What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-04 15:19:00 | Attackers use stolen banking data as phishing lure to deploy BitRAT (lien direct) | In a case that highlights how attackers can leverage information from data breaches to enhance their attacks, a group of attackers is using customer information stolen from a Colombian bank in phishing attacks with malicious documents, researchers report. The group, which might have been responsible for the data breach in the first place, is distributing an off-the-shelf Trojan program called BitRAT that has been sold on the underground market since February 2021.Stolen data used to add credibility to future attacks Researchers from security firm Qualys spotted the phishing lures that involved Excel documents with malicious documents but appeared to contain information about real people. Looking more into the information, it appeared the data was taken from a Colombian cooperative bank. After looking at the bank's public web infrastructure, researchers found logs that suggested the sqlmap tool was used to perform an SQL injection attack. They also found database dump files that attackers created.To read this article in full, please click here | Data Breach Tool | ★ | |
 |
2023-01-03 15:13:35 | Rail giant Wabtec discloses data breach after Lockbit ransomware attack (lien direct) | U.S. rail and locomotive company Wabtec Corporation has disclosed a data breach that exposed personal and sensitive information. [...] | Ransomware Data Breach | ★★ | |
 |
2023-01-03 11:00:00 | Five reasons why Cybersecurity training is important in 2023 (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The digital world is ever-expanding in scope and influence, both in personal and professional matters. In the last few years, business operations have become increasingly dependent on technology, and on employees to use that technology safely. While remote and mobile work have been necessary and useful, they also open the door for cybercriminals to take advantage of lax security measures and employees’ ignorance of best practices. So long as companies are carrying out some or all of their affairs in the digital realm, cybersecurity is easily as important as physical security. As one cybersecurity awareness training guide puts it: “if businesses are to thrive in the Fourth Industrial Revolution, security needs to be not only top of mind, but a fluent language.” Some of the most pressing reasons for cybersecurity training are detailed below. 1. Compliance with regulations There are many areas of business operations which are governed by legal or regulatory oversight to protect against various risks inherent to digital activities. These include HIPAA, which outlines rules regarding private health information, PCI SSC, which seeks to strengthen payment account security, and GDPR, which regulates general data privacy. Complying with these regulations is necessary for several reasons, although the dominant motivator for compliance is that the organizations can and will impose fines on businesses that fail to meet standards. It has often been said that a business is only as strong as its weakest link, and nowhere is this truer than in the world of data security. Any one employee can be a liability when it comes to the practices that an enterprise puts in place to protect consumer data as well as their own. When compliance is mandated and the threat of fines is looming, companies must ensure that all of their employees are properly trained and informed on the regulations in place. 2. Protecting enterprise assets Aside from wanting to avoid fines, however, businesses should still attempt to meet these regulatory standards for their own good. While meeting the bare minimum of compliance standards will keep a company out of hot water with regulatory boards, it will not necessarily protect the company itself. According to one report from IBM, the average cost of a data breach is 4.35 million USD. Ensuring that employees are trained in cybersecurity awareness greatly decreases the risk of a data breach occurring, as well as ensuring that employees know how to respond in the event that there is an attack targeting the company’s data. 3. Protecting consumer data Ostensibly protected by the aforementioned regulatory standards, consumer data is still at a huge risk of being obtained, stolen, or leveraged by cybercriminals. An attack that only targets a company’s internal data is dangerous to the company, but an attack that targets consumer data can have far-reaching consequences that affect thousands or millions of people. The responsibility for password complexity and variation, device and website privacy settings, and the amount of data shared can be at least partially placed upon the consumer’s shoulders. But the company must have its own measures in place as well to protect against attacks on customer data. Thorough and effective cybersecurity awareness training will reduce the chances of employee error l | Data Breach Threat Guideline Industrial Prediction | ★★★ | |
 |
2023-01-03 10:47:26 | Data Breach Involves 13 Million Users Of Maybank, Astro, and EC (lien direct) | Fahmi Fadzil, Malaysian Communications and Digital Minister, has launched an investigation into an alleged significant data breach impacting over 13 million individuals. Fadzil directed the national cyber security to investigate and take legal action if there is a data leak involving the parties involved. Satellite broadcaster Astro and the Election Commission claimed that data from […] | Data Breach | ★★ | |
 |
2022-12-29 15:19:38 | Twitter in data-protection probe after \'400 million\' user details up for sale (lien direct) | Politicians and celebrities are said to be affected but the scale of the data breach is unverified. | Data Breach | ★★ | |
 |
2022-12-29 10:42:45 | Data Breach at Louisiana Healthcare Provider Impacts 270,000 Patients (lien direct) | Southwest Louisiana healthcare provider Lake Charles Memorial Health System (LCMHS) is informing roughly 270,000 patients that their personal and medical information was compromised in a data breach. | Data Breach Medical | ★★ | |
 |
2022-12-28 19:53:16 | LastPass Data Breach: It\'s Time to Ditch This Password Manager (lien direct) | The password manager's most recent data breach is so concerning, users need to take immediate steps to protect themselves. | Data Breach | LastPass | ★★ |
|
2022-12-28 08:54:26 | Ransomware attack at Louisiana hospital impacts 270,000 patients (lien direct) | The Lake Charles Memorial Health System (LCMHS) is sending out notices of a data breach affecting thousands of people who have received care at one of its medical centers. [...] | Ransomware Data Breach Medical | ★★ | |
 |
2022-12-27 02:51:41 | Are passwords really as safe as we think? (lien direct) | Passwords are the most basic and common authentication method used to secure access to systems. But the process of using and maintaining secure passwords for numerous platforms can be quite tedious. According to Verizon`s 2020 Data Breach Investigation Report, weak, and re-used passwords resulted in 81% of data breaches. Apart from that, there are many more vulnerabilities and risks related to passwords, passwords are an increasingly unsuitable authentication option. Three main problems with passwords Human behavior and passwords – Many people prefer convenience over security. The usage of... | Data Breach | ★★ | |
 |
2022-12-23 13:02:01 | Data breach hits sports betting firm BetMGM (lien direct) | Data breach hits sports betting firm BetMGM New Jersey-based sports betting operator BetMGM has been impacted by a data breach that resulted in the theft of its customers' personal information, BleepingComputer reports. | Data Breach | ★★★ | |
|
2022-12-23 11:48:55 | LastPass Latest Data Breach Exposes Customer Password Vaults (lien direct) | Yet again, password management firm LastPass has announced that they have been hacked for the second time this year. If you recall, in August 2022, they had a data breach that stole a significant amount of customer data, including password vault data that was exposed through brute-forcing or guessing master passwords. The data breach, which […] | Data Breach | LastPass | ★ |
|
2022-12-23 10:38:13 | BetMGM Confirms Breach as Hackers Offer to Sell Data of 1.5 Million Customers (lien direct) | MGM Resorts-owned online sports betting company BetMGM confirmed suffering a data breach the same day hackers offered to sell a database containing the information of 1.5 million BetMGM customers. In a statement posted on its website on December 21, BetMGM said “patron records were obtained in an unauthorized manner”. | Data Breach | ★ | |
|
2022-12-22 21:07:44 | LastPass Says Password Vault Data Stolen in Data Breach (lien direct) | Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that could be exposed by brute-forcing or guessing master passwords. | Data Breach | LastPass | ★ |
|
2022-12-22 17:25:27 | Leading sports betting firm BetMGM discloses data breach (lien direct) | Leading sports betting company BetMGM disclosed a data breach after a threat actor stole personal information belonging to an undisclosed number of customers. [...] | Data Breach Threat Guideline | ★★★★ | |
|
2022-12-20 14:59:14 | DraftKings Data Breach Exposes Sensitive Information of 67,000 Customers (lien direct) | Last week, sports betting company DraftKings revealed that a credential stuffing attack in November exposed the personal information of over 67,000 customers. Credential stuffing attacks involve the use of automated tools to make thousands, if not millions, of attempts to sign into accounts using stolen user and password pairs. These attacks are especially effective when […] | Data Breach | ★ | |
|
2022-12-20 14:38:03 | DraftKings Data Breach Impacts Personal Information of 68,000 Customers (lien direct) | Sports betting firm DraftKings says the personal data of 68,000 individuals has been compromised in a recent data breach. The incident, initially disclosed in November, was the result of a credential stuffing attack and not a breach of DraftKings' systems, the company says. | Data Breach | ★★ | |
|
2022-12-18 11:07:14 | Restaurant CRM platform \'SevenRooms\' confirms breach after data for sale (lien direct) | SevenRooms, a restaurant CRM software and guest manRestaurant customer management platform SevenRooms has confirmed it suffered a data breach after a threat actor began selling stolen data on a hacking forum.agement service provider, has admitted it has suffered a data breach, result of a security incident on one of its vendors. [...] | Data Breach Threat | ★★★ | |
 |
2022-12-16 16:00:00 | Social Blade Confirms Data Breach Exposing PII on the Dark Web (lien direct) | The company confirmed the data does not include any credit card information | Data Breach | ★★ | |
 |
2022-12-16 06:00:00 | Shiseido data breach victims plan legal action over fake companies (lien direct) | The company confirmed the data does not include any credit card information | Data Breach | ★★ | |
|
2022-12-15 11:00:00 | Dark Data: What is it? How can you best utilize it? (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Data continues to be a valuable asset for an organization and plays a crucial role in making operational and strategic business decisions. With the growth of hybrid, private, and multi-cloud models, much of the data is stored on these platforms and becomes vulnerable to malicious activities and potential data leaks. Amid the vast volume of data, some of the data remains unknown, untapped, and unused with an organization's architecture. This dark data is generated by users' daily online interactions between several devices and systems. Dark data might seem like a scary term, but it isn't, though it poses some risks. Since its percentage of data is rising more quickly than organizational data, business organizations are getting concerned about it. Hence, to grasp what dark data is and what issues it signifies, it's essential to understand it from a broader perspective. What Is dark data? Dark data is the type of organizational data whose value is not identified; hence, it can be crucial business data or useless data. A research report published by BigID reveals that 84% of organizations are seriously concerned about dark data. This data consists of the additional information collected and stored during daily business activities. But perhaps to your surprise, the organization may be unaware of the dark data and typically doesn't use it. Dark data tends to be unstructured data that contains sensitive and unclassified information. The research report further reveals that eight out of ten organizations consider unstructured data the most critical to handle and secure. Dark data can be classified as follows: Emails, images, audio, video, and social media posts. Application trials including API caches and encryption keys such as VPN or SSH support. Data stored in overlooked virtual images activated or installed in local or cloud infrastructure. Forgotten unstructured data created on various database engines a long time ago. Customers and the company's employees own data on the desktop and mobile devices. The hidden data file in a file system can be in the form of old pictures, scanned documents, pdf forms, notes on MS Word documents, and signed files. Dark data might seem benign, but it holds most of the organization's information. Thus, it can pose significant security risks if it falls into the wrong hands, like leaking a company's sensitive data and damaging its industry reputation. This is particularly alarming for organisations that do not use a reliable VPN or any other security tools to ensure data privacy and safety. How can you utilize dark data to help your business? Dark data seems challenging to handle and involves lengthy manual processes, but companies need to automate these processes. Technological advancements such as the use of AI have made it easier for companies to explore and process unstructured data. Another important use of dark data is its role in boosting AI-powered solutions. As more and more data exists, the information that AI can analyse to produce even deeper insights. Alongside Artificial Intelligence, you can also use Machine Learning technology to discover untapped and unused data and insights. These insights might help organizations make more informed decisions regarding incoming data. Also, it guides them toward taking practical steps in response to their data. Implementing AI and ML systems needs internal structural changes for businesses, costing organizations a great deal of time and money. H | Data Breach Threat Guideline Prediction | ★★★ | |
|
2022-12-15 10:29:26 | Social Blade confirms breach after hacker posts stolen user data (lien direct) | Social media analytics platform Social Blade has confirmed they suffered a data breach after its database was breached and put up for sale on a hacking forum. [...] | Data Breach | ★★ | |
 |
2022-12-14 13:11:51 | How to Protect Yourself From Identity Theft After a Data Breach (lien direct) | >
Did you just get word that your personal information may have been caught up in a data breach? If so,...
|
Data Breach | ★★ | |
 |
2022-12-14 10:22:28 | Comment: CybelAngel CISO on Uber suffering new data breach (lien direct) | Following the news that Uber suffers new data breach after attack on vendor, Todd Carrol CISO at CybelAngel questions the integrity of Ubers decisions on Cybersecurity. - Malware Update | Data Breach | Uber Uber | ★ |
|
2022-12-13 20:32:46 | Tequivity Cloud Server Compromise Leads to Uber Breached, Experts Reacted (lien direct) | Uber experienced yet another prominent data breach that exposed private employee and business information. This time, attackers gained access to the company through a Tequivity cloud server that was used by Amazon Web Services (AWS), which gives Uber asset management and tracking services. The incident was initially reported by the New York Times. The hacker […] | Data Breach | Uber Uber | ★★★ |
|
2022-12-13 16:00:00 | Uber Hit By New Data Breach After Attack on Third-Party Vendor (lien direct) | Company information was stolen from third-party vendor Teqtivity and posted on a dark web forum | Data Breach | Uber Uber | ★★ |
|
2022-12-13 14:59:10 | Comment from cyber-expert on Uber data breach (lien direct) | After the news about Uber suffering a new data breach after an attack on the vendor with sensitive information being leaked online the comment Chris Vaughan, AVP - Technical Account Management, EMEA, Tanium on the breach and its implications – as well as advice for companies to avoid similar incidents in future. - Malware Update | Data Breach | Uber Uber | ★ |
|
2022-12-13 14:17:48 | Expert commentary: UberLeaks data breach (lien direct) | the comment from Matt Aldridge, Principal Solutions Consultant at OpenText Security Solutions about UberLeaks data breach. - Malware Update | Data Breach | Uber | ★ |
|
2022-12-12 14:27:52 | Twitter confirms recent user data leak is from 2021 breach (lien direct) | Twitter confirmed today that the recent leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022. [...] | Data Breach | ★★★ | |
|
2022-12-12 13:30:18 | Uber suffers new data breach after attack on vendor, info leaked online (lien direct) | Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident. [...] | Data Breach Threat | Uber Uber | ★ |
|
2022-12-08 13:00:00 | Popular HR and Payroll Company Sequoia Discloses a Data Breach (lien direct) | The company, which works with hundreds of startups, said it detected unauthorized access to personal data, including Social Security numbers. | Data Breach | ★★★ | |
|
2022-12-08 12:01:56 | CloudSEK Blames Hack on Another Cybersecurity Company (lien direct) | Digital risk protection company CloudSEK claims that another cybersecurity firm is behind a recent data breach resulting from the compromise of an employee's Jira account. As part of the targeted cyberattack, an unknown party used session cookies for the employee's Jira account to gain access to various types of internal data. | Data Breach Hack | ★★ | |
 |
2022-12-06 14:30:00 | CyberheistNews Vol 12 #49 [Keep An Eye Out] Beware of New Holiday Gift Card Scams (lien direct) |
CyberheistNews Vol 12 #49 | December 6th, 2022
[Keep An Eye Out] Beware of New Holiday Gift Card Scams
By Roger A. Grimes
Every holiday season brings on an increase in gift card scams. Most people love to buy and use gift cards. They are convenient, easy to buy, easy to use, easy to gift, usually allow the receiver to pick just what they want, and are often received as a reward for doing something.
The gift card market is estimated in the many hundreds of BILLIONS of dollars. Who doesn't like to get a free gift card? Unfortunately, scammers often use gift cards as a way to steal value from their victims. There are dozens of ways gift cards can be used by scammers to steal money.
Roger covers these three scams in a short [VIDEO] and in detail on the KnowBe4 blog:
You Need to Pay a Bill Using Gift Cards
Maliciously Modified Gift Cards in Stores
Phish You for Information to Supposedly Get a Gift Card
Blog post with 2:13 [VIDEO] and links you can share with your users and family:https://blog.knowbe4.com/beware-of-holiday-gift-card-scams
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, December 7 @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
NEW! KnowBe4 Mobile Learner App - Users Can Now Train Anytime, Anywhere!
NEW! Security Culture Benchmarking feature lets you compare your organization's security culture with your peers
NEW! AI-Driven phishing and training recommendations for your end users
Did You Know? You can upload your own training video and SCORM modules into your account for home workers
Active Directory or SCIM Integration to easily upload user data, eliminating the need to manually manage user changes
Find out how 50,000+ organizations have mobilized their end-users as their human firewall.
Date/Time: TOMORROW, Wednesday, December 7 @ 2:00 PM (ET)
Save My Spot!https://event.on24.com/wcc/r/3947028/0273119CCBF116DBE42DF81F151FF99F?partnerref=CHN3
|
Ransomware Data Breach Spam Hack Tool Guideline | ★★★ | |
 |
2022-12-02 23:10:59 | Medibank prognosis gets worse after more stolen data leaked (lien direct) | Plus Australia launches an investigation into insurer's data privacy practices Australian health insurer Medibank's prognosis following an October data breach keeps getting worse as criminals dumped another batch of stolen customer data on the dark web. … | Data Breach | ★★ | |
|
2022-12-02 13:48:36 | Report: California Gun Data Breach Was Unintentional (lien direct) | California's Department of Justice mistakenly posted the names, addresses and birthdays of nearly 200,000 gun owners on the internet because officials didn't follow policies or understand how to operate their website, according to an investigation released Wednesday. | Data Breach | ★★★★ | |
 |
2022-12-02 12:09:45 | LastPass Security Breach (lien direct) | The company was hacked, and customer information accessed. No passwords were compromised. | Data Breach | LastPass | ★★★ |
 |
2022-12-02 01:10:59 | LastPass admits to customer data breach caused by previous breach (lien direct) | Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round. | Data Breach | LastPass | ★★★ |
 |
2022-12-01 20:32:42 | Who\'s Hacked? Latest Data Breaches And Cyberattacks (lien direct) | >Security intelligence from around the world Our daily alert provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we’re following. If there’s a cyberattack, hack, or data breach you should know about, then we’re on it. | Data Breach | ★★★ | |
 |
2022-12-01 12:38:04 | 3 of the Worst Data Breaches in the World That Could Have Been Prevented (lien direct) | >Data breaches can be devastating for organizations, these are 3 of the worst incidents that could have been prevented Data breaches can be devastating for organizations and even entire countries. Eliminating the risk of a data breach is nearly impossible, but some things can be done to reduce it significantly. Here are three of the […] | Data Breach | ★★★ | |
|
2022-12-01 11:47:33 | GoTo, LastPass Notify Customers of New Data Breach Related to Previous Incident (lien direct) | LastPass, the company known for its popular password manager, and its affiliate, GoTo, are informing customers about a new data breach that appears to be related to a cybersecurity incident disclosed a few months ago. | Data Breach | LastPass | ★★ |
|
2022-11-30 19:52:28 | South Staffs Water Hacking Victims Have Bank Details Published On Dark Web After Cyber Attack (lien direct) | Bank details of South Staffs Water customers have been published on the dark web after a cyber attack. The data breach took place in August and saw cyber criminals steal sensitive information. The firm said the “impacted data” included names and address of customers – alongside sort codes and account numbers. In a letter to those affected, it […] | Data Breach | ★★★ | |
|
2022-11-30 15:13:54 | Surfshark launches a browser extension upgrade with a CleanWeb 2.0 (lien direct) | Surfshark launches a browser extension upgrade with a CleanWeb 2.0 Cybersecurity company Surfshark released a significant browser extension upgrade. The new extension has its own dashboard, where users will find upgraded CleanWeb 2.0 with four essential features – ad blocker, pop-up blocker, data breach alert, and malware alert. - Product Reviews | Data Breach Malware | ★★★ | |
|
2022-11-28 17:54:48 | Expert comment: Ireland\'s DPC fines Meta $265m (lien direct) | In light of the news that Ireland's Data Protection Commission (DPC) has fined Meta $265m for a data breach that affected millions of Facebook users last year, the comment from John Stevenson, Product Director, Cyren. John speaks about the positive change that fines like this will hopefully facilitate. “Every single one of the 533m Facebooks users whose information was published on hacking forums faced potential follow-up phishing scams exploiting their exposed PII in the pursuit of more (...) - Opinion | Data Breach | ★★ | |
|
2022-11-28 15:54:53 | Irish Regulator Fines Meta 265 Million Euros Over Data Breach (lien direct) | Ireland's data regulator on Monday slapped Facebook owner Meta with a 265-million-euro ($275-million) fine after details of more than half a billion users were leaked on a hacking website. | Data Breach | ★★★★ | |
|
2022-11-28 12:48:49 | Twitter Data Breach Bigger Than Initially Reported (lien direct) | A massive Twitter data breach disclosed a few months ago appears to be bigger than initially reported. | Data Breach | ★★★ | |
|
2022-11-26 21:11:03 | Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches (lien direct) | >The massive data breach suffered by Twitter that exposed emails and phone numbers of its customers may have impacted more than five million users. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered […] | Data Breach Vulnerability Threat | ★★ | |
|
2022-11-26 20:29:06 | WhatsApp data breach sees nearly 500 million user records up for sale (lien direct) |
|
Data Breach | ★★ | |
|
2022-11-26 13:49:47 | 7 Email Security Risks And How To Tackle Them (lien direct) | Email is one of the top two distribution mechanisms for harmful payloads, with the average company receiving over 75% of its malware over email, according to Verizon’s 2022 Data Breach Investigations Report. Even if just a small percentage of employees actively click on phishing emails, the overall numbers are still high enough to make this […] | Data Breach Malware | ★★ | |
|
2022-11-23 10:26:14 | Air Asia Suffers Major Data Breach (lien direct) | Air Asia Suffers Major Data Breach One of Asia's most popular airlines. Air Asia, suffered from a massive data breach this past month, potentially exposing. The data of hundreds of thousands of users. The airlines have started contacting customers to let them know what options they have going forward.. Let's take a look at what […] | Data Breach | ||
|
2022-11-23 10:26:14 | (Déjà vu) AirAsia Data Breach (lien direct) | It has been reported that the cybercrime group called Daixin Team has leaked sample data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal. The development comes a little over a week after the company fell victim to a ransomware attack on November 11 and 12, per DataBreaches.net. | Ransomware Data Breach | ★★★ | |
|
2022-11-21 18:02:59 | California County Says Personal Information Compromised in Data Breach (lien direct) | The County of Tehama, California, has started informing employees, recipients of services, and affiliates that their personal information might have been compromised in a data breach. | Data Breach |
To see everything:
