What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-01-29 11:53:00 | Episode 2: Three things that keep Biogen CISO Bob Litterer up at night (lien direct) | Bob Litterer, VP and CISO of biotech giant Biogen, isn't a worrier at heart, but there are a few things that keep him up at night. High on that list is the interdependencies in his company's third-party network; a data breach anywhere in that ecosystem could have a devastating ripple effect. Also topping Litterer's list of worries are the exposed underbelly of operational technology and cloud sprawl, which can leave organizations with more exposure than they may realize. | Data Breach | ||
 |
2020-01-23 10:43:19 | UPS Store Subject to a Data Breach After Phishing Scam (lien direct) | In a data breach notification letter to customers, The UPS Store has disclosed that an unauthorized party successfully devised a phishing scheme to gain entry into the email accounts of numerous store locations. The breach exposed information contained within documents that customers emailed to stores for printing and related services, the San Diego-based subsidiary of UPS explained […] | Data Breach | ||
 |
2020-01-22 13:55:19 | Microsoft data breach exposes 250 million customer service and support records (lien direct) | Red faces at Microsoft after a security researcher discovered an internal customer support database had been left exposed for anyone on the internet to access – no password required. | Data Breach | ||
 |
2020-01-21 13:31:57 | US-based children\'s clothing maker Hanna Andersson discloses a data breach (lien direct) | The US-based children’s clothing maker Hanna Andersson has disclosed a data breach that affected its customers. The US-based children’s clothing maker and online retailer Hanna Andersson discloses a data breach, attackers planted an e-skimmer on its e-commerce platform. Like other Magecart attacks, crooks compromised the online store and injected a JavaScript code into checkout pages to […] | Data Breach | ||
 |
2020-01-21 12:23:39 | Mitsubishi Electric Confirms Major Data Breach – Expert Commentary (lien direct) | Mitsubishi Electric released a statement today confirming that the company was hit by a data breach dating back to late June last year. It's speculated that the cyberattack is linked to a Chinese cyber-espionage group, Tick (or Bronze Butler), that is well-known for targeting Japan over the past few years. The unauthorized access was tracked … The ISBuzz Post: This Post Mitsubishi Electric Confirms Major Data Breach – Expert Commentary | Data Breach | ||
|
2020-01-21 11:30:42 | Expert On Breach: Regus Sales Staff Data Exposed After Huge Data Breach (lien direct) | Job performance details about more than 900 employees of a major office-space provider have been published online by accident after a staff review. Sales staff at Regus had been recorded showing researchers posing as clients around office space available to rent. Information about the employees was later published on Trello, a task-management website, and a … The ISBuzz Post: This Post Expert On Breach: Regus Sales Staff Data Exposed After Huge Data Breach | Data Breach | ||
 |
2020-01-20 12:17:09 | GDPR Regulators Have Imposed $126M in Fines Thus Far, Finds Survey (lien direct) | A new survey found that regulators have thus far imposed $126 million worth of fines for data breaches and other GDPR infringements. According to DLA Piper’s GDPR Data Breach Survey, data protection regulators imposed €114 million (about US$126 million / £97 million) in GDPR-related fines between May 25, 2018 and January 27, 2020. The international […]… Read More | Data Breach | ||
|
2020-01-17 10:05:15 | Law enforcement seized WeLeakInfo.com for selling access to data from data breaches (lien direct) | The FBI has seized the WeLeakInfo.com websites for selling subscriptions to data that were exposed in data breaches. WeLeakInfo.com is a data breach notification service that allows its customers to verify if their credentials been compromised in data breaches. The service was claiming a database of over 12 billion records from over 10,000 data breaches. […] | Data Breach | ||
|
2020-01-16 10:02:01 | Customer account information in P&N Bank data breach (lien direct) | On Wednesday, a security researcher going under the Twitter handle @vrNicknack pinged Troy Hunt, the operator of the Have I Been Pwned? search engine, with a notice he had received from the bank. P&N Bank, a division of Police & Nurses Limited and operating in Western Australia, sent the notice which warned of an “information breach” occurring through its […] | Data Breach | ||
 |
2020-01-15 18:00:00 | 2017 Data Breach Will Cost Equifax at Least $1.38 Billion (lien direct) | Company agrees to set aside a minimum of $380.5 million as breach compensation and spend another $1 billion on transforming its information security over the next five years. The 147 million US consumers affected by the breach have one week from today to file a claim. | Data Breach | Equifax | |
|
2020-01-15 15:48:15 | PussyCash adult webcam data breach exposes highly sensitive data of models (lien direct) | You may have been expecting to reveal a lot by signing up as an adult webcam model, but I doubt this is quite what you had in mind. | Data Breach | ★★★★★ | |
|
2020-01-15 15:38:19 | P&N Bank data breach may have impacted 100,000 West Australians (lien direct) | P&N Bank discloses data breach, customer account information, balances exposed The Australian P&N Bank is notifying its customers a data breach that has exposed personally identifiable information (PII) and sensitive account data. P&N Bank, a division of Police & Nurses Limited and operating in Western Australia, suffered a data breach and is reporting the incident […] | Data Breach | ||
 |
2020-01-14 15:29:09 | IT Asset Disposition (ITAD) is the Slow Motion Data Breach Nobody notices (lien direct) | Efforts to wall off sensitive corporate and government data from foreign adversaries have a gaping hole: IT asset disposition (ITAD), where vendors - many owned by Chinese firms - process discarded hardware and data with little oversight. The post IT Asset Disposition (ITAD) is the Slow Motion Data Breach Nobody notices | Data Breach | ||
|
2020-01-14 04:00:28 | Developing a Data Protection Compliance Program – Verizon\'s 9-5-4 Model (lien direct) | In a previous post, I wrote about my key take-aways from Verizon's 2019 Payment Security Report. While it’s no surprise it was full of interesting and useful data, (Verizon's yearly Data Breach Investigation Report (DBIR) has become required reading.) I was delighted to find an excellent guide on the the 9-5-4 model, a means by […]… Read More | Data Breach | ||
 |
2020-01-13 14:00:00 | How to identify phishing emails and what to do (lien direct) |
Note:This blog was written by an independent guest blogger.
Phishing scams remain one of the most widespread cybercrimes. A phishing scam can be as simple as getting someone to click on a link, attachment, or a picture of cute kittens. I recently received a spam email with the message:
“Old friends post embarrassing pictures of Jason Nelson online; click here to see.”
Seeing my name in the body or subject line of an email is alarming. That is why scammers word these emails this way. They want to alarm you, and in your rush to defend yourself, click the link to see the pictures.
Similar to extortion emails that claim to have videos of “compromising” situations or screen recordings of users on adult websites. These emails work on our fear of embarrassment, rejection, or ruin to get us to let down our guard.
Do not click on anything in these emails. Delete, Delete, DELETE.
But, it does beg the question, where do these emails come from, who is sending them? In this article, we will be looking at the phishing phenomenon and what options we have to defend ourselves.
According to a 2018 report from statistics website Statista, at 11.69%, the majority of spam emails originated in China. But before we in the U.S. pat ourselves on the back, the second-largest amount of spam emails came from the United States at 9.04%.
Since 2018, many of these scams demand some form of a cryptocurrency payment. In an October 8, 2019 report, the cybersecurity company Cofense said that phishing scams are changing their tactics and moving from Bitcoin to one of the so-called altcoins like Litecoin or Monero.
So how do these scammers get our emails? One way and most likely is lax security protocols or a data breach at a service or email provider. HaveIbeenPwned is a website that can help you see if your email is on a compromised site.
But there are other ways as well, including email addresses sold to the highest bidder. A way to minimize our risk of phishing scams is to be mindful of and limit the websites we provide our emails. Also, use a password manager to create more complex passwords. BitWarden, 1Password, and Dashlane are good options.
When deciding on an email address, avoid using your name and or some specific data. For example, janedoe1980@email.com - try to avoid using your actual name and actual year of birth or the last four of your social (for U.S. Citizens).
There is no way to be 100% safe online, but at least we can make it that much harder for cybercriminals.
So let’s look at some steps we can take to protect ourselves from phishing and scam emails:
Check the sender address, even if the message seems legitimate, look at the sending address, if it looks odd, it’s probably spam.
Does the email ask you to click on a link or attachment? Again check the sender address and the rest of the email for anything out of the ordinary.
Did you receive the email out of the blue? A long lost relative is trying to send you money? Delete.
Does the email contain several misspelled words? It could be a phishing email.
Does the email contain some threat (embarrassment, prosecution for example) it’s more than likely a phishing scam.
Lastly, if the email appears to be from someone you know or an organization you do business with, call that person (not from a number on the email) and verify they sent the email. Law Enforcement and the IRS are not known for sending threatening |
Data Breach Spam Threat | ||
 |
2020-01-10 11:57:25 | Man jailed for using data breach info leaks to claim over $12 million in IRS tax refunds (lien direct) | Information leaked due to data breaches was used to file fraudulent tax returns. | Data Breach | ||
|
2020-01-09 14:37:42 | Las Vegas Data Breach Announced Amid Warnings Of Iranian Cyber Threat (lien direct) | A data breach in Las Vegas comes amid tensions with Iran and a warning from homeland security of quote “potentially disruptive and destructive” Iranian cyber operations. The city released the following statement to News 3: The city of Las Vegas experienced a cyber compromise at 4:30 a.m. PST Tuesday. The city's Information Technologies Department is … The ISBuzz Post: This Post Las Vegas Data Breach Announced Amid Warnings Of Iranian Cyber Threat | Data Breach Threat | ||
|
2020-01-09 13:47:00 | Eliminate the Password, Eliminate the Password Problem. (lien direct) | Weak, stolen or reused passwords are the root of 8 in 10 data breaches. Fixing the data breach problem means abandoning passwords for something more secure. But what does passwordless authentication even look like? Yaser Masoudnia, the Senior Director Product Management, Identity Access Management, at LogMeIn* takes us there. The post Eliminate...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/615424460/0/thesecurityledger -->» | Data Breach | ||
|
2020-01-09 12:04:33 | Travelex customers left in cashless limbo, ICO not formally alerted to data theft claims (lien direct) | The ransomware attack has infuriated stranded customers and the ICO has still not seen an official data breach report. | Ransomware Data Breach | ||
|
2020-01-07 11:15:02 | Expert On News: Crypto Exchange Poloniex Forces Password Reset Following Data Breach (lien direct) | A cryptocurrency exchange has been forced to reset customer passwords after a suspected data leak via social media, although its incident response efforts caused more confusion among some users. US-based exchange Poloniex informed around 1% of its customer base that they had to reset their log-ins, following a tweet claiming to contain a list of … The ISBuzz Post: This Post Expert On News: Crypto Exchange Poloniex Forces Password Reset Following Data Breach | Data Breach | ||
|
2020-01-07 06:28:27 | HappyHotel, popular search engine for love hotels in Japan discloses data breach (lien direct) | HappyHotel, a Japanese search engine used to find and book rooms in “love hotels,” announced to have suffered a security breach in December. HappyHotel is a popular Japanese search engine for “love hotels,” it is used by married couples and unfaithful spouses, it allows users to book rooms in love hotels in Japan. Almex, the […] | Data Breach | ||
|
2020-01-06 09:15:31 | School software provider Active Network discloses data breach (lien direct) | The US-based School management software provider Active Network disclosed a severe security breach last week. Active Network provides web-based school management software for K-12 schools and districts, last week it announced to have suffered a major security breach. The hackers gained access to Blue Bear, a cloud school accounting software customized especially for K-12 schools and […] | Data Breach | ||
|
2020-01-02 10:03:51 | Active Network, A School Software Vendor, Suffers Data Breach (lien direct) | Active Network's Blue Bear Software platform reported that unauthorized activity in its network earlier this year resulted in customer PII being exposed. The company reported the issue to the California Attorney General's office stating it recently became aware that between Oct. 1, 2019 and Nov. 13, 2019 there was illegal activity taking place on its Blue Bear […] | Data Breach | ||
|
2019-12-26 03:00:00 | What is Magecart? How this hacker group steals payment card data (lien direct) | Magecart definition Magecart is a consortium of malicious hacker groups who target online shopping cart systems, usually the Magento system, to steal customer payment card information. This is known as a supply chain attack. The idea behind these attacks is to compromise a third-party piece of software from a VAR or systems integrator or infect an industrial process unbeknownst to IT. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-12-20 15:53:01 | Expert Comment: Gaming Site Nexus Mods Discloses Data Breach (lien direct) | In response to the news that gaming modification site Nexus Mods disclosed a data breach, a cybersecurity expert offers perspective. The ISBuzz Post: This Post Expert Comment: Gaming Site Nexus Mods Discloses Data Breach | Data Breach | ||
 |
2019-12-20 02:05:48 | Hackers Stole Customers\' Payment Card Details From Over 700 Wawa Stores (lien direct) | Have you stopped at any Wawa convenience store and used your payment card to buy gas or snacks in the last nine months?
If yes, your credit and debit card details may have been stolen by cybercriminals.
Wawa, the Philadelphia-based gas and convenience store chain, disclosed a data breach incident that may have exposed payment card information of thousands of customers who used their cards at |
Data Breach | ||
|
2019-12-19 07:05:00 | (Déjà vu) Learn how to be an ethical hacker with this $39 in-depth training bundle (lien direct) | It seems like there's a new data breach every month, and as hackers ramp up their efforts to steal our private info, it's only natural to feel afraid. What can you do to fight back? Oddly enough, the best way to prevent cybersecurity attacks is by fighting fire with fire. As an ethical hacker, you can make a living by exploiting cybersecurity vulnerabilities, and this $39 bundle will show you how. | Data Breach | ||
|
2019-12-18 12:43:45 | (Déjà vu) Lab test provider LifeLabs disclose a data breach that exposed personal info of 15M customers (lien direct) | Lab test provider LifeLabs has disclosed a data breach that exposed personal information for up to 15 million Canadians. Lab test provider LifeLabs announced that personal information for up to 15 million Canadians have been exposed after an unauthorized user gained access to their systems. LifeLabs notified its customers via letter, exposed data includes names, […] | Data Breach | ||
|
2019-12-18 07:18:05 | LifeLabs Paid Hackers to Recover Stolen Medical Data of 15 Million Canadians (lien direct) | LifeLabs, the largest provider of healthcare laboratory testing services in Canada, has suffered a massive data breach that exposed the personal and medical information of nearly 15 million Canadians customers.
The company announced the breach in a press release posted on its website, revealing that an unknown attacker unauthorizedly accessed its computer systems last month and stole customers |
Data Breach | ||
|
2019-12-17 21:26:43 | LifeLabs pays hackers to recover data of 15 million customers (lien direct) | Data breach took place in early November, and hackers also gained access to 85,000 laboratory test results. | Data Breach | ||
 |
2019-12-17 16:22:31 | LifeLabs Data Breach Exposes Personal Info of 15 Million Customers (lien direct) | Canadian clinical laboratory services provider LifeLabs has announced a data breach that exposed the personal information for up to 15 million Canadians after an unauthorized user gained access to their systems. [...] | Data Breach | ||
|
2019-12-16 01:07:00 | Should cities pay a ransomware demand? (lien direct) | UPDATE: In a “ripped from the headlines” moment, we have real world confirmation of the growing risk discussed in this article. Breaking news over the weekend revealed that both the city of New Orleans and New Jersey's largest hospital network are in the midst of dealing with serious ransomware attacks. When you hear about data breaches and cyberattacks in the news, it's usually in connection with a large company and has affected users across the globe. But that gives the impression that hackers only target huge enterprises when planning their next attack. The truth is just the opposite. Because small organizations, like city and town governments, are forced to work with tight IT budgets but still need to comply with all rules and regulations, they often can't afford to hire cybersecurity experts or invest in expensive software solutions. Hackers know this and focus their efforts on trying to compromise their systems to profit from the damage. In this article, we'll look specifically at the trend of ransomware and how organizations should respond when they are attacked. How ransomware works When a data breach occurs, hackers often seize stolen information from a back-end system and look to sell it on the dark web. But more recently, cybercriminals have realized that they can make money without having to execute a transaction at all. They simply need to hold the stolen data as ransom. Ransomware attacks can begin through a number of different means. Hackers may infiltrate a government's network through social engineering, a phishing scam, or by finding a flaw in access controls. Once inside, they will deploy a form of malware that encrypts all of the files on a local hard drive so that users cannot open, access, or transfer them. These pieces of malware are evolving all the time, which makes it tough for antivirus tools to keep up. For the individuals working in the office, they'll typically see a suspicious screen appear telling them that they have fallen victim to ransomware. The hackers will set a specific financial amount, usually in Bitcoin, to be paid in exchange for releasing the lock on the files. Ransomware isn’t just limited to private companies, public medical infrastructure are common targets of these kinds of attacks. Some companies allow employees to work from home, one access from an unprotected home device that has spy malware installed unknowingly puts the company at risk. Outdated technology is another huge issue. Public hospital systems operate on outdated technology with antiquated data protection software. Even third-party appointment setting software can be targeted to gain access to private health care record and patient databases. The risks of paying Municipal governments rely on their IT systems to sustain operations on a daily basis. Losing access to a server or database can bring everything to a standstill and hurt the citizens who rely on government services. So in the event of a ransomware attack, it's understandable that the organization would seek to resolve the issue quickly, by whatever means necessary, to | Ransomware Data Breach Malware Vulnerability | ||
|
2019-12-05 14:40:56 | Security Expert On Sweaty Betty\'s eCommerce Data Breach (lien direct) | Experts commented below on Sweaty Betty's data breach caused by cyber-criminals inserting malicious code into its eCommerce website to capture customer card details during the checkout process. The ISBuzz Post: This Post Security Expert On Sweaty Betty’s eCommerce Data Breach | Data Breach | ||
|
2019-12-05 14:13:10 | Security Expert On Nebraska Medicine\'s Insider Data Breach (lien direct) | It is being reported that Nebraska Medicine's data breach caused by former employee accessing sensitive patient data. The demographic information of patients that may have been exposed includes names, dates of birth, medical record numbers, Social Security numbers, driver’s license numbers, and clinical information. Hospital network Nebraska Medicine has disclosed a data #breach after a … The ISBuzz Post: This Post Security Expert On Nebraska Medicine’s Insider Data Breach | Data Breach | ||
|
2019-12-05 14:00:00 | SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit (lien direct) | Assessments can be used against your company in court proceedings. Here's how to mitigate this potential risk. | Data Breach | ||
|
2019-12-05 10:58:16 | Security concerns going into 2020 (lien direct) | 2019 has been the year of the data breach with over 10 billion records estimated to have been leaked. The news headlines have been flooded with unfortunate attacks with enterprises on both sides of the Atlantic suffering. Whether it's ransomware, phishing or endpoint attacks, there's always something on the horizon waiting for its turn in the spotlight. Yet, with 2020 now on our doorstep, cyber security professionals are concerned with what new threat vectors may lie around the corner as we enter the next decade, especially with new legislation becoming enforced. | Data Breach Threat | ||
|
2019-12-04 04:00:06 | Verizon\'s 2019 Payment Security Report – Not Just for PCI (lien direct) | If you are responsible for cybersecurity or data protection in your organization, stop what you are doing and read this report. Actually, first, go patch your servers and applications and then read this report. Much like Verizon's Data Breach Investigations Report (DBIR), the Payment Security Report (PSR) is a must-read for security professionals. While it […]… Read More | Data Breach | ||
|
2019-11-29 09:58:37 | Major data breach hits Palo Alto Networks (lien direct) | The cybersecurity firm Palo Alto Networks has admitted that it suffered a data breach which resulted in the personal data of both past and current employees being leaked online. Business Insider, who broke the story, was first made aware of the breach by a former employee of the company that wished to remain anonymous. Source: Tech Radar | Data Breach | ||
|
2019-11-29 09:54:57 | (Déjà vu) DiBella\'s data breach affecting 305,000 cards occurred because of Fin7 (lien direct) | Fifteen months after DiBella's Old Fashioned Submarines was notified by the FBI and credit card companies of a data breach the sandwich shop chain has issued a notice informing its customers of the incident. The company reported its stores in Connecticut, Indiana, Michigan, Ohio, New York and Pennsylvania may have had the information on as […] | Data Breach | ||
|
2019-11-29 08:35:32 | Palo Alto Networks employee data breach highlights risks posed by third party vendors (lien direct) | The personal details of some past and present Palo Alto Networks employees – their names, dates of birth and social security numbers – have been exposed online. But is it really the company’s fault? Read more in my article on the Bitdefender Business Insights blog. | Data Breach | ||
|
2019-11-28 09:54:39 | 305,000 cards affected by Fin7 in DiBella\'s data breach (lien direct) | Fifteen months after DiBella's Old Fashioned Submarines was notified by the FBI and credit card companies of a data breach the sandwich shop chain has issued a notice informing its customers of the incident. The company reported its stores in Connecticut, Indiana, Michigan, Ohio, New York and Pennsylvania may have had the information on as […] | Data Breach | ||
|
2019-11-27 18:56:21 | Magento Marketplace Suffers Data Breach Exposing Users\' Account Info (lien direct) | If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately.
Adobe-the company owning Magento e-commerce platform-today disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals. |
Data Breach | ||
|
2019-11-26 14:55:00 | On the Border Warns of Data Breach (lien direct) | Malware on a payment system could have stolen credit card info from customers in 28 states, according to the company. | Data Breach Malware | ||
|
2019-11-26 09:48:50 | Customer Data Exposed by PoS Malware of at Catch Restaurants (lien direct) | A newly announced data breach of several popular Catch restaurants stemmed from malware on its point-of-sale (PoS) systems. Popular NYC restaurants Catch NYC, Catch Roof and Catch Steak discovered and removed malware on their point-of-sale (PoS) systems - but not before it exposed credit-card information from unknowing diners. Source: Threat Post | Data Breach Malware Threat | ||
|
2019-11-25 15:15:00 | T-Mobile Prepaid Hit by Significant Data Breach (lien direct) | The breach, estimated to have affected more than a million customers, came from malicious external actors. | Data Breach | ★★★ | |
|
2019-11-25 09:46:16 | T-Mobile prepaid accounts data breach (lien direct) | Wireless communications company T-Mobile has disclosed a data breach incident that impacts certain customers with pre-paid service accounts. “Our cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account. We promptly reported this to authorities,” stated a notification that the Germany-based company posted online. Source: SC Magazine | Data Breach | ||
 |
2019-11-24 17:31:50 | More Than 1 million T-Mobile Customers Exposed By Data Breach (lien direct) | T-Mobile on Thursday admitted that its cybersecurity team had discovered and shut down the data breach that allowed unauthorized access to prepaid accounts of its customers. The incident has been reported to the authorities. According to the mobile carrier company, none of the customers’ financial info, social security numbers, and passwords were compromised in the data […] | Data Breach | ||
|
2019-11-24 13:05:59 | OnePlus Data Breach: Customers\' Phone Number, Email And Address Exposed (lien direct) | OnePlus, the popular Chinese smartphone maker, in a recent blog post announced that its security team has discovered a data breach on its website that allowed “unauthorized party” to access some customers’ order information. The customers' order information included access to customers' names, contact numbers, emails, and shipping addresses. However, the hackers were unable to […] | Data Breach | ||
|
2019-11-23 11:22:51 | Chinese smartphone vendor OnePlus discloses a new data breach (lien direct) | Chinese smartphone vendor OnePlus has suffered a new data breach, according to a company’s notice hackers accessed customers’ order information. OnePlus disclosed a data breach, an “unauthorized party” accessed some customers' order information, including names, contact numbers, emails, and shipping addresses. “We want to update you that we have discovered that some of our users’ […] | Data Breach | ||
|
2019-11-22 22:52:54 | OnePlus Suffers New Data Breach Impacting Its Online Store Customers (lien direct) | Chinese smartphone maker OnePlus has suffered a new data breach exposing personal and order information of an undisclosed number of its customers, likely, as a result of a vulnerability in its online store website.
The breach came to light after OnePlus started informing affected customers via email and published a brief FAQ page to disclose information about the security incident.
According |
Data Breach Vulnerability |
To see everything:
Our RSS (filtrered)
