What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-10-24 15:18:44 | L'Université du Michigan dit des informations personnelles volées en août une violation de données University of Michigan Says Personal Information Stolen in August Data Breach (lien direct) |
> Les informations personnelles des étudiants, des candidats, des anciens et des employés sont compromis dans la violation de données de l'Université du Michigan.
>The personal information of students, applicants, alumni, and employees compromised in University of Michigan data breach. |
Data Breach | ★★ | |
 |
2023-10-24 14:12:30 | Cinq raisons pour lesquelles les outils de prévention des pertes de données hérités ne parviennent pas à livrer Five Reasons Why Legacy Data Loss Prevention Tools Fail to Deliver (lien direct) |
Comme tant de technologies héritées, les outils de prévention de la perte de données (DLP) hérités ne parviennent pas à offrir la protection aujourd'hui que les organisations ont besoin.Les défis de mise en œuvre, les lacunes de visibilité et les politiques incohérentes ont un impact négatif sur les clients et rendent les violations de données beaucoup trop faciles aux adversaires.Les coûts de violation des données américains sont en moyenne de 4,45 millions de dollars l'année dernière, les organisations ont besoin d'un moyen de [& # 8230;]
Like so many legacy technologies, legacy data loss prevention (DLP) tools fail to deliver the protection today\'s organizations need. Implementation challenges, visibility gaps and inconsistent policies negatively impact customers and make data breaches far too easy for adversaries. With U.S. data breach costs averaging a staggering $4.45 million last year, organizations need a way to […] |
Data Breach Tool Guideline | ★★★ | |
 |
2023-10-24 11:07:21 | L'équipe de basket-ball Asvel confirme la violation des données après une attaque de ransomware ASVEL basketball team confirms data breach after ransomware attack (lien direct) |
L'équipe de basket-ball française LDLC Asvel (ASVEL) a confirmé que les données avaient été volées après que le gang de ransomware Noescape a affirmé avoir attaqué le club.[...]
French professional basketball team LDLC ASVEL (ASVEL) has confirmed that data was stolen after the NoEscape ransomware gang claimed to have attacked the club. [...] |
Ransomware Data Breach | ★★ | |
|
2023-10-23 15:47:30 | DC Board of Elections indique que le rôle des électeurs complexe compromis en violation de données DC Board of Elections Says Full Voter Roll Compromised in Data Breach (lien direct) |
> Le Conseil des élections du district de Columbia indique que le rôle des électeurs complexe compromis dans une violation récente de données au fournisseur d'hébergement Datanet.
>The District of Columbia Board of Elections says full voter roll compromised in a recent data breach at hosting provider DataNet. |
Data Breach | ★★ | |
|
2023-10-23 15:34:41 | Employé de l'Université du Michigan, données sur les étudiants volés en cyberattaque University of Michigan employee, student data stolen in cyberattack (lien direct) |
L'Université du Michigan a déclaré aujourd'hui dans un communiqué qu'ils ont subi une violation de données après que les pirates ont fait irruption dans son réseau en août et ont accédé aux systèmes avec des informations appartenant aux étudiants, aux candidats, aux anciens, aux donateurs, aux employés, aux patients et aux participants à la recherche.[...]
The University of Michigan says in a statement today that they suffered a data breach after hackers broke into its network in August and accessed systems with information belonging to students, applicants, alumni, donors, employees, patients, and research study participants. [...] |
Data Breach Studies | ★★ | |
|
2023-10-23 05:25:58 | La ville de Philadelphie révèle la violation des données après cinq mois City of Philadelphia discloses data breach after five months (lien direct) |
La ville de Philadelphie enquête sur une violation de données après que les attaquants "peuvent avoir eu accès" aux comptes de messagerie de la ville contenant des informations sur la santé personnelles et protégées il y a cinq mois, en mai.[...]
The City of Philadelphia is investigating a data breach after attackers "may have gained access" to City email accounts containing personal and protected health information five months ago, in May. [...] |
Data Breach | ★★★ | |
 |
2023-10-23 02:58:23 | Rapport sur la cyber-assurance: la fréquence de violation, violation de la gravité Cyber Insurance Report: Breach Frequency Down, Breach Severity Up (lien direct) |
La dernière demi-décennie a été particulièrement tumultueuse pour la cybersécurité.Il a été témoin de certaines des attaques les plus dommageables de l'histoire, des taux de violation de données sans précédent et d'un nombre stupéfiant de groupes de menaces émergents.Cependant, un nouveau rapport de la Cyber Insurance Provider Coalition suggère que les choses commencent à se stabiliser.Le rapport, qui comprend des données de la clientèle des États-Unis et du Canada de Coalition \\, allant des entreprises avec moins de 25 millions de dollars de revenus à plus de 100 millions de dollars, a révélé que bien que la gravité des réclamations ait augmenté, la fréquence a chuté dans le ...
The past half-decade has been a particularly tumultuous one for cybersecurity. It has borne witness to some of the most damaging attacks in history, unprecedentedly high data breach rates, and a staggering number of emerging threat groups. However, a new report from cyber insurance provider Coalition suggests that things are beginning to stabilize. The report , which features data from Coalition\'s US and Canada customer base ranging from businesses with less than $25 million in revenue to more than $100 million, has revealed that while claim severity has risen, frequency has fallen in the... |
Data Breach Threat | ★★ | |
 |
2023-10-23 02:22:46 | 2023 Jul & # 8211;Rapport sur la tendance des menaces du Web Deep et Dark 2023 Jul – Deep Web and Dark Web Threat Trend Report (lien direct) |
Ce rapport de tendance sur le Web Deep et le Web sombre d'août 2023 est sectionné en ransomware, forums & # & #38;Marchés noirs et acteurs de menace.Nous tenons à dire à l'avance qu'une partie du contenu n'a pas encore été confirmée comme vraie.1) Ransomware (1) Alphv (Blackcat) (2) Lockbit (3) NoEscape (4) Metaencryptor (5) Rhysida 2) Forum & # 38;Black Market (1) Le retour du voleur de raton laveur (2) Anonfiles a fermé (3) violation de données du site Web d'apprentissage des langues étrangères 3) ...
This trend report on the deep web and dark web of August 2023 is sectioned into Ransomware, Forums & Black Markets, and Threat Actors. We would like to state beforehand that some of the content has yet to be confirmed to be true. 1) Ransomware (1) ALPHV (BlackCat) (2) LockBit (3) NoEscape (4) MetaEncryptor (5) Rhysida 2) Forum & Black Market (1) The Return of Raccoon Stealer (2) Anonfiles Shut Down (3) Data Breach of Foreign Language Learning Website 3)... |
Ransomware Data Breach Threat Prediction | ★★ | |
|
2023-10-21 11:05:10 | The Week in Ransomware - 20 octobre 2023 - Right Back The Week in Ransomware - October 20th 2023 - Fighting Back (lien direct) |
Ce fut une mauvaise semaine pour les ransomwares, le ransomware Trigona souffrant d'une violation de données et des forces de l'ordre perturbant le fonctionnement du ragnarlocker.[...]
This was a bad week for ransomware, with the Trigona ransomware suffering a data breach and law enforcement disrupting the RagnarLocker ransomware operation. [...] |
Ransomware Data Breach | ★★ | |
 |
2023-10-20 15:44:00 | Casio affirme que les clients dans 148 pays touchés par une brèche Casio says customers in 148 countries affected by breach (lien direct) |
Des milliers de clients du fabricant de technologies japonais Casio ont fait divulguer leurs informations dans une violation de données qui s'est produite dans l'une de ses filiales logicielles la semaine dernière.Dans un long explicateur cette semaine, la société a déclaré que les pirates avaient accédé à l'application Web de l'éducation de la société Classpad.net, ce qui a entraîné la fuite d'informations personnelles des clients dans 148 pays.
Thousands of customers of Japanese tech manufacturer Casio had their information leaked in a data breach that occurred in one of its software subsidiaries last week. In a lengthy explainer this week, the company said hackers accessed the company\'s education web application ClassPad.net, resulting in the leak of personal information from customers in 148 countries. |
Data Breach | ★★ | |
|
2023-10-19 18:18:56 | Erreur humaine: violation de données Casio Classpad impactant 148 pays Human Error: Casio ClassPad Data Breach Impacting 148 Countries (lien direct) |
> Par waqas
Si vous êtes un client Casio Classpad, il est fortement recommandé de changer immédiatement votre mot de passe Classpad pour vous protéger.
Ceci est un article de HackRead.com Lire le post original: Erreur humaine: la violation de données Casio Classpad impactant 148 pays
>By Waqas If you are a Casio ClassPad customer, it is strongly recommended that you change your ClassPad password immediately to protect yourself. This is a post from HackRead.com Read the original post: Human Error: Casio ClassPad Data Breach Impacting 148 Countries |
Data Breach | ★★ | |
 |
2023-10-19 10:00:00 | Pourquoi les organisations ne détectent-elles pas les menaces de cybersécurité? Why are organizations failing to detect cybersecurity threats? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. With the changing security landscape, the most daunting task for the CISO and CIO is to fight an ongoing battle against hackers and cybercriminals. Bad actors stay ahead of the defenders and are always looking to find new vulnerabilities and loopholes to exploit and enter the business network. Failing to address these threats promptly can have catastrophic consequences for the organization. A survey finds that, on average, it takes more than five months to detect and remediate cyber threats. This is a significant amount of time, as a delayed response to cyber threats can result in a possible cyber-attack. One can never forget the devastating impacts of the Equifax breach in 2017 and the Target breach in 2013 due to delayed detection and response. This is concerning and highlights the need for proactive cybersecurity measures to detect and mitigate rising cyber threats. Amidst this, it\'s also crucial to look into why it is challenging to detect cyber threats. Why do organizations fail to detect cyber threats? Security teams are dealing with more cyber threats than before. A report also confirmed that global cyber attacks increased by 38% in 2022 compared to the previous year. The increasing number and complexity of cyber-attacks make it challenging for organizations to detect them. Hackers use sophisticated techniques to bypass security systems and solutions - like zero-day vulnerabilities, phishing attacks, business email compromises (BEC), supply chain attacks, and Internet of Things (IoT) attacks. Some organizations are unaware of the latest cyber threat trends and lack the skills and resources to detect them. For instance, hackers offer professional services like ransomware-as-a-service (RaaS) to launch ransomware attacks. Surprisingly, two out of three ransomware attacks are facilitated by the RaaS setup, but still, companies fail to have a defensive strategy against them. Enterprises relying on legacy devices and outdated software programs are no longer effective at recognizing certain malicious activities, leaving the network vulnerable to potential threats. Additionally, the lack of trained staff, insider threats, and human errors are other reasons why many organizations suffer at the hands of threat actors. Besides this, much of the company\'s data is hidden as dark data. As the defensive teams and employees may be unaware of it, the hackers take complete advantage of dark data and either replicate it or use it to fulfill their malicious intentions. Moreover, cloud migration has rapidly increased in recent years, putting cybersecurity at significant risk. The complexity of the cloud environments, poorly secured remote and hybrid work environments, and sharing security responsibilities between cloud service providers and clients have complicated the situation. In addition, cloud vulnerabilities, which have risen to 194% from the previous year, have highlighted the need for organizations to look out for ways to strengthen their security infrastructure. Security measures to consider to prevent cyber threats Since businesses face complex cyber threats, mitigating them require | Ransomware Data Breach Tool Vulnerability Threat Cloud | Equifax | ★★ |
|
2023-10-19 07:37:48 | Casio révèle la violation des données impactant les clients dans 149 pays Casio discloses data breach impacting customers in 149 countries (lien direct) |
Le fabricant japonais de l'électronique Casio a révélé une violation de données impactant les clients de 149 pays après que les pirates aient acquis les serveurs de sa plate-forme d'éducation de ClassPad.[...]
Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform. [...] |
Data Breach | ★★★ | |
 |
2023-10-18 14:45:09 | D-link clarifie \\ 'exagérations \\' autour de la violation de données D-Link clears up \\'exaggerations\\' around data breach (lien direct) |
qui savait que 3 millions signifie réellement 700 dans le jargon du forum de cybercriminalité? d-link a confirmé les soupçons qu'il a été ciblé avec succès par les cybercriminels, mais parle de l'échelle de l'impact.…
Who knew 3 million actually means 700 in cybercrime forum lingo? D-Link has confirmed suspicions that it was successfully targeted by cyber criminals, but is talking down the scale of the impact.… |
Data Breach | ★★ | |
|
2023-10-18 12:46:51 | D-Link dit que les réclamations de violation de données exagérées du pirate D-Link Says Hacker Exaggerated Data Breach Claims (lien direct) |
> Hacker prétend avoir violé le réseau de D-Link \\ à Taiwan et propose de vendre des données volées, mais la société affirme que les réclamations sont exagérées.
>Hacker claims to have breached D-Link\'s network in Taiwan and is offering to sell stolen data, but the company says the claims are exaggerated. |
Data Breach | ★★ | |
 |
2023-10-18 11:21:23 | Sécuriser les applications Web: la liste de contrôle d'une CISO \\ pour les leaders technologiques Securing Web Applications: A CISO\\'s Checklist for Tech Leaders (lien direct) |
En tant que CISO, sécuriser les applications Web et assurer leur résilience contre l'évolution des cyber-menaces est une priorité non négociable.Le rapport sur les enquêtes sur les violations de données de Verizon \\ cite les applications Web comme le vecteur d'attaque supérieur par un tir à long terme (en violation et en incidents).Voici une liste de contrôle simplifiée pour sécuriser les applications Web qui vous aideront à améliorer la posture de sécurité de votre organisation et l'intégrité de votre technologie.
Évaluation des risques et menaces d'application Web
Une première étape puissante dans la sécurisation des applications Web est la découverte.Vous ne pouvez pas sécuriser ce que vous ne savez pas!Commencez par un inventaire de votre logiciel ou de votre portefeuille d'applications pour comprendre les sources de risque et ce que vous souhaitez hiérarchiser.
Pour certains, cela peut être simple.Pour d'autres, ce sera un inventaire essentiel de ce qui constitue votre processus logiciel et de développement.Voici quelques questions à considérer dans votre évaluation de votre portefeuille:
Combien d'applications avez-vous?
Où résident-ils?
OMS…
As a CISO, securing web applications and ensuring their resilience against evolving cyber threats is a non-negotiable priority. Verizon\'s Data Breach Investigations Report 2023 cites web applications as the top attack vector by a long shot (in both breaches and incidents). Here\'s a simplified checklist for securing web applications that will help you improve your organization\'s security posture and the integrity of your technology. Assessing Web Application Risk and Threats A powerful first step in securing web applications is discovery. You can\'t secure what you don\'t know about! Start with an inventory of your software or application portfolio to understand sources of risk and what you want to prioritize. For some this may be simple. For others it will be an essential inventory of what makes up your software and development process. Here are some questions to consider in your assessment of your portfolio: How many applications do you have? Where do they reside? Who… |
Data Breach | ★★ | |
 |
2023-10-18 09:11:00 | D-Link confirme la violation des données: l'employé est victime d'attaque de phishing D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (lien direct) |
Le fabricant d'équipements de réseautage taïwanais D-Link a confirmé une violation de données qui a conduit à l'exposition de ce qu'il a dit être "des informations à faible sensibilité et semi-publiques".
"Les données ont été confirmées non pas du cloud mais proviennent probablement d'un ancien système D-View 6, qui a atteint sa fin de vie dès 2015", a indiqué la société.
"Les données ont été utilisées à des fins d'enregistrement à l'époque. Jusqu'à présent, non
Taiwanese networking equipment manufacturer D-Link has confirmed a data breach that led to the exposure of what it said is "low-sensitivity and semi-public information." "The data was confirmed not from the cloud but likely originated from an old D-View 6 system, which reached its end of life as early as 2015," the company said. "The data was used for registration purposes back then. So far, no |
Data Breach Cloud | ★★ | |
|
2023-10-17 14:48:47 | D-Link confirme la violation des données après l'attaque de phishing des employés D-Link confirms data breach after employee phishing attack (lien direct) |
Le fabricant d'équipements de réseautage taïwanais D-Link a confirmé une violation de données liée aux informations volées à son réseau et mise en vente sur BreachForums plus tôt ce mois-ci.[...]
Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month. [...] |
Data Breach | ★★ | |
|
2023-10-16 11:41:41 | Equifax a condamné à une amende de 13,5 millions de dollars par rapport à la violation de données 2017 Equifax Fined $13.5 Million Over 2017 Data Breach (lien direct) |
> La Watchdog financier de l'UK \'s FCA impose A & Pound; 11 millions (environ 13,5 millions de dollars) amende à Equifax sur la violation de données de 2017.
>UK\'s financial watchdog FCA imposes a £11 million (approximately $13.5 million) fine to Equifax over the 2017 data breach. |
Data Breach Legislation | Equifax | ★★ |
|
2023-10-15 21:45:00 | Colonial Pipeline attribue les prétentions des ransomwares à \\ 'non liée à la violation de données tierces Colonial Pipeline attributes ransomware claims to \\'unrelated\\' third-party data breach (lien direct) |
Colonial Pipeline a déclaré qu'il n'y avait pas eu de perturbation des opérations de pipeline ou de leurs systèmes après qu'un gang de ransomware a fait plusieurs menaces vendredi après-midi.La société & # 8211;qui gère le plus grand système de pipeline pour les produits à l'huile raffinés aux États-Unis & # 8211;adressé les affirmations faites par le gang rancéd.vc que les données avaient été volées à leur
Colonial Pipeline said there has been no disruption to pipeline operations or their systems after a ransomware gang made several threats on Friday afternoon. The company – which runs the largest pipeline system for refined oil products in the U.S. – addressed claims made by the Ransomed.vc gang that data had been stolen from their |
Ransomware Data Breach | ★★★ | |
|
2023-10-14 01:43:36 | Colonial Pipeline nie la violation de RansomEdVC Ransomware Group Colonial Pipeline Denies Breach by RANSOMEDVC Ransomware Group (lien direct) |
> Par waqas
violation de données tierce suspectée dans les fichiers en ligne liés au pipeline colonial.
Ceci est un article de HackRead.com Lire le post original: pipeline colonialRefuse la violation de Ransomedvc Ransomware Group
>By Waqas Third-Party Data Breach Suspected in Online Files Linked to Colonial Pipeline. This is a post from HackRead.com Read the original post: Colonial Pipeline Denies Breach by RANSOMEDVC Ransomware Group |
Ransomware Data Breach | ★★ | |
|
2023-10-13 18:15:00 | Les amendes britanniques Equifax 13,6 millions de dollars pour la violation de données 2017 UK fines Equifax $13.6 million for 2017 data breach (lien direct) |
Vendredi, la société britannique de rédaction de crédit a été condamnée à une amende et à 11 164 400 (environ 13,6 millions de dollars) par un régulateur britannique pour avoir permis aux pirates d'accéder à des informations personnelles de millions de personnes en 2017. Environ 13,8 millions de consommateurs britanniques ont été touchés dans l'incident, selonà la Financial Conduct Authority, et il reste l'un des
The UK arm of credit reporting firm Equifax was fined £11,164,400 (about $13.6 million) on Friday by a British regulator for allowing hackers to access personal information of millions of people in 2017. About 13.8 million UK consumers were affected in the incident, according to the Financial Conduct Authority, and it remains one of the |
Data Breach Legislation | Equifax | ★★★ |
|
2023-10-13 16:12:56 | 23andMe a frappé des poursuites après des fuites de pirate 23andMe hit with lawsuits after hacker leaks stolen genetics data (lien direct) |
Le fournisseur de tests génétiques 23andMe fait face à plusieurs recours collectifs aux États-Unis à la suite d'une violation de données à grande échelle qui aurait eu un impact sur des millions de ses clients.[...]
Genetic testing provider 23andMe faces multiple class action lawsuits in the U.S. following a large-scale data breach that is believed to have impacted millions of its customers. [...] |
Data Breach | ★★★ | |
 |
2023-10-13 11:45:00 | Amendes du régulateur britannique Equifax & Pound; 11m pour la violation de données 2017 UK Regulator Fines Equifax £11m for 2017 Data Breach (lien direct) |
La FCA britannique a tenu Equifax Ltd responsable de ne pas protéger les données des consommateurs britanniques détenues par sa société mère basée aux États-Unis
The UK FCA held Equifax Ltd responsible for failing to protect UK consumer data held by its US-based parent company |
Data Breach | Equifax | ★★ |
 |
2023-10-12 13:00:00 | La condamnation d'appel d'appel d'Uber \\ est une violation de données 2016 Uber\\'s Ex-CISO Appeals Conviction Over 2016 Data Breach (lien direct) |
Les avocats de Joe Sullivan \\ ont affirmé que sa condamnation pour deux accusations de crime est basée sur des théories ténuelles et criminalise l'utilisation des programmes de primes de bogues.
Joe Sullivan\'s lawyers have claimed his conviction on two felony charges is based on tenuous theories and criminalizes the use of bug bounty programs. |
Data Breach | Uber | ★★★ |
|
2023-10-12 08:30:00 | US Smashe Smache Annual Data Breach Record avec trois mois à faire US Smashes Annual Data Breach Record With Three Months Left (lien direct) |
Le volume des compromis de données dépasse déjà le sommet précédent de 14%
Volume of data compromises already exceeds previous high by 14% |
Data Breach | ★★ | |
|
2023-10-12 08:13:11 | Shadow PC met en garde contre la violation de données alors que le pirate essaie de vendre des joueurs \\ ' Shadow PC warns of data breach as hacker tries to sell gamers\\' info (lien direct) |
Shadow PC, un fournisseur de services haut de gamme de cloud computing, avertit les clients d'une violation de données qui a exposé des informations privées aux clients \\ ', car un acteur de menace prétend vendre les données volées pour plus de 500 000 clients.[...]
Shadow PC, a provider of high-end cloud computing services, is warning customers of a data breach that exposed customers\' private information, as a threat actor claims to be selling the stolen data for over 500,000 customers. [...] |
Data Breach Threat Cloud | ★★ | |
 |
2023-10-11 13:00:00 | 10 ans de revue: coût d'une violation de données 10 years in review: Cost of a Data Breach (lien direct) |
> Aujourd'hui, le rythme des changements mondiaux nous étonne, et la cybersécurité reflète cela, contrairement à toute autre industrie.Les données de la dernière décennie nous indiquent une incroyable & # 8212;et parfois troublant & # 8212;histoire.En 2014, le coût moyen d'une violation de données était de 3,5 millions de dollars.Aujourd'hui, le coût moyen d'une violation de données a augmenté de presque [& # 8230;]
>Today, the pace of world change astounds us, and cybersecurity reflects that, unlike any other industry. The data from the last decade tells us an amazing — and sometimes troubling — story. In 2014, the average cost of a data breach was $3.5 million. Today, the average cost of a data breach has surged nearly […] |
Data Breach | ★★★ | |
 |
2023-10-10 09:01:42 | Plus de 800 000 clients de Flagstar Bank affectés par la troisième violation de données depuis 2021 Over 800k Flagstar Bank Customers Impacted by Third Data Breach Since 2021 (lien direct) |
Flagstar Bank informe les clients qu'une violation de données ciblant un fournisseur tiers a entraîné l'exposition des informations personnelles des clients.Flagstar utilise le fournisseur en question, Fiserv, pour le traitement des transactions et les services de banque mobile.L'avis envoyé vendredi indique que Fiserv est l'une des nombreuses organisations touchées par le mouvement de masse en tête d'affiche [& # 8230;]
Flagstar Bank is notifying customers that a data breach targeting a third-party vendor has resulted in the exposure of personal customer information. Flagstar uses the vendor in question, Fiserv, for transaction processing and mobile banking services. The notice sent out on Friday states that Fiserv is one of the many organisations impacted by the headlining mass MOVEit […] |
Data Breach | ★★ | |
 |
2023-10-10 07:16:32 | Au-delà du statu quo, partie 1: le rôle vital des menaces de renseignement dans la sensibilisation à la sécurité Beyond the Status Quo, Part 1: The Vital Role Threat Intelligence Plays in Security Awareness Education (lien direct) |
Welcome to the first installment of a three-part blog series that is focused on how to inspire engagement in security awareness for both users and practitioners. It will also explore creative techniques you can use to build a security culture that go beyond traditional security awareness training. Cybersecurity Awareness Month is an excellent time to rejuvenate your security awareness program. But how can you sustain the momentum of Cybersecurity Awareness Month beyond October? Try adding threat intelligence to your program. It can personalize and invigorate your curriculum for your users. Integrating threat intelligence into security awareness seems intuitive-and many practitioners claim to do it. But data suggests otherwise. Research Proofpoint conducted for our 2023 State of the Phish report found that while 75% of businesses faced business email compromise (BEC) attacks, a mere 31% trained their users about this threat. This indicates that while many businesses are aware of emerging threats, they struggle to weave this information into their training modules. This blog post delves into best practices for using threat intelligence to raise security awareness with users. It includes insights from a customer session we held during Proofpoint Wisdom 2023 entitled “Utilizing Threat Intel to Design a Program that Works.” During that session, I spoke with Andrew Munson, senior manager of information risk management and governance at McDonald\'s Corporation, and Shaun Holmberg, IT security analyst at Commercial Metals Corporation. Both provided insights into how they infuse threat intelligence into their global security awareness initiatives. Understanding threat intelligence Threat intelligence is the knowledge and analysis of cyber threats and vulnerabilities that can pose a risk to a business. This information includes details about the attack lifecycle, network architecture vulnerabilities and which users are being targeted. The intel should also provide details of the risk level or the consequential impact that a successful cyber attack may have on a business. This information can be gathered from various sources. According to Shaun and Andrew, examples of optimal sources for intelligence are: Research reports. These resources include, but are not limited to: State of the Phish from Proofpoint Verizon\'s Data Breach Investigations Report (DBIR) FBI Internet Crime Report (Internet Crime Complaint Center) Coalition\'s Cyber Claims Report Security feeds. Proofpoint threat intelligence services, Rapid7 and Cyber Reasons are examples of providers of these feeds. Incident reports from products. These reports include Proofpoint Targeted Attack Protection reports, Proofpoint Closed Loop Email Analysis (CLEAR) and other reports related to the penetration testing of a company\'s infrastructure. Why is threat intelligence crucial for a security awareness program? Let\'s dive deeper into this subject using insights from the recent discussion with Andrew and Shaun. Making threat intelligence actionable At McDonald\'s, Andrew works with departments across the globe. Each region has its own requirements and is targeted with threats specific to an office. This is where working with a resource like the Proofpoint threat intelligence service team can create significant benefits for security teams. Andrew described how working with our team gives him an advantage. He said the Proofpoint threat intelligence service team can analyze data across the globe to correlate attacks that may be affecting a single region. For example, they can recognize a targeted attack specific to Germany, which differs from an active attack they\'ve identified targeting Austria. Andrew said he uses this data to build separate simulations that mimic the active attack for each region and launches an auto-enrollment training session tuned to recognizing the attack indicators. He can also provide resources like notifications or informative newsletters, all within the region\'s native l | Ransomware Data Breach Vulnerability Threat Studies | ★★ | |
|
2023-10-09 10:50:15 | DC Board of Elections révèle la violation des données DC Board of Elections Discloses Data Breach (lien direct) |
> Le Conseil des élections du district de Columbia indique que les dossiers des électeurs ont été compromis dans une violation de données au fournisseur d'hébergement Datanet.
>The District of Columbia Board of Elections says voter records were compromised in a data breach at hosting provider DataNet. |
Data Breach | ★★ | |
|
2023-10-09 03:34:20 | Décodage Gestion de la posture de sécurité des données - Séparation de la vérité du mythe Decoding Data Security Posture Management - Separating Truth from Myth (lien direct) |
Les données s'étendent au-delà des environnements, des applications et des limites géographiques.Il est sûr de dire que nous vivons actuellement l'ère du Big Bang of Data.Il stimule les économies et les industries.Les organisations qui peuvent tirer parti des données à leur plein potentiel prennent la tête de leur industrie, ce qui la conduisait sans intérêt.Cependant, avec la prolifération des données, des risques de plus en plus graves pour la sécurité des données et la confidentialité.Prenez, par exemple, la violation de données de 2013 d'un moteur de recherche renommé qui a affecté les données de millions d'utilisateurs.La source de la violation de données était le vol d'identité.À part...
Data is expanding beyond environments, applications, and geographical boundaries. It is safe to say that we are currently experiencing the era of the Big Bang of Data. It is driving economies and industries. Organizations that can leverage data to its fullest potential take the helm of their industry, leading it peerlessly. However, with the proliferation of data comes increasingly serious risks to data security and privacy. Take, for instance, the 2013 data breach of a renowned search engine that affected the data of millions of users. The source of the data breach was identity theft. Apart... |
Data Breach | ★★ | |
|
2023-10-08 10:07:14 | La violation des données de la troisième bancaire Flagstar car 2021 affecte 800 000 clients Third Flagstar Bank data breach since 2021 affects 800,000 customers (lien direct) |
Flagstar Bank avertit que plus de 800 000 clients américains ont fait voler leurs informations personnelles par des cybercriminels en raison d'une violation d'un fournisseur de services tiers.[...]
Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. [...] |
Data Breach | ★★ | |
 |
2023-10-07 14:21:20 | Blackbaud règle 49,5 millions de dollars Blackbaud Settles $49.5 Million Ransomware-Induced Data Breach (lien direct) |
Vos données sont-elles sûres avec les sociétés de logiciels cloud?La société de logiciels cloud Blackbaud a récemment accepté un règlement de 49,5 millions de dollars
Is your data safe with cloud software companies? Cloud software firm Blackbaud has recently agreed to a $49.5 million settlement |
Data Breach Cloud | ★★ | |
|
2023-10-06 14:43:05 | Blackbaud accepte le règlement de 49,5 millions de dollars pour la violation des données des ransomwares Blackbaud agrees to $49.5 million settlement for ransomware data breach (lien direct) |
Le fournisseur de cloud computing Blackbaud a conclu un accord de 49,5 millions de dollars avec les procureurs généraux de 49 États américains pour régler une enquête multi-États sur une attaque de ransomware de mai 2020 et la violation de données qui en résulte.[...]
Cloud computing provider Blackbaud reached a $49.5 million agreement with attorneys general from 49 U.S. states to settle a multi-state investigation of a May 2020 ransomware attack and the resulting data breach. [...] |
Ransomware Data Breach Cloud | ★★ | |
|
2023-10-06 10:37:16 | Le fournisseur de services à but non lucratif Blackbaud régit le cas de violation des données pour 49,5 millions de dollars avec les États Nonprofit Service Provider Blackbaud Settles Data Breach Case for $49.5M With States (lien direct) |
> La société de logiciels de collecte de fonds Blackbaud a accepté de payer 49,5 millions de dollars pour régler les réclamations déposées par les procureurs généraux de 49 États et de Washington, D.C., liés à une violation de données 2020.
>The fundraising software company Blackbaud has agreed to pay $49.5 million to settle claims brought by the attorneys general of 49 states and Washington, D.C., related to a 2020 data breach. |
Data Breach | ★★ | |
|
2023-10-05 20:41:00 | Blackbaud accepte un règlement de 49,5 millions de dollars avec AGS de presque tous les 50 États Blackbaud agrees to $49.5 million settlement with AGs of nearly all 50 states (lien direct) |
Les procureurs généraux de 49 États et de Washington, D.C., ont accepté Un règlement de 49,5 millions de dollars avec la société de logiciels Blackbaud sur une violation de données de 2020 qui a exposé les données sensibles de millions.L'entreprise - qui dessert des organisations à but non lucratif comme des organismes de bienfaisance, des écoles et des agences de santé - a annoncé une attaque de ransomware en juillet 2020 qui impliquait le vol
The attorneys general of 49 states and Washington, D.C., agreed to a $49.5 million settlement with software company Blackbaud over a 2020 data breach that exposed the sensitive data of millions. The company - which serves nonprofits like charities, schools and healthcare agencies - announced a ransomware attack in July 2020 that involved the theft |
Ransomware Data Breach | ★★★ | |
|
2023-10-05 10:00:00 | Gartner a prédit que les API seraient le vecteur d'attaque n ° 1 - deux ans plus tard, est-ce vrai? Gartner predicted APIs would be the #1 attack vector - Two years later, is it true? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Over the last few years, APIs have rapidly become a core strategic element for businesses that want to scale and succeed within their industries. In fact, according to recent research, 97% of enterprise leaders believe that successfully executing an API strategy is essential to ensuring their organization’s growth and revenue. This shift has led to a massive proliferation in APIs, with businesses relying on hundreds or even thousands of APIs to provide their technology offerings, enhance their products, and leverage data from various sources. However, with this growth, businesses have opened the door to increased risk. In 2021, Gartner predicted that APIs would become the top attack vector. Now, two years and a number of notable breaches via APIs later, it’s hard (or rather, impossible) to dispute this. The security trends shaping the API landscape One of the biggest threat vectors when it comes to APIs is that they are notoriously hard to secure. The API ecosystem is constantly evolving, with enterprises producing huge numbers of APIs in a way that’s outpacing the maturity of network and application security tools. Many new APIs are created on emerging platforms and architectures and hosted on various cloud environments. This makes traditional security measures like web application firewalls and API gateways ineffective as they can’t meet the unique security requirements of APIs. For bad actors, the lack of available security measures for APIs means that they are easier to compromise than other technologies that rely on traditional (and secure) architectures and environments. Given that so many businesses have made such a large investment in their API ecosystem and have made APIs so core to their operations, an attack on an API can actually be quite impactful. As such, if a cybercriminal gets access to an API that handles sensitive data, they could make quite a bit of financial and reputational damage. At the same time, many businesses have limited visibility into their API inventory. This means there could be numerous unmanaged and “invisible” APIs within a company’s environment, and these make it increasingly difficult for security teams to understand the full scope of the attack surface, see where sensitive data is exposed, and properly align protections to prevent misuse and attacks. In light of these trends, it’s no surprise then that Salt Security recently reported a 400% increase in API attacks in the few months leading to December 2022. Unfortunately, ensuring that APIs are secured with authentication mechanisms is not enough to deter bad actors. Data shows that 78% of these attacks came from seemingly legitimate users who somehow were able to maliciously achieve proper authentication. At a more granular level, 94% of the report’s respondents had a security issue with their production APIs in the last year. A significant 41% cited vulnerabilities, and 40% noted that they had authentication problems. In addition, 31% experienced sensitive data exposure or a privacy incident — and with the average cost of a data breach currently at $4.45 million, this poses a significant financial risk. Relatedly, 17% of respondents experie | Data Breach Tool Threat Cloud | ★★ | |
|
2023-10-04 14:12:46 | La violation des données Sony via Moveit Vulnerabilité affecte des milliers de personnes aux États-Unis Sony Data Breach via MOVEit Vulnerability Affects Thousands in US (lien direct) |
> Par waqas
La violation des données s'est produite du 28 mai au 30 mai 2023, et les données volées comprenaient "les noms et autres identifiants personnels combinés avec des numéros de sécurité sociale (SSN)."
Ceci est un article de HackRead.com Lire le post original: La violation des données de Sony via la vulnérabilité Moveit affecte des milliers de personnes en nous
>By Waqas The data breach occurred from May 28th to May 30th, 2023, and the stolen data included "names and other personal identifiers combined with Social Security Numbers (SSNs)." This is a post from HackRead.com Read the original post: Sony Data Breach via MOVEit Vulnerability Affects Thousands in US |
Data Breach Vulnerability | ★★ | |
|
2023-10-04 10:00:00 | Le rôle de l'automatisation dans l'atténuation des risques de cybersécurité The role of automation in mitigating cybersecurity risks (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cyberattacks are on the rise around the globe. Recent data suggest that there are 2,200 cyberattacks every day and that the average cost of a data breach is $9.44 million. Of those cyberattacks, 92% are delivered via email in the form of malware and phishing. In 2022 alone, businesses reported 255 million phishing attacks with an average cost of $4.91 million. The sheer scale of cyberattacks today means that human intervention simply isn’t adequate. Instead, cybersecurity specialists must incorporate automation within their wider cybersecurity strategy. Automation can reduce the risk of human error, flag potential threats, and guard against security fatigue. Pros and cons of automation Businesses around the globe use automation to speed up their operational efficiency, decrease risk, and reduce workplace fatigue. This is particularly important in a field like cybersecurity, where constant vigilance and critical thinking are necessary to avoid costly data breaches. However, automation isn’t a silver bullet that eradicates the risk of a cyberattack. Even cutting-edge systems still need to be monitored and updated regularly. Failing to maintain systems may result in flawed security protocols or accidental shutdowns due to false threat detections. That said, the pros of automation far outweigh the cons. An effective automation program can free up staff and boost employee morale. When folks aren’t constantly stressed about threat detection, they can focus on fine-tuning threat intelligence and re-training employees. This minimizes the risk of security fatigue, which may otherwise lead to: Reduced attention during security training Unsafe password practices Ignored software updates Risky behavior online Mitigating security fatigue is in every IT department’s best interest, as failing to adhere to compliance regulations due to fatigue can be extremely costly. Reducing the risk of human error Human error accounts for 88% of all data breaches. This troubling statistic highlights the vulnerability that employees pose and the importance of proper training in the workplace. Data collected by researchers from the University of Stanford found that: 45% of employees cite distraction as the reason why they fell victim to a phishing scam 57% of employees are more likely to be distracted when working from home 43% of respondents say they are most likely to open phishing emails that look legitimate Cloud-based automation systems can reduce the risk of human error and back up existing documents and data. This can help employees limit distraction and ensure that businesses remain operational following a breach. Automated threat detection software shuts down servers following a breach, but employees can still access important files when working on the cloud. Companies looking to reduce the risk of human error can invest | Data Breach Malware Tool Vulnerability Threat | ★★ | |
|
2023-10-04 08:04:49 | Sony confirme la violation des données ayant un impact sur des milliers de personnes aux États-Unis Sony confirms data breach impacting thousands in the U.S. (lien direct) |
Sony Interactive Entertainment (Sony) a informé les employés actuels et anciens et les membres de leur famille au sujet d'une violation de cybersécurité qui exposait des informations personnelles.[...]
Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information. [...] |
Data Breach | ★★ | |
 |
2023-10-04 00:00:00 | Fortune 1000 Cyber Risk Reportkovrrrr \\\'s Fortune 1000 Report tire des motifs de quantification innovante pour fournir aux entreprises une référence pour évaluer les fréquences relatives de cyber-risques et la gravité Fortune 1000 Cyber Risk ReportKovrr\\\'s Fortune 1000 report leverages our innovative quantification models to provide companies with a benchmark for gauging relative cyber risk frequencies and severitiesRead More (lien direct) |
Executive SummaryThe growing rate of global cyber events, throughout all industries, has elevated cybersecurity governance to the forefront of corporate concern. Indeed, this rising prevalence spurred the US Securities and Exchange Commission (SEC) in July 2023 to mandate the disclosure of "material" cyber threats and incidents, albeit within a framework of somewhat ambiguous materiality definitions. Â This report leverages Kovrrâs risk quantification models to highlight the likely occurrence and relative costs of âmaterialâ cyber incidents companies might experience in the coming year, potentially eliciting consequences significant enough for SEC disclosures. Ultimately, Kovrr aims to provide insights for those companies seeking a deeper understanding of the types of cyber events and their respective financial impacts that are most likely to be disclosed in the coming years.MethodologyThe results of this report were determined via a comprehensive benchmarking exercise, using the US Fortune 1000 companies as the sample set due to the companies\' diverse range of industries. Kovrr\'s models capture a detailed representation of each company\'s technological profile and simulate yearly cyber event scenarios tailored to each companyâs exposure to risk. âThe models reveal âmaterialâ incidents in the form of data breaches, extortions, interruptions, and service provider events1. This report defines materiality as an interruption incident lasting over one hour or an incident where confidential data is breached. Smaller, non-material incidents are grouped and modeled in aggregate.âKovrrâs models produce an assessment of the likely frequency and severity of cyber breaches experienced by Fortune 1000 companies, harnessing our industry insights from previously disclosed breaches, insurance claims data, and incidents that have not been publicly disclosed.----1Event incidents (data breaches, extortions, interruptions, and service provider events) are defined at the end of the report.âKey FindingsCyber Risk Across All IndustriesThe Oil, Gas Extraction, and Mining sector exhibits the highest probability of experiencing a material cyber event, with a frequency of 0.82 events per year (or approximately one material event every 1.2 years). However, the anticipated financial impact remains relatively modest, with a median cost of $28m. In contrast, the Utilities and Infrastructure industry faces a cyber event frequency of 0.62 events per year and a substantial financial impact of $57.9m.Annual Cost ScenariosAverage Annual Loss (AAL), which combines event frequency and cost across the full range of possibilities, allows us to compare the overall risk between industries. The Finance and Real Estate industry has the highest AAL at $34.3m, owing to the substantial financial ramifications of infrequent but high-impact events. Conversely, the Construction industry has the lowest AAL at $7.3m , indicative of its relatively lower exposure to cyber risk.Event DriversThe cyber event types reviewed in this report were interruptions, third-party service provider incidents, extortion events, and data breaches. The report reveals that interruption events are prevalent across industries. Also notably, the Retail Trade industry faces an annual frequency of 0.47 for data breaches (or approximately one material incident every 2 years), while the Finance and Real Estate sector follows closely with 0.42, underscoring their heightened exposure to data-centric cyber incidents.Cost DriversHighly regulated industries, notably Finance and Retail Trade, record the highest median costs per cyber event, totaling $70.5M, due to their extensive accumulation of PII. Third-party liability, regulatory compliance, and productivity loss augment the financial impact. The report also breaks down these costs further according to event type.Secondary Loss ConsiderationsWhile the primary financial impact is evident almost immediately, secondary losses often extend widely | Ransomware Data Breach Threat Studies | ★★★ | |
|
2023-10-03 13:00:00 | L'importance de l'infrastructure comme code (IAC) lors de la sécurisation des environnements cloud The importance of Infrastructure as Code (IaC) when Securing cloud environments (lien direct) |
> Selon le rapport de la menace des données de Thales 2023, 55% des organisations subissant une violation de données ont rapporté & # 8220; Erreur humaine & # 8221;comme cause principale.Ceci est encore aggravé par les organisations confrontées à des attaques de cybercriminels de plus en plus sophistiqués avec une large gamme d'outils automatisés.Alors que les organisations déplacent davantage leurs opérations vers le cloud, elles [& # 8230;]
>According to the 2023 Thales Data Threat Report, 55% of organizations experiencing a data breach have reported “human error” as the primary cause. This is further compounded by organizations now facing attacks from increasingly sophisticated cyber criminals with a wide range of automated tools. As organizations move more of their operations to the cloud, they […] |
Data Breach Threat Cloud | ★★ | |
|
2023-10-02 14:31:51 | L'Institut européen des télécommunications révèle la violation des données European Telecommunications Standards Institute Discloses Data Breach (lien direct) |
> Les pirates ont volé une base de données contenant la liste des utilisateurs en ligne de l'Institut de télécommunications européennes. .
>Hackers stole a database containing the list of the European Telecommunications Standards Institute\'s online users. |
Data Breach | ★★★ | |
|
2023-10-02 11:10:35 | Motel One révèle la violation des données après une attaque de ransomware Motel One discloses data breach following ransomware attack (lien direct) |
Le groupe Motel One a annoncé qu'il avait été ciblé par des acteurs de ransomwares qui ont réussi à voler certaines données clients, y compris les détails de 150 cartes de crédit.[...]
The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer data, including the details of 150 credit cards. [...] |
Ransomware Data Breach | ★★ | |
 |
2023-09-28 20:19:36 | L'industrie pharmaceutique constate une réduction des coûts de violation des données, mais a encore beaucoup à faire Pharma Industry Seeing Reduction in Data Breach Costs, But Still Have Much to Do (lien direct) |
Data Breach | ★★★ | ||
 |
2023-09-27 15:03:20 | Les groupes de ransomwares réclament la violation des données Sony Ransomware Groups Claim Sony Data Breach (lien direct) |
> Récemment, Sony, un grand nom dans la technologie et le divertissement, s'est retrouvé au centre d'une situation déroutante où pas un, mais deux groupes de pirates différents ont tous dit que c'était eux qui ont réussi une cyberattaque dans l'entreprise.Un groupe de piratage nouvellement émergé connu sous le nom de RansomEdvc a affirmé avoir infiltré tout & # 8230;
>Recently, Sony, a big name in both tech and entertainment, found itself at the center of a confusing situation where not one, but two different hacker groups each said they were the ones who pulled off a cyberattack on the company. A newly emerged hacking group known as RansomedVC claimed to have infiltrated all of … |
Ransomware Data Breach | ★★ | |
|
2023-09-27 14:50:56 | La violation des données d'Arriva \\: ce que vous devez savoir et comment vous protéger Arriva\\'s Data Breach: What You Need to Know and How to Protect Yourself (lien direct) |
Dans le dernier épisode de violation de données néerlandais, Arriva, une grande société de transport, a connu une violation de données affectant 195 000 clients.
In the latest Dutch data breach episode, Arriva, a major transport company, has experienced a data breach affecting 195,000 customers. |
Data Breach | ★★★ | |
|
2023-09-27 13:00:00 | Coût d'une violation de données 2023: ventilation géographique Cost of a data breach 2023: Geographical breakdowns (lien direct) |
> Des violations de données peuvent se produire partout dans le monde, mais elles sont historiquement plus courantes dans des pays spécifiques.En règle générale, les pays ayant une forte utilisation d'Internet et des services numériques sont plus sujets aux violations de données.À cette fin, le coût de l'IBM d'un rapport de violation de données 2023 a examiné 553 organisations de différentes tailles dans 16 pays et géographiques [& # 8230;]
>Data breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data Breach Report 2023 looked at 553 organizations of various sizes across 16 countries and geographic […] |
Data Breach | ★★★ | |
|
2023-09-27 11:58:08 | Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost (lien direct) | Netwrix a interrogé plus de 1 600 professionnels de l'informatique et de la sécurité dans le monde entier pour révéler comment leurs organisations réduisent l'impact financier d'une violation de données via une police de cyber-assurance.Selon l'enquête, 44% des organisations sont assurées et 15% prévoient d'acheter une police dans les 12 prochains mois.Avant de se voir offrir une politique, [& # 8230;]
Netwrix has surveyed more than 1,600 IT and security professionals worldwide to reveal how their organisations reduce the financial impact of a data breach via a cyber insurance policy. According to the survey, 44% of organisations are insured and 15% plan to purchase a policy within the next 12 months. Before being offered a policy, […] |
Data Breach | ★★★ |
To see everything:
