data Breach | ★★ | |
|
2023-12-11 11:00:00 | HHS convient à 480 000 $ de règlement avec Louisiana Medical Group pour une violation de données HHS agrees to $480,000 settlement with Louisiana medical group over data breach (lien direct) |
Le Département américain de la Santé et des Services sociaux (HHS) a accepté un Settlement de 480 000 $ avec le groupe médical basé en Louisiane Lafourche Medical Group à la suite d'une cyberattaque de 2021 qui a exposé les informations sensibles de près de 35 000 personnes.En plus de la sanction monétaire, la société a accepté de subir des audits périodiques de HHS pendant deux ans.HHS a noté
The U.S. Department of Health and Human Services (HHS) agreed to a settlement of $480,000 with Louisiana-based medical group Lafourche Medical Group following a 2021 cyberattack that exposed the sensitive information of nearly 35,000 people. In addition to the monetary penalty, the company agreed to undergo periodic audits by HHS for two years. HHS noted |
Data Breach Medical | ★★ | |
|
2023-12-11 10:32:16 | Toyota avertit les clients de la violation de données exposant des informations financières personnelles Toyota warns customers of data breach exposing personal, financial info (lien direct) |
Toyota Financial Services (TFS) avertit les clients qu'il a subi une violation de données, déclarant que des données personnelles et financières sensibles ont été exposées dans l'attaque.[...]
Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. [...] |
Data Breach | ★★★ | |
|
2023-12-08 18:28:18 | Norton Healthcare révèle la violation des données après l'attaque des ransomwares en mai Norton Healthcare discloses data breach after May ransomware attack (lien direct) |
Le Kentucky Health System Norton Healthcare a confirmé qu'une attaque de ransomware en mai a exposé des informations personnelles appartenant aux patients, aux employés et aux personnes à charge.[...]
Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. [...] |
Ransomware Data Breach Medical | ★★★ | |
|
2023-12-07 17:28:40 | Étude de violation des données sur les commissions d'Apple pour mettre en évidence le besoin de chiffrement de bout en bout Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption (lien direct) |
> Une étude commandée par Apple montre que 2,6 milliards de dossiers de données personnelles ont été compromis en violations au cours des deux dernières années.
>A study commissioned by Apple shows that 2.6 billion personal data records were compromised in breaches in the past two years. |
Data Breach Studies | ★★ | |
|
2023-12-07 15:40:20 | 23andMe met à jour le contrat d'utilisateur pour empêcher les poursuites contre les violations de données 23andMe updates user agreement to prevent data breach lawsuits (lien direct) |
Alors que le fournisseur de tests génétiques 23andMe fait face à plusieurs poursuites pour une attaque de bourrage d'identification d'octobre qui a conduit au vol de données clients, la société a modifié ses conditions d'utilisation pour rendre plus difficile la poursuite de l'entreprise.[...]
As Genetic testing provider 23andMe faces multiple lawsuits for an October credential stuffing attack that led to the theft of customer data, the company has modified its Terms of Use to make it harder to sue the company. [...] |
Data Breach | ★★★ | |
|
2023-12-07 13:20:00 | Stanley Steemer dit que près de 68 000 personnes touchées par une violation de données en mars Stanley Steemer says nearly 68,000 people affected by data breach in March (lien direct) |
Le géant du nettoyage des tapis, Stanley Steemer, a déclaré que près de 68 000 personnes avaient été touchées par une cyberattaque que l'entreprise a connue en mars.Dans des documents déposée avec régulateurs dans le MAISE,L'entreprise de nettoyage basée à l'Ohio a déclaré que les pirates ont fait irruption dans ses systèmes le 10 février et ont été découverts le 6 mars. «Stanley Steemer a entrepris un examen complet du contenu du
Carpet cleaning giant Stanley Steemer said nearly 68,000 people were affected by a cyberattack the company experienced in March. In documents filed with regulators in Maine, the Ohio-based cleaning business said hackers broke into its systems on February 10 and were discovered on March 6. “Stanley Steemer undertook a comprehensive review of the contents of |
Data Breach | ★★ | |
|
2023-12-07 10:30:00 | Quatre-vingt-dix pour cent des sociétés d'énergie subissent une violation de données des fournisseurs Ninety Percent of Energy Companies Suffer Supplier Data Breach (lien direct) |
Quarante-trois des 48 plus grandes sociétés énergétiques du monde \\ ont été frappées par une violation de données tierces au cours de la dernière année
Forty-three of the world\'s 48 largest energy companies were hit by a third-party data breach over the past year |
Data Breach | ★★★★ | |
|
2023-12-06 08:54:38 | Nissan enquête sur la cyberattaque et la violation potentielle des données Nissan is investigating cyberattack and potential data breach (lien direct) |
Le constructeur automobile japonais Nissan enquête sur une cyberattaque qui ciblait ses systèmes en Australie et en Nouvelle-Zélande, ce qui peut avoir permis aux pirates d'accéder aux informations personnelles.[...]
Japanese car maker Nissan is investigating a cyberattack that targeted its systems in Australia and New Zealand, which may have let hackers access personal information. [...] |
Data Breach | ★★★ | |
 |
2023-12-05 23:54:14 | La violation de données 23andMe continue de spirale The 23andMe Data Breach Keeps Spiraling (lien direct) |
23andMe a fourni plus d'informations sur la portée et l'échelle de sa violation récente, mais avec ces détails, des questions plus sans réponse.
23andMe has provided more information about the scope and scale of its recent breach, but with these details come more unanswered questions. |
Data Breach | ★★★ | |
|
2023-12-05 17:45:00 | Hershey met en garde contre la violation des données après l'attaque de phishing Hershey warns of data breach following phishing attack (lien direct) |
Le fabricant américain de bonbons populaires tels que Kit Kat et Reese \\’s Peanut Butter Cups a déclaré aux régulateurs que plus de 2 200 personnes ont été potentiellement affectées par une violation de données après que les pirates aient eu accès à certains comptes de messagerie de la société.The Hershey Company soumis Une notification de sécurité àVendredi, le procureur général du Maine \\
The American manufacturer of popular sweets such as Kit Kat and Reese\'s Peanut Butter Cups told regulators that more than 2,200 people were potentially affected by a data breach after hackers gained access to some of the company\'s email accounts. The Hershey Company submitted a security notification to the Maine Attorney General\'s office on Friday |
Data Breach | ★★ | |
 |
2023-12-04 20:00:00 | 23andMe: la violation des données était une attaque de compensation 23andMe: Data Breach Was a Credential-Stuffing Attack (lien direct) |
La société d'essais ADN estime que l'attaque a maintenant été contenue et note les individus touchés.
The DNA testing company believes that the attack has now been contained and is notifying impacted individuals. |
Data Breach | ★★★ | |
|
2023-12-04 13:00:00 | L'Université DePauw met en garde contre la violation des données comme des attaques de ransomwares contre les collèges DePauw University warns of data breach as ransomware attacks on colleges surge (lien direct) |
L'Université DePauw a averti cette semaine les étudiants que leurs informations personnelles pourraient avoir été accessibles par des pirates qui ont attaqué l'école.Le journal de l'école a rapporté que le 27 novembre, les élèves actuels et potentiels ont reçu des lettres notifiant les lettreseux d'une fuite de données et leur fournissant un an de services de protection d'identité gratuits.Les arts libéraux
DePauw University warned students this week that their personal information may have been accessed by hackers who attacked the school. The school newspaper reported that on November 27, current and prospective students were sent letters notifying them of a data leak and providing them with one year of free identity protection services. The liberal arts |
Ransomware Data Breach | ★★ | |
|
2023-12-04 11:49:08 | Applications de santé mentale: peuvent-ils faire confiance? Mental Health Apps: Can They Be Trusted? (lien direct) |
In the past few years, mental health apps have witnessed massive growth thanks to their potential to fix a multitude of mental health-related problems.
That said, they are not the best when it comes to managing and securing highly sensitive personal data.
Mental health apps with millions of downloads have been found guilty of selling, misusing, and leaking sensitive data of their users.
In this article, we have shared everything you need to know about the countless privacy concerns associated with mental health apps.
Let’s see if you can trust any mainstream mental health app or if they are all the same.
What Are Mental Health Apps? The name says it all, mental health apps offer tools, activities, and support to help cure serious problems like anxiety, depression, ADHD, Bipolar Disorder, substance abuse, and many more. While mental health apps can’t replace an actual doctor, they have been found to be quite effective in multiple instances. 
On the surface, mental health apps seem to be quite useful for the well-being of users, but you will be surprised to know that the research from Private Internet Access revealed that many mainstream apps fail to protect the privacy and security of their users.
Let’s get into details and discuss all of the problems associated with mental health apps and see how they have become the biggest data-harvesting machines.
Are Mental Health Apps Spying on You? Unlike other mainstream apps, mental health apps require substantially more information about their users for the app to function properly. |
Data Breach Tool Threat Medical | ★★★ | |
 |
2023-12-03 10:02:47 | Détecté: Base de données prétendument divulguée de la radio Web 63 Detected: Allegedly leaked database of WEB RADIO 63 (lien direct) |
Catégorie: Contenu de la violation de données: JONECT ACTOR prétend avoir obtenu la base de données de Webradio63, une entreprise italienne.Source: OpenWeb Source Link: https://breachforums.is/thread-italy-webradio63-it-database Menace Actor: Ashly01 VICTICOLOGIE COUNTRAL: Italie Industrie: Musique Organisation: Web Radio 63
Category: Data Breach Content: Threat actor claims to have obtained the database of webradio63, an Italian company. Source: openweb Source Link: https://breachforums.is/Thread-Italy-webradio63-it-Database Threat Actor: Ashly01 Victimology Country : Italy Industry : Music Organization : web radio 63 |
Data Breach Threat | ★ | |
|
2023-12-03 09:51:23 | Détecté: vente présumée du ministère saoudien des données de la santé Detected: Alleged sale of Saudi Ministry of Health data (lien direct) |
Catégorie: Contenu de la violation de données: Jenage Actor prétend avoir obtenu environ 27 Go de données de Prince Sultan Military Medical City (PSMMC) anciennement connues sous le nom d'hôpital militaire de Riyad qui est situé dans la ville de Riyad et qui les vend sur un forum de cybercriminalité.Source: OpenWeb Source Link: https://breachforums.is/thread-saudi-arabia-psmmc-med-sa menace acteur: BPP victimologie Pays: industrie de l'Arabie saoudite [& # 8230;]
Category: Data Breach Content: Threat actor claims to have obtained about 27 GB of Prince Sultan Military Medical City (PSMMC) data formerly known as Riyadh Military Hospital that is located in Riyadh City and is selling it on a cybercrime forum. Source: openweb Source Link: https://breachforums.is/Thread-Saudi-Arabia-psmmc-med-sa Threat Actor: Bpp Victimology Country : Saudi Arabia Industry […] |
Data Breach Threat Medical | ★ | |
|
2023-12-03 09:10:28 | Détecté: vente présumée de l'accès à la modernisation informatique fédérale Reisystems Detected: Alleged sale of access to the Federal IT Modernization ReiSystems (lien direct) |
Catégorie: Contenu de la violation de données: Le menace acteur prétend avoir obtenu l'accès aux reisystèmes fédéraux de modernisation informatique et les vend sur un forum de cybercriminalité.Source: OpenWeb Source Link: https: //BreachForums.is/thread-selling-cyber-niggers--federal-it-modernisation-reisystems-access menace acteur: aegis victimology non défini: non défini indéfini: non défini indéfini: indéfini
Category: Data Breach Content: Threat actor claims to have obtained the access to the Federal IT Modernization ReiSystems and is selling it on a cybercrime forum. Source: openweb Source Link: https://breachforums.is/Thread-SELLING-Cyber-Niggers-Federal-IT-Modernization-ReiSystems-Access Threat Actor: Aegis Victimology undefined : undefined undefined : undefined undefined : undefined |
Data Breach Threat | ★ | |
|
2023-12-03 07:58:27 | Détecté: Base de données prétendument divulguée de Bharat Sanchar Nigam Limited (BSNL) Detected: Allegedly leaked Database of Bharat Sanchar Nigam Limited (BSNL) (lien direct) |
Catégorie: Contenu de la violation de données: JONECT ACTOR prétend avoir obtenu la base de données de Bharat Sanchar Nigam Limited, la 4e société de télécommunications les plus populaires.Source: OpenWeb Source Link: https://breachforums.is/thread-selling-bharat-sanchar-nigam-limited-telecom menace acteur: Perell victimology Pays: India industrie: réseau & # 038;Organisation des télécommunications: Bharat Sanchar Nigam Limited
Category: Data Breach Content: Threat actor claims to have obtained the database of Bharat Sanchar Nigam Limited, India’s 4th most popular telecommunications company. Source: openweb Source Link: https://breachforums.is/Thread-SELLING-Bharat-Sanchar-Nigam-Limited-Telecom Threat Actor: perell Victimology Country : India Industry : Network & Telecommunications Organization : bharat sanchar nigam limited |
Data Breach Threat | ★ | |
|
2023-12-03 07:23:32 | Détecté: Base de données de site Web d'activité ukrainien qui aurait divulgué Detected: Allegedly leaked Ukrainian Business Website Database (lien direct) |
Catégorie: Contenu de la violation de données: Jenage Actor prétend avoir obtenu la base de données d'un site Web d'entreprise ukrainien.Les données revendiquées incluent des identifiants, des noms, des mots de passe, des informations IP, etc. Source: OpenWeb Source Link: https://breachforums.is/thread-selling-ukrainian-business-website-database menace acteur: spoofer victimology Pays: Ukraine Industrie:Organisation non définie: Glyanets
Category: Data Breach Content: Threat actor claims to have obtained the database of a Ukrainian Business Website. The claimed data include IDs, names, passwords, IP info, etc. Source: openweb Source Link: https://breachforums.is/Thread-SELLING-Ukrainian-Business-Website-Database Threat Actor: Spoofer Victimology Country : Ukraine Industry : undefined Organization : glyanets |
Data Breach Threat | ★★ | |
|
2023-12-03 03:27:53 | Détecté: aurait divulgué la base de données de Baroda U.P.Banque de gramin Detected: Allegedly leaked the database of Baroda U.P. Gramin Bank (lien direct) |
Catégorie: Contenu de la violation de données: Jenage Actor annonce la vente non autorisée de l'accès au site Web BRKGB.com, qui comprend un shell Web, un accès racine FTP et des bases de données.Source: OpenWeb Source Link: https://breachforums.is/thread-selling-india-brkgb-com-baroda-bank-webshell-ftp-25gb-data menace acteur: ddarknotevil victimology Pays: Inde industrie: Banking & # 038;Organisation hypothécaire: Baroda U.P.banque de gramin
Category: Data Breach Content: Threat actor is advertising the unauthorized sale of access to the brkgb.com website, which includes a web shell, FTP root access, and databases. Source: openweb Source Link: https://breachforums.is/Thread-SELLING-India-brkgb-com-Baroda-Bank-WebShell-FTP-25GB-Data Threat Actor: Ddarknotevil Victimology Country : India Industry : Banking & Mortgage Organization : baroda u.p. gramin bank |
Data Breach Threat | ★ | |
|
2023-12-03 02:09:30 | Détecté: violation de données présumée de drt.etribunals.gov.in Detected: Alleged data breach of drt.etribunals.gov.in (lien direct) |
Catégorie: Contenu de la violation de données: le groupe prétend avoir accédé à la base de données du Tribunal d'appel de la reprise de la dette en Inde et obtenu des informations détaillées sur 27 598 utilisateurs, y compris les noms, les adresses, les coordonnées, etc..Me / Anonymous_algeria / 261 ACTOR DE MONAGNE: ANONYME ALYGERIA VICTICOLOGIE PAYS: India Industrie: Organisation d'administration gouvernementale: Debts Recovery Appellate Tribunal
Category: Data Breach Content: Group claims to have accessed the database of the Debt Recovery Appellate Tribunal in India and obtained detailed information on 27,598 users, including names, addresses, contact information, etc. Source: telegram Source Link: https://t.me/Anonymous_Algeria/261 Threat Actor: Anonymous Algeria Victimology Country : India Industry : Government Administration Organization : debts recovery appellate tribunal |
Data Breach Threat | ★ | |
|
2023-12-03 01:38:42 | Détecté: la base de données universitaire de Tel Aviv aurait divulgué Detected: Academic College of Tel Aviv database allegedly leaked (lien direct) |
Catégorie: Contenu de la violation de données: le groupe prétend avoir un accès non autorisé à la base de données du College de Tel Aviv, y compris le code source et la base de données.Source: Télégramme Source Lien: https://t.me/cybertoufanbackup/69 Menace Actor: Cyber Toufan Operations victimology Pays: Israel Industrie: Education Organisation: The Academic College of Tel Aviv-Yaffo
Category: Data Breach Content: Group claims to have unauthorized access to the database of the Academic College of Tel Aviv, including the source code and database. Source: telegram Source Link: https://t.me/CyberToufanBackup/69 Threat Actor: Cyber Toufan Operations Victimology Country : Israel Industry : Education Organization : the academic college of tel aviv-yaffo |
Data Breach Threat | ★ | |
|
2023-12-02 18:05:15 | Détecté: aurait divulgué la base de données de la Marine Biological Association Detected: Allegedly leaked the database of The Marine Biological Association (lien direct) |
Catégorie: Contenu de la violation de données: les prétendants de groupe ont accès aux données des organisations.Taille: 101.40MB Fichier: CSV-XLSX Source: Télégramme Source Lien: https://t.me/fakesec666/4074 ACTOR DE JONE: Infinite Insight.Id Victimology Pays: Royaume-Uni Industrie: Organisation de l'industrie de la recherche: The Marine Biological Association
Category: Data Breach Content: Group claims to have access to the organizations data. Size: 101.40MB File: csv-xlsx Source: telegram Source Link: https://t.me/fakesec666/4074 Threat Actor: INFINITE INSIGHT.ID Victimology Country : UK Industry : Research Industry Organization : the marine biological association |
Data Breach Threat | ★ | |
|
2023-12-02 08:16:44 | Détecté: Base de données prétendument divulguée de la Commission nationale de la santé de la République de Chine du peuple Detected: Allegedly leaked database of National Health Commission of the People\\'s Republic of China (lien direct) |
Catégorie: Contenu de la violation de données: Le menace acteur prétend avoir obtenu la base de données de la République de Chine de la Commission nationale de la santé, le Département exécutif du Cabinet du Conseil d'État du peuple de la République de Chine qui est qui est qui est qui est qui est qui est qui est qui est la République de Chine qui estResponsable de formuler des politiques de santé nationales.La base de données divulguée contient (patient & # 8217; s) nom complet, carte d'identité / numéro de passeport, numéro de téléphone, physique [& # 8230;]
Category: Data Breach Content: Threat actor claims to have obtained database of National Health Commission of the People’s Republic of China, a cabinet-level executive department of the State Council of the People’s Republic of China which is responsible for formulating national health policies. The leaked database contains (Patient’s)Full Name, ID Card/Passport Number, Phone Number, Physical […] |
Data Breach Threat | ★★★ | |
|
2023-12-02 07:59:10 | Détecté: Base de données de la société de groupes de vie de luxe divulguée \\ au Vietnam Detected: Allegedly leaked Luxury living group branch company\\'s database in Vietnam (lien direct) |
Catégorie: Contenu de la violation de données: JONECT ACTOR prétend avoir obtenu une base de données entière de taille 27 Go des entreprises de succursales de Luxury Living Group Group au Vietnam.Source: OpenWeb Source Link: https://breachforums.is/thread-luxurylivinggroup-com-database-11-11-2023- Vietnam?pid=274830#pid274830 Actor de menace: Robinhouse0xc4 VICTIVERALY PAYSE: Vietnam Industrie: Luxury Goods & # 038;Organisation des bijoux: groupe de vie de luxe
Category: Data Breach Content: Threat actor claims to have obtained entire database of size 27 GB from branch companies of Luxury Living Group group in Vietnam. Source: openweb Source Link: https://breachforums.is/Thread-Luxurylivinggroup-com-Database-11-11-2023-VIETNAM?pid=274830#pid274830 Threat Actor: robinhouse0xc4 Victimology Country : Vietnam Industry : Luxury Goods & Jewelry Organization : luxury living group |
Data Breach Threat | ★ | |
|
2023-12-02 07:40:53 | Détecté: violation présumée de données de la société SDME Detected: Alleged data breach of SDME Society (lien direct) |
* Catégorie *: Contenu de la violation de données: le groupe prétend avoir acquis un accès non autorisé au format sdmesociety.in: SQL Source: Télégramme Source Lien: https://t.me/cyberrorrorsystem/1030 Acteur de menace: Système de cyber-erreIndustrie: Organisation de l'éducation: SDM Educational Society Ujire
*Category*: Data Breach Content: Group claims to have gained unauthorized access to the sdmesociety.in Format: sql Source: telegram Source Link: https://t.me/cybererrorsystem/1030 Threat Actor: Cyber Error System Victimology Country : India Industry : Education Organization : sdm educational society ujire |
Data Breach Threat | ★ | |
|
2023-11-30 11:30:00 | Dollar Tree affecté par la violation de données Zeroedin affectant 2 millions de personnes Dollar Tree Impacted by ZeroedIn Data Breach Affecting 2 Million Individuals (lien direct) |
> Zeroedin indique que les informations personnelles de 2 millions de personnes ont été compromises dans une violation de données d'août 2023 qui a un impact sur les clients tels que Dollar Tree.
>ZeroedIn says personal information of 2 million individuals was compromised in an August 2023 data breach that impacts customers such as Dollar Tree. |
Data Breach | ★★ | |
|
2023-11-29 17:01:05 | Le dilemme de la violation des données OKTA nalise les estimations antérieures Okta data breach dilemma dwarfs earlier estimates (lien direct) |
Tous Les utilisateurs du support client ont déclaré que leurs informations avaient été consultées après l'analyse de la surveillance Okta a admis que le nombre de clients affectés par sa violation de données du système de support client d'octobre est bien supérieur à celle deprécédemment pensé.…
All customer support users told their info was accessed after analysis oversight Okta has admitted that the number of customers affected by its October customer support system data breach is far greater than previously thought.… |
Data Breach | ★★ | |
|
2023-11-29 16:25:09 | Dollar Tree frappé par une violation de données tierce impactant 2 millions de personnes Dollar Tree hit by third-party data breach impacting 2 million people (lien direct) |
L'arbre en dollars de la chaîne de magasins de rabais a été touché par une violation de données tierce affectant 1 977 486 personnes après le piratage du fournisseur de services à zéro.[...]
Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people after the hack of service provider Zeroed-In Technologies. [...] |
Data Breach Hack | ★★ | |
 |
2023-11-29 15:56:21 | Personne ne sait comment la société de pharmacie en ligne a été frappée par une violation de données impactant 2,3 millions de clients No One Knows How Online Pharmacy Company was Hit with a Data Breach Impacting 2.3 Million Customers (lien direct) |
Data Breach | ★★ | ||
|
2023-11-29 14:56:55 | Okta élargit la portée de la violation de données: tous les utilisateurs du support client affectés Okta Broadens Scope of Data Breach: All Customer Support Users Affected (lien direct) |
> Okta étend la portée de la violation d'octobre, affirmant que les pirates ont volé des noms et des adresses e-mail de tous ses utilisateurs du système de support client.
>Okta expands scope of October breach, saying hackers stole names and email addresses of all its customer support system users. |
Data Breach | ★★ | |
 |
2023-11-29 10:13:56 | La CISA répond à l'exploitation active des PLC Unitronics dans le secteur des systèmes d'eau et d'eaux usées CISA responds to active exploitation of Unitronics PLCs in water and wastewater systems sector (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a annoncé mardi qu'elle répondait à l'exploitation active de ...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced Tuesday that it is responding to active exploitation of... |
Data Breach Industrial | ★★★★ | |
|
2023-11-29 08:25:26 | Okta: la violation de données d'octobre affecte tous les utilisateurs du système de support client Okta: October data breach affects all customer support system users (lien direct) |
L'enquête d'Okta \\ sur la violation de son environnement du centre d'aide le mois dernier a révélé que les pirates ont obtenu des données appartenant à tous les utilisateurs du système de support client.[...]
Okta\'s investigation into the breach of its Help Center environment last month revealed that the hackers obtained data belonging to all customer support system users. [...] |
Data Breach | ★★ | |
|
2023-11-28 19:57:00 | L'ancien Uber Ciso s'exprime, après 6 ans, sur la violation de données, Solarwinds Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (lien direct) |
Joe Sullivan, épargné de prison, pèse sur les leçons tirées de la violation Uber 2016 et de l'importation de l'affaire Ciso de Solarwinds.
Joe Sullivan, spared prison time, weighs in on the lessons learned from the 2016 Uber breach and the import of the SolarWinds CISO case. |
Data Breach Legislation | Uber Uber | ★★★ |
To see everything:
Our RSS (filtrered)
