What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-05-25 16:12:22 | La violation des données chez Apria Healthcare affecte 2 millions de personnes maintenant informés Data Breach At Apria Healthcare Affects 2 Million People Now Notified (lien direct) |
Apria Healthcare, un fabricant d'équipements médicaux pour la maison, envoie des notifications de violation à environ deux millions de personnes dont les informations peuvent avoir été volées dans des violations de données en 2019 et 2021. Près de deux millions de personnes aux États-Unis comptent sur APRIA, ce qui fait de l'APRIA, ce qui fait de l'APRIA, ce qui fait de l'APRIA, ce qui réalise APRIA, ce qui fait de l'APRIA, ce qui a faitC'est l'un des meilleurs fournisseurs de respiratoires à domicile [& # 8230;]
Apria Healthcare, a manufacturer of medical equipment for the home, is sending out breach notifications to roughly two million people whose information may have been stolen in data breaches in 2019 and 2021. Close to two million people in the United States rely on Apria, making it one of the top providers of home respiratory […] |
Data Breach Medical | ★★ | |
 |
2023-05-22 15:18:00 | Près de 300 000 personnes touchées par la violation de données dans l'attaque des ransomwares de vaisselle Nearly 300,000 people affected by data breach in DISH ransomware attack (lien direct) |
A attaque de ransomware de février Contre la diffusion géante de la diffusion par satellite a divulgué les informations personnelles de près de 300 000 personnes, selon les documents réglementaires réalisés par la société la semaine dernière.Dish a confirmé qu'il avait été frappé par des ransomwares après avoir subi des pannes répandues .L'attaque a affecté les communications internes de Dish \\, les centres d'appels clients et les sites Web.L'entreprise a déclaré
A February ransomware attack against satellite broadcast giant DISH leaked the personal information of nearly 300,000 people, according to regulatory filings made by the company last week. DISH confirmed that it was hit with ransomware after it suffered widespread outages. The attack affected DISH\'s internal communications, customer call centers, and websites. The company told regulators |
Ransomware Data Breach | ★★ | |
 |
2023-05-22 14:43:40 | 22 mai & # 8211;Rapport de renseignement sur les menaces 22nd May – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes de cyber-recherche pour la semaine du 22 mai, veuillez télécharger nos principaux attaques et violations de Bulletin Menace_Intelligence, un fournisseur de services de pharmacie aux États-Unis, a révélé une violation de données ayant un impact sur environ 5,8 millions de ses patients.Le gang de ransomware du message monétaire a revendiqué l'attaque en avril et a menacé de fuir [& # 8230;]
>For the latest discoveries in cyber research for the week of 22nd May, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES PharMerica, a provider of pharmacy services across the U.S., disclosed a data breach impacting approximately 5.8 million of its patients. Money Message ransomware gang claimed the attack during April, and threatened to leak […] |
Ransomware Data Breach Threat | ★★ | |
|
2023-05-20 07:35:32 | Rattrapez les nouvelles et les événements de cette semaine \\ Catch Up On This Week\\'s News and Events (lien direct) |
Toyota: une violation de données tragiques, 2 millions de véhicules touchés pendant dix ans Toyota a révélé une violation de données il y a dix ans qui a eu un impact sur plus de 2 millions de voitures.La brèche a affecté leur service connecté basé sur le cloud, qui est limité aux voitures japonaises entre janvier 2012 et avril 2023. sans aucun problème signalé jusqu'à présent, les numéros d'identification des véhicules (VIN), [& # 8230;]
Toyota: Tragic Data Breach, 2 Million Vehicles Affected For Ten Years Toyota revealed a data breach from ten years ago that impacted over 2 million cars. The breach affected their cloud-based Connected service, which is limited to Japanese cars between January 2012 and April 2023. With no issues reported so far, vehicle identification numbers (VINs), […] |
Data Breach | ★★ | |
 |
2023-05-19 13:25:22 | Toyota Japan confirme une violation de sécurité d'une décennie affectant plus de 2 millions de clients Toyota Japan confirms decade-long security breach affecting more than 2M customers (lien direct) |
Japanese auto firm, Toyota, recently announced that a decade-long data breach in its online service has compromised information on more than 2 million vehicles at risk. Customers affected included those who signed up for the T-Connect network service between the beginning of 2012 until April 17. According to TechCrunch, Toyota said that the exposed data […]
Japanese auto firm, Toyota, recently announced that a decade-long data breach in its online service has compromised information on more than 2 million vehicles at risk. Customers affected included those who signed up for the T-Connect network service between the beginning of 2012 until April 17. According to TechCrunch, Toyota said that the exposed data […] |
Data Breach | ★★ | |
 |
2023-05-19 11:34:57 | Le réseau de vaisselle a probablement payé une rançon après une récente attaque de ransomware Dish Network likely paid ransom after recent ransomware attack (lien direct) |
Dish Network, an American television provider, most likely paid a ransom after being hit by a ransomware attack in February based on the wording used in data breach notification letters sent to impacted employees. [...]
Dish Network, an American television provider, most likely paid a ransom after being hit by a ransomware attack in February based on the wording used in data breach notification letters sent to impacted employees. [...] |
Ransomware Data Breach | ★★ | |
|
2023-05-19 09:37:23 | Luxottica confirms 2021 data breach after info of 70M leaks online (lien direct) | Luxottica has confirmed one of its partners suffered a data breach in 2021 that exposed the personal information of 70 million customers after a database was posted this month for free on hacking forums. [...]
Luxottica has confirmed one of its partners suffered a data breach in 2021 that exposed the personal information of 70 million customers after a database was posted this month for free on hacking forums. [...] |
Data Breach | ★★ | |
|
2023-05-18 16:10:00 | La société d'assurance oculaire accepte un règlement de 2,5 millions de dollars avec l'État AGS après une violation de données Eye insurance firm agrees to $2.5 million settlement with state AGs after data breach (lien direct) |
Un important fournisseur d'assurance oculaire paiera une amende de 2,5 millions de dollars après avoir réglé une action en justice de quatre États sur une violation de données de 2020 qui a exposé les informations personnelles d'environ 2,1 millions de personnes.Les procureurs généraux du New Jersey, Oregon, Floride et Pennsylvanie ont annoncé la colonie cette semaine avec des soins visuels yeux.L'entreprise a violé
A major eye insurance provider will pay a fine of $2.5 million after settling a lawsuit from four states about a 2020 data breach that exposed the personal information of about 2.1 million people. Attorneys general from New Jersey, Oregon, Florida and Pennsylvania announced the settlement this week with EyeMed Vision Care. The company violated |
Data Breach | ★★ | |
|
2023-05-17 11:48:00 | Capita accusé de stockage dangereux de données personnelles \\ 'suivant la violation des données Capita accused of \\'unsafe storage of personal data\\' following data breach (lien direct) |
Capita, la société d'externalisation britannique frappée par une attaque de ransomware en mars, fait face à une liste croissante de plaintes de clients après la révélation d'une autre violation de données.Le conseil municipal de Colchester, qui contracte Capita pour les services financiers, a accusé la société de «stockage dangereux des données personnelles» sur un incident historique qui est antérieur au ransomware
Capita, the British outsourcing company hit by a ransomware attack in March, is facing a growing list of complaints from customers following the revelation of another data breach. Colchester City Council, which contracts Capita for financial services, has accused the company of “unsafe storage of personal data” over an historical incident that predates the ransomware |
Ransomware Data Breach | ★★ | |
|
2023-05-16 10:32:14 | Discord subit une violation de données par un tiers compromis Discord Suffers Data Breach Through Compromised Third Party (lien direct) |
La plate-forme de médias sociaux populaire Discord a informé les utilisateurs qu'il a subi une violation de données après que le compte d'un agent de support \\ chez un tiers a été compromis.Une personne malveillante a ensuite acquis un accès non autorisé à la file d'attente d'assistance de l'agent \\, exposant les adresses e-mail des utilisateurs, les messages de prise en charge et les pièces jointes Discord envoyées via le système de billets.Discord & # 8211;qui a [& # 8230;]
Popular social media platform Discord has notified users it has suffered a data breach after a support agent\'s account at a third party became compromised. A malicious individual then gained unauthorised access to the agent\'s support queue, exposing user email addresses, Discord support messages and attachments sent via the ticket system. Discord – which has […] |
Data Breach | ★★★★ | |
|
2023-05-15 14:10:40 | Ransomware gang steals data of 5.8 million PharMerica patients (lien direct) | Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers. [...]
Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers. [...] |
Ransomware Data Breach Medical | ★★ | |
 |
2023-05-15 13:20:17 | Software Brightly Indiquant 3 millions d'utilisateurs de schoolde de violation de données Brightly Software Notifying 3 Million SchoolDude Users of Data Breach (lien direct) |
> Brightly Software a commencé à information d'environ trois millions d'utilisateurs que leurs informations personnelles ont été compromises dans une violation récente de données.
>Brightly Software has started informing roughly three million users that their personal information was compromised in a recent data breach. |
Data Breach | ★★ | |
|
2023-05-15 13:09:44 | Discord Informs Users of Data Breach Involving Customer Support Provider (lien direct) | > Les communications et la plate-forme sociale Discord informent les utilisateurs d'un cyber-incident impliquant un fournisseur de services tiers.
>Communications and social platform Discord is notifying users of a cyber incident involving a third-party services provider. |
Data Breach | ★★ | |
 |
2023-05-15 12:35:51 | La déconstruction de la sécurité des identités (lien direct) | >Selon le dernier rapport Data Breach Investigations de Verizon , 80 % des attaques d’applications Web de base (BWAA) sont initiées grâce à des identifiants compromis. Or, si la plupart des entreprises connaissent désormais les risques liés aux cybermenaces, beaucoup ne comprennent pas que le nombre d'identités numériques a augmenté de manière exponentielle. La transformation […] The post La déconstruction de la sécurité des identités first appeared on UnderNews. | Data Breach | ★★ | |
|
2023-05-15 10:54:38 | 5,8 millions de personnes touchées par la violation de données à Pharrica 5.8 Million People Affected by Data Breach at PharMerica (lien direct) |
Le 8 avril, l'organisation de ransomware de message monétaire a attaqué le National Pharmacy Network Pharmerica et sa société mère.L'activité de santé à domicile et communautaire BrightSpring Health.Les acteurs de la menace ont exposé des données de preuves, une déclaration a été obtenue auprès de BrightSpring, et des preuves et des allégations supplémentaires ont été obtenues par message monétaire.Message de l'argent a informé Databreaches le 14 avril [& # 8230;]
On April 8 that the Money Message ransomware organization attacked the national pharmacy network PharMerica and its parent company. The home and community healthcare business BrightSpring Health. Threat actors exposed evidence data, a statement was obtained from BrightSpring, and additional evidence and allegations were gained via Money Message. Money Message informed DataBreaches on April 14 […] |
Ransomware Data Breach Threat | ★★ | |
|
2023-05-15 10:40:51 | Pharrica révèle la violation des données ayant un impact sur 5,8 millions de personnes PharMerica Discloses Data Breach Impacting 5.8 Million Individuals (lien direct) |
> Les informations personnelles de plus de 5,8 millions ont été compromises dans une violation de données au National Pharmacy Network Pharmerica.
>The personal information of more than 5.8 million was compromised in a data breach at national pharmacy network PharMerica. |
Data Breach | ★★ | |
 |
2023-05-15 10:00:00 | CISOS: Comment améliorer la cybersécurité dans un paysage de menaces en constante évolution CISOs: How to improve cybersecurity in an ever-changing threat landscape (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The digital landscape is always changing to keep up with a constantly evolving world, and bad actors are also adapting. For every new development in the digital world, cybercriminals are looking to take advantage of weaknesses, so it is important that those concerned with the security of their organization’s network, data, and other assets stay vigilant and on top of trends. Everybody within an organization should work to establish and maintain good cybersecurity habits and measures, but much of the security burden falls on the chief information security officer (CISO). Below are some key insights for any CISO to take into consideration. Concerns and challenges Since the beginning of the COVID-19 pandemic three years ago, hybrid and remote working solutions have been rising in popularity. This should be a priority area: according to a report from Malwarebytes, 20% of companies reported that a remote worker had caused a security breach. In comparison, 55% cited training employees in security protocols as a major challenge in transitioning to work-from-home infrastructure. Because the shift to hybrid and remote work happened quickly and with an eye for ease of access over security, employees working offsite can pose a great risk to an organization if not provided with adequate cybersecurity training and policies. AI and machine learning are also on the rise, increasingly being utilized by businesses and cybercriminals alike. It is important to recognize that while AI enhancements can provide aid, there is no replacement for the human element in developing a cybersecurity strategy. Understanding and deploying AI and machine learning tools can not only help with fraud detection, spam filtering, and data leak prevention, but it can allow a security officer insight into cybercriminals’ use of the tools. Increasing awareness of the criminal toolkit and operations provides an opportunity to get ahead of threat trends and potentially prevent attacks and breaches. Another major issue is the shortage of qualified cybersecurity professionals leading to a significant struggle with recruitment and retention. In a Fortinet report, 60% of respondents said they were struggling to recruit cybersecurity talent, and 52% said they were struggling to retain qualified people. In the same survey, around two-thirds of organization leaders agreed that the shortage “creates additional risk.” Many factors work in tandem to perpetuate the problem, but the solution doesn’t have to be complicated. Ensuring your employees have a healthy work environment goes a long way, as well as tweaking hiring practices to select “adaptable, highly communicative and curious” people, as these traits make for an employee who will grow and learn with your company. Tips for improving cybersecurity One of the top priorities for CISOs should always be to ensure that all employees are properly trained in cyber hygiene and cybersecurity best practices. Insider threats are a serious issue with no easy solution, and a good number of those (more than half, according to one report) are mistakes due to negligence or ignorance. Traditional threat prevention solutions are often concerned with | Data Breach Spam Threat | ★★ | |
|
2023-05-12 16:01:53 | Toyota: les données sur plus de 2 millions de véhicules au Japon étaient en danger en une violation d'une décennie Toyota: Data on More Than 2 million Vehicles in Japan Were at Risk in Decade-Long Breach (lien direct) |
Une violation de données d'une décennie dans le service en ligne de Toyota \\ a mis des informations sur plus de 2 millions de véhicules à risque.
A decade-long data breach in Toyota\'s online service put some information on more than 2 million vehicles at risk. |
Data Breach | ★★ | |
|
2023-05-12 15:05:20 | Discord divulgue la violation des données après que l'agent d'assistance a été piraté Discord discloses data breach after support agent got hacked (lien direct) |
Discord informe les utilisateurs d'une violation de données qui s'est produite après que le compte d'un agent d'assistance tiers a été compromis.[...]
Discord is notifying users of a data breach that occurred after the account of a third-party support agent was compromised. [...] |
Data Breach | ★★ | |
|
2023-05-12 10:50:33 | Toyota: Données de localisation des voitures de 2 millions de clients exposés pendant dix ans Toyota: Car location data of 2 million customers exposed for ten years (lien direct) |
Toyota Motor Corporation a divulgué une violation de données sur son environnement cloud qui a exposé les informations sur l'auto de 2 150 000 clients pendant dix ans, entre le 6 novembre 2013 et le 17 avril 2023. [...]
Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023. [...] |
Data Breach Cloud | ★★ | |
 |
2023-05-11 18:20:00 | Des pirates nord-coréens derrière la violation des données de l'hôpital à Séoul North Korean Hackers Behind Hospital Data Breach in Seoul (lien direct) |
Data on more than 830K people exposed in the 2021 cyberattack.
Data on more than 830K people exposed in the 2021 cyberattack. |
Data Breach | ★★ | |
|
2023-05-11 16:25:25 | Avertit brillant de la violation de données Schooldude exposant les informations d'identification Brightly warns of SchoolDude data breach exposing credentials (lien direct) |
U.S. Tech Company et Siemens filiale Brightly Software informe les clients que leurs informations personnelles et leurs informations d'identification ont été volées par des attaquants qui ont eu accès à la base de données de sa plate-forme en ligne Schoolde.[...]
U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform. [...] |
Data Breach | ★★ | |
|
2023-05-10 18:00:00 | La violation de données SYSCO expose les données du client et des employés Sysco Data Breach Exposes Customer, Employee Data (lien direct) |
La société de distribution des aliments a d'abord appris la cyberattaque en mars 2023.
Food distribution company first learned of the cyberattack in March 2023. |
Data Breach | ★★ | |
|
2023-05-09 15:47:42 | Le géant de la distribution des aliments, Sysco, met en garde contre la violation des données après la cyberattaque Food distribution giant Sysco warns of data breach after cyberattack (lien direct) |
Sysco, une principale société mondiale de distribution alimentaire, a confirmé que son réseau avait été violé plus tôt cette année par des attaquants qui ont volé des informations sensibles, y compris les données commerciales, clients et employés.[...]
Sysco, a leading global food distribution company, has confirmed that its network was breached earlier this year by attackers who stole sensitive information, including business, customer, and employee data. [...] |
Data Breach | ★★ | |
 |
2023-05-09 13:00:00 | Cyberheistnews Vol 13 # 19 [Watch Your Back] Nouvelle fausse erreur de mise à jour Chrome Attaque cible vos utilisateurs CyberheistNews Vol 13 #19 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users (lien direct) |
CyberheistNews Vol 13 #19 | May 9th, 2023
[Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users
Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages.
"Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area."
The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner.
A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks.
This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them.
Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture.
Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages
A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation
Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more.
Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist, |
Ransomware Data Breach Spam Malware Tool Threat Prediction | NotPetya NotPetya APT 28 ChatGPT ChatGPT | ★★ |
|
2023-05-08 20:00:00 | 1M NextGen Patient Records compromis en violation de données 1M NextGen Patient Records Compromised in Data Breach (lien direct) |
Les opérateurs de ransomware BlackCat auraient volé les données sensibles.
BlackCat ransomware operators reportedly stole the sensitive data. |
Ransomware Data Breach | ★★ | |
|
2023-05-08 16:29:00 | Pourquoi le \\ 'pourquoi \\' d'une violation de données est important Why the \\'Why\\' of a Data Breach Matters (lien direct) |
Les motivations d'un attaquant aident à établir les protections à mettre en place pour protéger les actifs.
The motivations of an attacker help establish what protections to put into place to protect assets. |
Data Breach | ★★ | |
|
2023-05-08 10:52:53 | 1 Million Impacted by Data Breach at NextGen Healthcare (lien direct) | >NextGen Healthcare is informing roughly 1 million individuals that their personal information was compromised in a data breach.
>NextGen Healthcare is informing roughly 1 million individuals that their personal information was compromised in a data breach. |
Data Breach | ★★ | |
|
2023-05-07 12:10:45 | Western Digital dit que les pirates ont volé les données clients en mars cyberattaque Western Digital says hackers stole customer data in March cyberattack (lien direct) |
Western Digital a pris son magasin hors ligne et a envoyé des notifications de violation de données aux clients après avoir confirmé que les pirates ont volé des informations personnelles sensibles dans une cyberattaque de mars.[...]
Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack. [...] |
Data Breach | ★★ | |
|
2023-05-05 18:53:00 | Le juge épargne l'ancienne peine d'emprisonnement de l'Uber Ciso au cours des accusations de violation de données 2016 Judge Spares Former Uber CISO Jail Time Over 2016 Data Breach Charges (lien direct) |
Dites à d'autres «vous avez une pause» de Ciso \\ », dit le juge en exerçant une peine de probation de trois ans à Joseph Sullivan.
Tell other CISO\'s "you got a break," judge says in handing down a three-year probation sentence to Joseph Sullivan. |
Data Breach | Uber Uber | ★★ |
|
2023-05-05 00:35:45 | L'ancien Uber CSO Joe Sullivan évite la peine de prison sur la dissimulation de la violation des données Former Uber CSO Joe Sullivan Avoids Prison Time Over Data Breach Cover-Up (lien direct) |
> L'ancien chef de la sécurité d'Uber, Joe Sullivan, a été condamné à la probation et au service communautaire pour couvrir la violation des données subie par le géant du covoiturage en 2016.
>Former Uber security chief Joe Sullivan was sentenced to probation and community service for covering up the data breach suffered by the ride-sharing giant in 2016. |
Data Breach | Uber Uber | ★★ |
 |
2023-05-04 16:45:00 | Pourquoi les choses que vous ne savez pas sur le Web sombre sont peut-être votre plus grande menace de cybersécurité Why the Things You Don\\'t Know about the Dark Web May Be Your Biggest Cybersecurity Threat (lien direct) |
Les équipes informatiques et de cybersécurité sont tellement inondées de notifications de sécurité et d'alertes dans leurs propres systèmes, il est difficile de surveiller les environnements malveillants externes & # 8211;ce qui ne fait que les rendre beaucoup plus menaçants.
En mars, une violation de données de haut niveau a fait la une des journaux nationaux lorsque des informations personnellement identifiables liées à des centaines de législateurs et de personnel ont été divulguées sur la toile sombre.Le
IT and cybersecurity teams are so inundated with security notifications and alerts within their own systems, it\'s difficult to monitor external malicious environments – which only makes them that much more threatening. In March, a high-profile data breach hit national headlines when personally identifiable information connected to hundreds of lawmakers and staff was leaked on the dark web. The |
Data Breach Threat | ★★ | |
|
2023-05-03 10:33:29 | La violation des données de Brightline a un impact sur la santé mentale pédiatrique des patients atteints de santé mentale pédiatrique Brightline data breach impacts 783K pediatric mental health patients (lien direct) |
Le fournisseur de santé mentale pédiatrique Brightline avertit les patients qu'il a subi une violation de données ayant un impact sur 783 606 personnes après un gang de ransomware a volé des données en utilisant une vulnérabilité zéro-jour dans sa plate-forme de partage de fichiers sécurisée MFT de Fortra Goanywhere.[...]
Pediatric mental health provider Brightline is warning patients that it suffered a data breach impacting 783,606 people after a ransomware gang stole data using a zero-day vulnerability in its Fortra GoAnywhere MFT secure file-sharing platform. [...] |
Ransomware Data Breach Vulnerability | ★★★ | |
|
2023-05-03 10:00:00 | En regardant un test de pénétration à travers les yeux d'une cible Looking at a penetration test through the eyes of a target (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Analyzing an organization’s security posture through the prism of a potential intruder’s tactics, techniques, and procedures (TTPs) provides actionable insights into the exploitable attack surface. This visibility is key to stepping up the defenses of the entire digital ecosystem or its layers so that the chance of a data breach is reduced to a minimum. Penetration testing (pentesting) is one of the fundamental mechanisms in this area. The need to probe the architecture of a network for weak links through offensive methods co-occurred with the emergence of the “perimeter security” philosophy. Whereas pentesting has largely bridged the gap, the effectiveness of this approach is often hampered by a crude understanding of its goals and the working principles of ethical hackers, which skews companies’ expectations and leads to frustration down the line. The following considerations will give you the big picture in terms of prerequisites for mounting a simulated cyber incursion that yields positive security dividends rather than being a waste of time and resources. Eliminating confusion with the terminology Some corporate security teams may find it hard to distinguish a penetration test from related approaches such as red teaming, vulnerability testing, bug bounty programs, as well as emerging breach and attack simulation (BAS) services. They do overlap in quite a few ways, but each has its unique hallmarks. Essentially, a pentest is a manual process that boils down to mimicking an attacker’s actions. Its purpose is to find the shortest and most effective way into a target network through the perimeter and different tiers of the internal infrastructure. The outcome is a snapshot of the system’s protections at a specific point in time. In contrast to this, red teaming focuses on exploiting a segment of a network or an information / operational technology (IT/OT) system over an extended period. It is performed more covertly, which is exactly how things go during real-world compromises. This method is an extremely important prerequisite for maintaining OT cybersecurity, an emerging area geared toward safeguarding industrial control systems (ICS) at the core of critical infrastructure entities. Vulnerability testing, in turn, aims to pinpoint flaws in software and helps understand how to address them. Bug bounty programs are usually limited to mobile or web applications and may or may not match a real intruder’s behavior model. In addition, the objective of a bug bounty hunter is to find a vulnerability and submit a report as quickly as possible to get a reward rather than investigating the problem in depth. BAS is the newest technique on the list. It follows a “scan, exploit, and repeat” logic and pushes a deeper automation agenda, relying on tools that execute the testing with little to no human involvement. These projects are continuous by nature and generate results dynamically as changes occur across the network. By and large, there are two things that set pentesting aside from adjacent security activities. Firstly, it is done by humans and hinges on manual offensive tactics, for the most part. Secondly, it always presupposes a comprehensive assessment of the discovered security imperfections and prioritization of the fixes based on how critical the vulnerable infrastructure components are. Choosing a penetration testing team worth its salt Let’s zoom into what factors to consider when approaching companies in this area, how to find professionals amid eye-catching marketing claims, and what pitfalls this process may entail. As a rule, the following criteria are the name of t | Data Breach Tool Vulnerability Threat Industrial | ★★ | |
|
2023-05-02 20:00:00 | T-mobile éprouve encore une autre violation de données T-Mobile Experiences Yet Another Data Breach (lien direct) |
Des centaines de clients sont à risque de vol d'identité après que la société de communication mobile faisait face à sa deuxième violation de l'année.
Hundreds of customers are at risk of identity theft after the mobile communication company faces its second breach of the year. |
Data Breach | ★★ | |
|
2023-05-02 11:30:40 | T-Mobile dit que les informations personnelles ont été volées dans une nouvelle violation de données T-Mobile Says Personal Information Stolen in New Data Breach (lien direct) |
> L'opérateur sans fil T-Mobile affirme que les informations personnelles d'un petit nombre de personnes ont été exposées dans une violation récente de données.
>Wireless carrier T-Mobile says the personal information of a small number of individuals was exposed in a recent data breach. |
Data Breach | ★★ | |
|
2023-05-02 08:25:26 | Violation de données T-Mobile, la seconde depuis l'année 2023 T-Mobile Data Breach, The Second Since The Year 2023 (lien direct) |
Bien que cette violation ait affecté que 1 000 clients par opposition aux 37 millions affectés par la précédente, T-Mobile US Inc. a révélé une autre violation de données, sa deuxième violation divulguée en 2023. Il s'agit de la huitième violation de données depuis 2018. 836 clients ont été touchéspar la violation de données la plus récente, qui a été trouvée en mars.T-Mobile [& # 8230;]
Although this breach only affected 1,000 customers as opposed to the 37 million affected by the previous one, T-Mobile US Inc. disclosed another data breach, its second disclosed breach in 2023. This is the eighth data breach since 2018. 836 customers were impacted by the most recent data breach, which was found in March. T-Mobile […] |
Data Breach | ★★★ | |
 |
2023-05-01 23:40:36 | T-Mobile révèle la 2e violation de données de 2023, celle des épingles de compte qui fuient et plus T-Mobile discloses 2nd data breach of 2023, this one leaking account PINs and more (lien direct) |
Le piratage affectant 836 abonnés, a duré plus d'un mois avant sa découverte.
Hack affecting 836 subscribers, lasted for more than a month before it was discovered. |
Data Breach Hack | ★★ | |
|
2023-05-01 13:28:16 | T-Mobile révèle la deuxième violation de données depuis le début de 2023 T-Mobile discloses second data breach since the start of 2023 (lien direct) |
T-Mobile a révélé la deuxième violation de données de 2023 après avoir découvert que les attaquants avaient accès aux informations personnelles de centaines de clients pendant plus d'un mois, à partir de fin février 2023. [...]
T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds of customers for more than a month, starting late February 2023. [...] |
Data Breach | ★★ | |
|
2023-05-01 10:56:45 | Les entreprises ont de plus en plus frappé des actions de violation de données: cabinet d'avocats Companies Increasingly Hit With Data Breach Lawsuits: Law Firm (lien direct) |
> Les poursuites intentées contre des sociétés qui ont subi une violation de données sont de plus en plus courantes, les mesures étant prises même pour les incidents affectant moins de 1 000 personnes.
>Lawsuits filed against companies that have suffered a data breach are increasingly common, with action being taken even for incidents affecting less than 1,000 people. |
Data Breach | ★★ | |
|
2023-04-25 10:00:00 | Amélioration de vos résultats avec la cybersécurité en haut de l'esprit Improving your bottom line with cybersecurity top of mind (lien direct) |
In times of economic downturn, companies may become reactive in their approach to cybersecurity management, prioritizing staying afloat over investing in proactive cybersecurity measures. However, it\'s essential to recognize that cybersecurity is a valuable investment in your company\'s security and stability. Taking necessary precautions against cybercrime can help prevent massive losses and protect your business\'s future.
As senior leaders revisit their growth strategies, it\'s an excellent time to assess where they are on the cyber-risk spectrum and how significant the complexity costs have become. These will vary across business units, industries, and geographies. In addition, there is a new delivery model for cybersecurity with the pay-as-you-go, and use-what-you need from a cyber talent pool and tools and platform that enable simplification.
It\'s important to understand that not all risks are created equal. While detection and incident response are critical, addressing risks that can be easily and relatively inexpensively mitigated is sensible. By eliminating the risks that can be controlled, considerable resources can be saved that would otherwise be needed to deal with a successful attack.
Automation is the future of cybersecurity and incident response management. Organizations can rely on solutions that can automate an incident response protocol to help eliminate barriers, such as locating incident response plans, communicating roles and tasks to response teams, and monitoring actions during and after the threat.
Establish Incident Response support before an attack
In today’s rapidly changing threat environment, consider an Incident Response Retainer service which can help your organization with a team of cyber crisis specialists on speed dial, ready to take swift action. Choose a provider who can help supporting your organization at every stage of the incident response life cycle, from cyber risk assessment through remediation and recovery.
Effective cybersecurity strategies are the first step in protecting your business against cybercrime. These strategies should include policies and procedures that can be used to identify and respond to potential threats and guidance on how to protect company data best. Outlining the roles and responsibilities of managing cybersecurity, especially during an economic downturn, is also essential.
Managing vulnerabilities continues to be a struggle for many organizations today. It\'s essential to move from detecting vulnerabilities and weaknesses to remediation. Cybersecurity training is also crucial, as employees unaware of possible risks or failing to follow security protocols can leave the business open to attack. All employees must know how to identify phishing and follow the principle of verifying requests before trusting them.
Penetration testing is an excellent way for businesses to reduce data breach risks, ensure compliance, and assure their supplier network that they are proactively safeguarding sensitive information. Successful incident response requires collaboration across an organization\'s internal and external parties.
A top-down approach where senior leadership encourages a strong security culture encourages every department to do their part to support in case of an incident. Responding to a cloud incident requires understanding the differences between your visibility and control with on-premises resources and what you have in the cloud, which is especially important given the prevalence of hybrid models.
Protective cybersecurity measures are essential for businesses, especially during economic downturns. By prioritizing cybersecurity, companie |
Data Breach Threat Cloud | ★★ | |
|
2023-04-24 16:06:53 | 24 avril & # 8211;Rapport de renseignement sur les menaces 24th April – Threat Intelligence Report (lien direct) |
> Pour les dernières découvertes de cyber-recherche pour la semaine du 24 avril, veuillez télécharger nos principales attaques de menace_ingence et violation de l'American Bar Association (ABA), la plus grande association mondiale d'avocats et de professionnels du droit, a subi une violation de données avec les pirates qui gagnentAccès aux anciennes références de 1 466 000 membres.La brèche a été d'abord [& # 8230;]
>For the latest discoveries in cyber research for the week of 24th April, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES The American Bar Association (ABA), the largest global association of lawyers and legal professionals, has suffered a data breach with hackers gaining access to older credentials of 1,466,000 members. The breach was first […] |
Data Breach Threat | ★★ | |
|
2023-04-21 10:50:33 | Le comité de la Chambre entend des témoignages sur la violation des données de santé DC House Committee Hears Testimony on DC Health Data Breach (lien direct) |
> Un administrateur de haut niveau avec la bourse d'assurance maladie de Washington \\ s'est excusé auprès des membres de la Chambre mercredi pour la violation de données qui a entraîné la divulgation d'informations personnelles pour des milliers d'utilisateurs.
>A top administrator with Washington\'s health insurance exchange apologized to House members on Wednesday for the data breach that resulted in the disclosure of personal information for thousands of users. |
Data Breach | ★★ | |
|
2023-04-21 10:40:48 | Capita confirme la violation des données après que le groupe de ransomware propose de vendre des informations volées Capita Confirms Data Breach After Ransomware Group Offers to Sell Stolen Information (lien direct) |
> Capita a finalement confirmé que les pirates ont volé des données après que le groupe Black Basta Ransomware a proposé de vendre des informations prétendument volées à la société.
>Capita finally confirmed that hackers stole data after the Black Basta ransomware group offered to sell information allegedly stolen from the company. |
Ransomware Data Breach | ★★ | |
|
2023-04-21 09:56:10 | La violation des données de l'American Bar Association frappe 1,4 million de membres American Bar Association data breach hits 1.4 million members (lien direct) |
L'American Bar Association (ABA) a subi une violation de données après que les pirates ont compromis son réseau et ont eu accès aux anciennes références pour 1 466 000 membres.[...]
The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members. [...] |
Data Breach | ★★ | |
|
2023-04-20 20:30:00 | Major-violation des données du CFPB aux États-Unis causée par l'employé Major US CFPB Data Breach Caused by Employee (lien direct) |
La sensibilité des informations personnelles impliquées dans la violation n'a pas encore été déterminée par les responsables de l'agence, mais elle affecte 256 000 consommateurs.
The sensitivity of the personal information involved in the breach has yet to be determined by agency officials, but it affects 256,000 consumers. |
Data Breach | ★★ | |
|
2023-04-20 17:38:00 | Le Bureau des consommateurs de protection financière a déclaré que l'ancien employé avait envoyé des informations confidentielles sur 256 000 personnes aux e-mails personnels Consumer Financial Protection Bureau says former employee sent confidential info on 256,000 people to personal email (lien direct) |
Le Consumer Financial Protection Bureau (CFPB) a confirmé jeudi une violation de données impliquant les informations personnelles de «environ 256 000 comptes de consommation dans une seule institution».Un responsable de la CFPB a déclaré à Future News enregistré qu'il avait découvert qu'un ancien employé avait envoyé des dossiers confidentiels à son compte de messagerie personnel dans 14 e-mails différents.L'employé
The Consumer Financial Protection Bureau (CFPB) confirmed a data breach on Thursday involving the personal information of “roughly 256,000 consumer accounts at a single institution.” An official at the CFPB told Recorded Future News that they discovered that a former employee sent confidential records to their personal email account in 14 different emails. The employee |
Data Breach | ★★ | |
|
2023-04-20 08:52:03 | DC Health Link Data Breach blâmé à l'erreur humaine DC Health Link Data Breach Blamed on Human Error (lien direct) |
> La récente violation de données d'informations personnelles pour des milliers d'utilisateurs de Washington D.C. \'s Health Insurance Exchange, y compris les membres du Congrès, a été causée par une erreur humaine de base
>The recent data breach of personal information for thousands of users of Washington D.C.\'s health insurance exchange, including members of Congress, was caused by basic human error |
Data Breach | ★★ | |
 |
2023-04-18 13:57:19 | Kodi confirme la violation des données: plus de 400 000 comptes d'utilisateurs compromis Kodi Confirms Data Breach: Over 400k User Accounts Compromised (lien direct) |
> Kodi, le logiciel populaire du lecteur multimédia, a récemment confirmé une violation de données qui a eu un impact sur environ 400 000 utilisateurs.La violation des utilisateurs exposés & # 8217;Des informations personnelles telles que les noms d'utilisateur, les adresses e-mail et les mots de passe, ainsi que leurs messages privés.La violation a été causée par une vulnérabilité dans le logiciel du forum MYBB, que Kodi a utilisé pour héberger son & # 8230;
>Kodi, the popular media player software, has recently confirmed a data breach that has impacted around 400,000 users. The breach exposed users’ personal information such as usernames, email addresses, and passwords, as well as their private messages. The breach was caused by a vulnerability in the MyBB forum software, which Kodi used to host its … |
Data Breach Vulnerability | ★★ | |
|
2023-04-18 08:24:00 | Creative Software Maker Affinity informe les clients de la violation du forum Creative Software Maker Affinity Informs Customers of Forum Breach (lien direct) |
> L'affinité du développeur de logiciels créatives basée au Royaume-Uni a récemment informé les 175 000 utilisateurs de son forum de violation de données survenue le 6 avril
>UK-based creative software developer Affinity recently informed the 175,000 users of its forum of a data breach that occurred on April 6. |
Data Breach | ★★★ |
To see everything:
