What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-12 13:20:49 | Insecure password leads to Mangatoon data breach (lien direct) | Popular comics site Mangatoon has been breached due to a poorly secured database. | Data Breach | ||
 |
2022-07-12 08:12:36 | Marriott Hotels Repeat Hack Proves Businesses Still Way Behind On Cybersecurity (lien direct) | Marriott Hotels has been the victim of a third data breach in four years, according to reports. It is clear that today’s businesses are way off the mark when it comes to responsible resilience against cyber threats – especially in preventing repeat attacks. | Data Breach Hack Threat | ||
 |
2022-07-11 10:00:00 | 5 Common blind spots that make you vulnerable to supply chain attacks (lien direct) | This blog was written by an independent guest blogger. Over the past several years, hackers have gone from targeting only companies to also targeting their supply chain. One area of particular vulnerability is company software supply chains, which are becoming an increasingly common method of gaining access to valuable business information. A study by Gartner predicted that by 2025, 45% of companies will have experienced a supply chain attack. Supply chain attacks can come in various ways, whether by malicious code injected into enterprise software or vulnerabilities in software your company uses. To mitigate this risk, companies must learn about the methods used to execute attacks and understand their company’s blind spots. This article will look at 5 recent software supply chain attacks and how third-party partners can pose a security risk to your company. We’ll make recommendations for how to secure your business against supply chain attacks and how you can engage in early detection to respond to threats before they take down your enterprise. What is a software supply chain attack? The CISA or US Cybersecurity and Infrastructure Security Agency defines a software supply chain attack as an attack that “occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers. The compromised software then compromises the customer’s data or system.” A software supply chain includes any company you purchase software from and any open-source software and public repositories from which your developers pull code. It also includes any service organizations that have access to your data. In the aggregate, all of these different suppliers exponentially increase the surface area of a potential attack. Software supply chain attacks are particularly dangerous because the software supply chain acts as an amplifier for hackers. This means that when one vendor is impacted, hackers can potentially reach any of their customers, giving them greater reach than if they attacked a single target corporation. Two primary reasons contribute to the danger, according to CISA: Third-party software products usually require privileged access; They often require frequent communication between the vendor’s own network and the vendor’s software on customer networks. Attackers leverage privileged access and a privileged network access channel as their first point of access. Depending on the level of available access, attackers can easily target many devices and levels of an organization. Some industries, like healthcare, are of particular vulnerability because they possess huge volumes of patient data subject to strict compliance regulations and laws. Five major supply chain attacks In recent memory, software supply chain attacks have gathered increased attention from the public because of how damaging they can be to a company and its reputation. The Log4j vulnerability demonstrated just how vulnerable companies can be to relying on third-party software, for example. Other high-profile attacks like the SolarWinds SUNBURST attack and Kaseya VSA (REvil) attack also provided painful reminders of how damaging supply chain attacks can be. The SolarWinds SUNBURST backdoor On December 13th, 2020, the SUNBURST backdoor was first disclosed. The attack utilized the popular SolarWinds Orion IT monitorin | Ransomware Data Breach Vulnerability Threat Patching | Solardwinds | |
 |
2022-07-11 00:00:00 | Why Hackers Love Credentials: Parsing Verizonâs 2022 Breach ReportWith CRQ, itâs possible to make decisions about how much of a priority to place on credential risk, and plan a budget accordingly.Read More (lien direct) | The 2022 Verizon Data Breach Investigations Report (DBIR), the fifteenth such report in as many years, leads off with a startling statistic: Credentials are the number one overall attack vector hackers use in data breaches. Use of stolen credentials accounts for nearly half the breaches studied by Verizon, far ahead of phishing and exploit vulnerabilities, which account for 19% and 8% of attacks, respectively. Botnets, the fourth most common entry path for hackers, represent a mere 1% of attacks.Credentials are the number one attack vector in several categories of attack covered in the report. In cases of web application attacks, for example, Verizon research attributes over 80% of attacks attributed to stolen credentialsâsurpassing exploited vulnerabilities and brute force attacks, which occur in fewer than 20% of cases. Forty three percent of Business email compromise (BEC) involve the use of stolen credentials as the way into the target organization.Why credentials are such a popular targetIf youâre a hacker, stealing user credentials makes a great deal of sense. After all, with valid credentials, you can legitimately gain access to networks and applications. Thereâs not a lot of hacking to do. You just log in like you belong there. Once youâre in, you enjoy the same system privileges as the user whose log in you have swiped. If that user is an administrator, all the better. You can modify systems, delete data, create new user accounts and on and on.Additionally (and unfortunately), legitimate user credentials are not that hard to get. In some cases, hackers donât even have to engage in elaborate cyberattacks to get their hands on them. They can just buy them on the dark web. For not a lot of money, a low-skilled hacker can purchase real, current credentials for corporate system users.âââThe scale of the credential vulnerabilityAccording to the Verizon report, credentials are not just a popular mode of attack. They are also among the most commonly breached forms of data. In system intrusion attacks, for example, credentials are the number one type of data compromised, targeted in 42% of attacks. In social engineering attacks, credentials are also the most popular targets, stolen in 63% of breaches.Of course stolen credentials are scary, but what are the true costs behind these types of attacks? Analysis of data from Kovrrâs cyber incidents database, which contains both threat intelligence and financial data on a vast collection of cyber incidents show specific industries being specifically targeted by a breach of credentials.The table below represents the percentage of total stolen credentials from a specific industry out of all stolen credentials across industries i.e., if 100 records were stolen globally, 32.94 of these were stolen from the education industry. âThe fact that education makes up such a large portion of total can be attributed to any number of factors. We assert that two of these are the most important: the large number of users that exist within the organization, and their tendency to change very often. Combined with the COVID-19 pandemic, and the sudden transition to remote studying and teaching, that factor became even more severe.The other industries that are most often victims of credentials theft (Information,Public Administration) are all natural targets for credential theft. By their nature, not only do they handle many user credentials, but they are also prime targets for spreading to new organizations.âCosts Behind Stolen Credentials The most common motivation for credential theft is ransomware. It is one of the most useful leverages used, after an organization has been compromised, in order to monetize on the access achieved by the attacker.âIf we are to analyze the financial impact of a ransomware attack, we can see it consists of several components: the obvious extortion cost (in case the ransom is paid), response and restoration costs, le | Ransomware Data Breach Vulnerability Threat | ★★★ | |
 |
2022-07-09 11:12:06 | Mangatoon data breach exposes data from 23 million accounts (lien direct) | Manga comic reading app Mangatoon has suffered a data breach that exposed the account information of 23 million users after a hacker stole it from an Elasticsearch database. [...] | Data Breach | ||
 |
2022-07-08 12:55:07 | Lessons Learned from a Popular Hotel\'s Recent Data Breach Involving Social Engineering (lien direct) |
|
Data Breach | ||
|
2022-07-07 13:19:23 | Quantum ransomware attack affects 657 healthcare orgs (lien direct) | Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations. [...] | Ransomware Data Breach | ||
 |
2022-07-07 11:17:47 | Smashing Security podcast #282: Raising money through ransomware, China\'s mega-leak, and hackers for hire (lien direct) | A hacked university might have made a profit after paying a cryptocurrency ransom, China suffers possibly the biggest data breach in history, and Reuters investigates digital mercenaries. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this … Continue reading "Smashing Security podcast #282: Raising money through ransomware, China’s mega-leak, and hackers for hire" | Data Breach | ||
 |
2022-07-07 10:09:57 | Marriott Hotels Suffers Second Data Breach in 2022 (lien direct) | Marriott International Inc. confirmed on Wednesday July 6th that they had suffered a second data breach this year. Initial reports say that attackers stole a total of 20GB worth of data including some sensitive information such as credit card information, confidential business documents, and customer payment information Marriott is preparing to notify between 300 and […] | Data Breach | ||
 |
2022-07-07 10:01:47 | Marriott Confirms Small-Scale Data Breach (lien direct) | International hotel chain Marriott has confirmed that an unknown threat actor has accessed data on a computer at one of its hotels. | Data Breach Threat | ||
 |
2022-07-07 08:10:00 | Marriott Plays Down 20GB Data Breach (lien direct) | Global hotel chain compromised yet again | Data Breach | ||
 |
2022-07-07 05:35:00 | Latest Marriott data breach not as serious as others (lien direct) | Pas de details / No more details | Data Breach | ||
 |
2022-07-06 23:08:11 | Marriott International suffered a new data breach, attackers stole 20GB of data (lien direct) | >Hotel chain Marriott International suffered a new data breach, a threat actor has stolen 20GB from the company. Hotel chain Marriott International confirmed it has suffered a new data breach after a threat actor stole 20GB of files from one of its properties. The attacker compromised the network at the BWI Airport Marriott Maryland (BWIA), […] | Data Breach Threat | ||
|
2022-07-06 19:32:55 | Marriot Data Breach – Expert Weighs In (lien direct) | It has been reported that Marriott International Inc. has suffered yet another data breach, the second time the hotel chain has had data stolen this year. Initially reported by DataBreaches.net, an unnamed hacking group claimed to have stolen roughly 20 gigabytes of data. The data, including credit card information and personally identifiable information on guests and workers, […] | Data Breach | ||
 |
2022-07-06 17:57:00 | Marriott Data Breach Exposes PII, Credit Cards (lien direct) | The hospitality giant said data from 300-400 individuals was compromised by a social-engineering scam targeting the Baltimore airport. | Data Breach | ||
 |
2022-07-06 14:00:13 | Marriott Hotels admits to third data breach in 4 years (lien direct) | Digital thieves made off with 20GB of internal documents and customer data Marriott Hotels has leaked data to attackers again and this time the culprits made off with 20GB of information, which reportedly included credit card info and internal company documents. … | Data Breach | ||
|
2022-07-06 12:52:48 | (Déjà vu) Marriott confirms another data breach after hotel got hacked (lien direct) | Hotel giant Marriott International confirmed this week that it was hit by another data breach after an unknown threat actor managed to breach one of its properties and steal 20 GB worth of files. [...] | Data Breach Threat | ||
|
2022-07-06 12:52:48 | (Déjà vu) Marriott hit by new data breach and a failed extortion attempt (lien direct) | Hotel giant Marriott International confirmed this week that it was hit by another data breach after an unknown threat actor managed to breach one of its properties and steal 20 GB worth of files. [...] | Data Breach Threat | ||
|
2022-07-06 12:52:48 | Marriott confirms data breach and a failed extortion attempt (lien direct) | Hotel giant Marriott International confirmed this week that it was hit by another data breach after an unknown threat actor managed to breach one of its properties and steal 20 GB worth of files. [...] | Data Breach Threat | ||
|
2022-07-05 18:23:58 | Data Breach at PFC USA Impacts Patients of 650 Healthcare Providers (lien direct) | Just ahead of the 4th of July weekend, accounts receivable management firm Professional Finance Company (PFC USA) started sending out data breach notification letters to patients of over 650 healthcare providers across the country. | Data Breach | ||
 |
2022-07-05 02:00:00 | 6 signs your IAM strategy is failing, and how to fix it (lien direct) | Companies have been developing and executing identity and access management (IAM) strategies for decades. "It started with mainframe time sharing, so nothing is new," says Jay Bretzmann, program director for security products at IDC. Despite that long experience, there are still opportunities for mistakes, especially when companies are upgrading their IAM platforms to those that can better deal with modern IT deployments.Here are six ways to tell that a company's IAM strategy is failing.1. Users can't access their applications, but criminals can The primary goal of an IAM platform is to allow legitimate users to access the resources that they need, while keeping out the bad guys. If the opposite is happening, then something is wrong. According to the latest Verizon Data Breach Incident Report, stolen credentials were the most common attack method last year, involved in half of all breaches and in over 80% of web application breaches.To read this article in full, please click here | Data Breach | ||
|
2022-07-04 18:37:06 | (Déjà vu) Data of a billion Chinese residents available for sale on a cybercrime forum (lien direct) | >Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one […] | Data Breach Threat | ||
|
2022-07-04 18:37:06 | Data of a billion Chinese residents available for sale on the dark web (lien direct) | >Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one […] | Data Breach Threat | ||
|
2022-07-04 02:00:00 | 11 top cloud security threats (lien direct) | Identity and access issues topped the list of concerns of IT pros in the Cloud Security Alliance's annual Top Threats to Cloud Computing: The Pandemic 11 report released earlier this month. "Data breaches and data loss were the top concerns last year," says CSA Global Vice President of Research John Yeoh. "This year, they weren't even in the top 11.""What that tells me is the cloud customer is getting a lot smarter," Yeoh continues. "They're getting away from worrying about end results-a data breach or loss is an end result-and looking at the causes of those results (data access, misconfigurations, insecure applications) and taking control of them."To read this article in full, please click here | Data Breach Threat | ||
|
2022-07-01 14:12:04 | NFT Giant OpenSea Reports Major Email Data Breach (lien direct) | OpenSea, the largest NFT marketplace with more than $20 Billion in trading volume, disclosed a data breach Wednesday, warning users of phishing attacks that could target them due to a recent breach of most all of their customer email data. The online NFT marketplace says it has more than 600,000 users and possibly all of […] | Data Breach | ||
|
2022-07-01 13:12:23 | AMD held to ransom by gang that claims 450GB of data has been stolen (lien direct) | Semiconductor giant AMD says that it is investigating what claims to be a major data breach of its network, that saw a group of online criminals steal 450GB of data from its systems. Read more in my article on the Hot for Security blog. | Data Breach | ||
|
2022-06-30 13:29:57 | NFT marketplace OpenSea warns of data breach that could lead to phishing attacks (lien direct) | Popular NFT marketplace OpenSea has warned users that they might be targeted with phishing attacks following a data breach that exposed the email addresses of its users and newsletter subscribers. | Data Breach | ||
|
2022-06-30 06:05:16 | OpenSea discloses data breach, warns users of phishing attacks (lien direct) | OpenSea, the largest non-fungible token (NFT) marketplace, disclosed a data breach on Wednesday and warned users of potential phishing attacks targeting them in the coming days. [...] | Data Breach | ||
|
2022-06-29 16:08:04 | 82% Cyber Breaches In Verizon\'s Report Preventable, Says MyCena (lien direct) | Verizon recently released its 2022 Data Breach Investigations Report, giving businesses vital insights into the state of cybersecurity around the world. It contains an analysis of over 23,000 incidents and 5,200 confirmed breaches, analysed over the past. Overall, Verizon attributes the number-one motive of cyberattacks to financial gain, saying almost four out of five breaches […] | Data Breach | ||
|
2022-06-29 16:03:30 | Expert Insight On RansomHouse Attacking AMD (lien direct) | AMD said it is investigating a potential data breach after RansomHouse, a relatively new data cybercrime operation, claims to have extorted data from the US chipmaker. In addition to the fact that RansomHouse are focussing on large enterprises with weak security, Dr Darren Williams at ADX and ransomware prevention specialists, Blackfog notes that if an […] | Ransomware Data Breach | ||
|
2022-06-27 08:30:00 | CafePress Fined $500,000 After Massive Data Breach (lien direct) | FTC also demands major security improvements | Data Breach | ||
|
2022-06-24 12:48:42 | (Déjà vu) CafePress fined $500,000 for breach affecting 23 million users (lien direct) | The U.S. Federal Trade Commission (FTC) today ordered Residual Pumpkin Entity, the former owner of the CafePress t-shirt and merchandise site, to pay a $500,000 fine for attempting to cover up a major data breach impacting more than 23 million customers and failing to protect their data. [...] | Data Breach | ||
|
2022-06-24 12:48:42 | FTC fines CafePress $500K for breach affecting 23 million users (lien direct) | The U.S. Federal Trade Commission (FTC) today ordered Residual Pumpkin Entity, the former owner of the CafePress t-shirt and merchandise site, to pay a $500,000 fine for attempting to cover up a major data breach impacting more than 23 million customers and failing to protect their data. [...] | Data Breach | ||
|
2022-06-23 11:13:05 | MCG Health Faces Lawsuit Over Data Breach Impacting 1.1 Million Individuals (lien direct) | Patient care guidelines provider MCG Health faces a proposed class lawsuit over the compromise of patient information during a March 2022 data breach. A wholly-owned subsidiary of the New York-based Hearst Health network, MCG Health combines artificial intelligence with clinical expertise to help healthcare organizations provide care to their patients. | Data Breach | ||
 |
2022-06-23 11:08:42 | S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast] (lien direct) | Latest epsiode - listen now! | Data Breach | ||
|
2022-06-22 07:31:01 | Flagstar Bank discloses a data breach that impacted 1.5 Million individuals (lien direct) | >US Flagstar Bank disclosed a data breach that exposed files containing the personal information of 1.5 million individuals. US-based Flagstar Bank disclosed a data breach that impacted roughly 1.5 million individuals, but the company did not share details about the attack. The security breach took place in early December 2021, and the investigation that was […] | Data Breach | ||
|
2022-06-21 15:24:24 | Capital One identity theft hacker finally gets convicted (lien direct) | It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own! | Data Breach | ||
|
2022-06-21 15:16:06 | Expert Commentary: Flagstar Bank Data Breach (lien direct) | Flagstar Bank, a Michigan-based financial services provider and one of the largest banks in the United States, has disclosed a data breach impacting 1.5 million customers. | Data Breach | ||
 |
2022-06-21 14:31:04 | Fireside chat: New \'SASE\' weapon chokes off ransomware before attack spreads laterally (lien direct) | It's stunning that the ransomware plague persists. Related: ‘SASE’ blends connectivity and security Verizon's Data Breach Incident Report shows a 13 percent spike in 2021, a jump greater than the past years combined; Sophos' State of Ransomware survey shows victims … (more…) | Ransomware Data Breach | ||
|
2022-06-21 13:04:25 | Flagstar Bank Data Breach Affects 1.5 Million Customers (lien direct) | Michigan-based Flagstar Bank, which has more than 150 branches across several US states, has disclosed a data breach that involved threat actors accessing files containing the personal information of 1.5 million individuals. | Data Breach Threat | ||
 |
2022-06-21 09:24:51 | 1.5 million customers impacted by Flagstar Bank data breach (lien direct) | The security incident occurred in December 2021. | Data Breach | ||
|
2022-06-21 08:30:00 | US Bank Data Breach Impacts Over 1.5 Million Customers (lien direct) | Flagstar reveals details of December incident | Data Breach | ||
 |
2022-06-21 03:00:00 | The actual cost of a breach – reputation, loss of customers, fines, suspension of business (lien direct) | >According to IBM's Cost of a Data Breach report In 2021, data breach costs rose from $3.86 million to $4.24 million, exhibiting the highest average total cost in the 17-year history of their report. A new report from the Department for Culture, Media, and Sport (DCMS) has revealed that data breaches have become more costly […]… Read More | Data Breach | ||
 |
2022-06-21 02:46:21 | Former Amazon Employee Found Guilty in 2019 Capital One Data Breach (lien direct) | A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the 2019 Capital One breach. Paige Thompson, who operated under the online alias "erratic" and worked for the tech giant till 2016, was found guilty of wire fraud, five counts of unauthorized access to a protected | Data Breach | ||
|
2022-06-20 17:00:00 | Former Amazon Worker Convicted of Capital One Data Breach (lien direct) | The software engineer intended to mine the stolen data and install cryptocurrency miners on some AWS servers | Data Breach | ||
|
2022-06-20 12:57:31 | Flagstar Bank discloses data breach impacting 1.5 million customers (lien direct) | Flagstar Bank is notifying 1.5 million customers of a data breach where hackers accessed personal data during a December cyberattack. [...] | Data Breach | ||
|
2022-06-20 10:10:17 | Breach at Eye Care Software Vendor Hits Millions of Patients (lien direct) | The personal information of millions of individuals may have been stolen by threat actors as a result of a data breach at Eye Care Leaders, a firm that provides electronic health record and practice management solutions. | Data Breach Threat Guideline | ||
 |
2022-06-17 14:00:00 | Checklist 283: Edit the Edit and Unsend Plans (lien direct) | >Problems with edit and unsend in iOS 16, a data breach at a healthcare company, and a beer-based scam for Father's Day. | Data Breach | ||
 |
2022-06-16 13:47:51 | 15-Minute Webinar | Mid-year Data Breach Update: How the Latest Cyberthreat Trends Can Impact Your Identity Security (lien direct) | >
In 2021, the number of data breaches reached historic levels and the Identity Theft Resource Center reports that the start of this year is generating similar record-breaking trends. As a result, the personal information of millions of individuals is being put at risk of identity, financial and other crimes. What kinds of businesses are being […]
|
Data Breach | ||
|
2022-06-16 08:01:16 | When a Corporate Data Breach Happens: Critical Next Steps (lien direct) | >
What If My Business Experiences a Data Breach? Regardless of cybersecurity proficiency, no organization is safe from data breaches. That's why it's critical every business develops and documents an Incident Response Plan. Your response plan will outline steps your organization should take if you suspect data has been compromised. The quicker your business follows […]
|
Data Breach |
To see everything:
Our RSS (filtrered)
