What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-11-10 11:12:08 | Mashable suffers data breach exposing users\' details (lien direct) | Mashable, a major tech and culture news website has recently experienced a data breach which has resulted in the personal data of their users being exposed online. On Sunday 8 November Mashable issued a statement confirming that their database had breached and that they had discovered that reader who use their social media sign-in feature […] | Data Breach | ||
|
2020-11-10 10:55:32 | RedDoorz user record for sale by threat actor on hacking forum (lien direct) | A threat actor is selling the RedDoorz database containing 5.8 million user record on a hacking forum following a data breach in September. RedDoorz is a hotel management and booking platform based in Singapore, which manages bookings for over 1,000 properties in Southeast Asia. Users can register an account to browse hotels and book reservation […] | Data Breach Threat | ||
 |
2020-11-10 10:45:16 | Stressed Employees Behind 4 In 10 Data Breaches (lien direct) | Four-in-ten data breaches are caused by stressed, tired employees Our recent Outbound Email Security Report has revealed that stressed, tired employees are behind four in ten of the most severe data breach incidents. As stress levels rise, rushed employees are more likely to make simple mistakes such as sending an email to the wrong person, … The ISBuzz Post: This Post Stressed Employees Behind 4 In 10 Data Breaches | Data Breach | ||
|
2020-11-10 10:41:57 | World\'s largest eyewear company suffers data breach (lien direct) | Luxottica, the world’s largest eyewear company, has recently suffered a data breach which has resulted in the exposure of the personal information of Lenscrafters patients. The attack also affected Optical, EyeMed and other eye practices. Luxottica warned that “the personal information involved in this incident may have included: full name, contact information, appointment date and […] | Data Breach | ||
|
2020-11-09 13:54:52 | Millions of hotel guests have data exposed after Hotel Booking firm experiences breach (lien direct) | The Spanish developer Prestige software has experienced a data breach after misconfiguring an AWS bucket. The breach has lead to the exposure of their cloud database, and the data of millions of hotel guests. Prestige software is a platform which enables hotels to automate their availability on booking site such as Expedia. The misconfigured S3 […] | Data Breach Guideline | ||
 |
2020-11-08 14:06:43 | Security Affairs newsletter Round 288 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. 103,000 machines are still vulnerable to SMBGhost attacks A data breach broker is selling account databases of 17 companies Maze ransomware is going out of the business Nuclear Regulation Authority […] | Ransomware Data Breach | ||
|
2020-11-08 12:56:19 | Luxottica data breach exposes info of LensCrafters and EyeMed (lien direct) | A data breach suffered by Luxottica has exposed the personal and health information of patients of LensCrafters, Target Optical, and EyeMed. Luxottica Group S.p.A. is an Italian eyewear conglomerate and the world's largest company in the eyewear industry. As a vertically integrated company, Luxottica designs, manufactures, distributes and retails its eyewear brands, including LensCrafters, Sunglass Hut, […] | Data Breach | ||
|
2020-11-02 08:31:41 | UK ICO fines hotel chain giant Marriott over data breach (lien direct) | The UK Information Commissioner’s Office fined US hotels group Marriott over the 2018 data breach that affected millions of customers worldwide. The UK Information Commissioner’s Office announced it has fined Marriott £18.4 million ($23.5 million) for multiple data breaches suffered by the company since 2018 that exposed the personal information of its customers. “The ICO has fined […] | Data Breach | ||
 |
2020-11-02 08:31:26 | Marriott fined £18.4 million by UK watchdog over customer data breach (lien direct) | The fine has been slashed from over £99 million originally proposed In light of the pandemic. | Data Breach | ||
|
2020-11-01 11:11:49 | A data breach broker is selling account databases of 17 companies (lien direct) | A threat actor is offering for sale account databases containing an aggregate total of 34 million user records stolen from 17 companies. A data breach broker is selling account databases containing a total of 34 million user records stolen from 17 companies. The threat actor is advertising the stolen data since October 28 on a […] | Data Breach Threat | ||
 |
2020-10-30 20:31:28 | Vastaamo psychotherapy data breach sees the most vulnerable victims extorted (lien direct) |
A Finnish psychotherapy practice suffered a data breach (or two). Now its patients are receiving extortion messages.
Categories:
Cybercrime
Tags: data breachextortiongdprpatient recordsvastaamo
(Read more...)
|
Data Breach | ||
 |
2020-10-30 13:53:13 | Marriott data breach fine slashed to £18.4 million by UK regulator (lien direct) | Marriott International has been fined £18.4 million (US $23.8 million) for its failure to adequately protect the personal records 339 million guests. The fine, imposed by UK data regulator, the Information Commissioner's Office (ICO), is a massive 81% less than the £99.2 million fine originally imposed upon the hotel group last year. Read more in my article on the Hot for Security blog. | Data Breach | ||
 |
2020-10-30 12:42:12 | Marriott Hotels fined £18.4m for data breach that hit millions (lien direct) | Up to 339 million people may have been hit in a cyber-attack on a chain later bought by Marriott. | Data Breach | ||
 |
2020-10-29 03:00:00 | Supply chain attacks show why you should be wary of third-party providers (lien direct) | A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data. This has dramatically changes the attack surface of the typical enterprise in the past few years, with more suppliers and service providers touching sensitive data than ever before. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2020-10-28 10:16:09 | Finnish Psych Patients Blackmailed Following Breach – CEO Perspective (lien direct) | A data breach at Vastaamo, a Finnish nationwide psychotherapy practice, has resulted in the blackmailing of hundreds of patients. Excerpts (via Google Translator) of Vastaamo’s press release: “The Board of Directors of Psychotherapy Center has relieved the company’s CEO from office… On Wednesday, October 21, 2020, the psychotherapy center said that it had been the … The ISBuzz Post: This Post Finnish Psych Patients Blackmailed Following Breach – CEO Perspective | Data Breach | ||
|
2020-10-27 15:46:57 | Finnish therapy clinic\'s CEO fired after despicable data breach and blackmail threats (lien direct) | A Finnish psychotherapy clinic has dismissed its CEO in the wake of a disastrous data breach which has seen patients' personal details, as well as notes of what has been discussed in confidential therapy sessions, exposed... and clients blackmailed. | Data Breach | ||
|
2020-10-27 15:29:12 | Psychotherapy Clinic Data Breach – No Data Is Safe (lien direct) | Following the news of the data breach at Vastaamo Psychotherapy clinic in Finland, it’s clear that when it comes to ransom-worthy personal details no data is safe, no matter how sensitive. Taking risks with cybersecurity is no longer an option especially in the healthcare industry. The ISBuzz Post: This Post Psychotherapy Clinic Data Breach – No Data Is Safe | Data Breach | ||
|
2020-10-27 14:42:29 | Expert Commentary: Massive Nitro Data Breach Impacts Microsoft, Google, Apple, More (lien direct) | A massive data breach suffered by the Nitro PDF service has impacted many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. Claimed to be used by over 10 thousand business customers and 1.8 million licensed users, Nitro is an application used to create, edit, and sign PDFs and digital documents. On October 21, Nitro … The ISBuzz Post: This Post Expert Commentary: Massive Nitro Data Breach Impacts Microsoft, Google, Apple, More | Data Breach | ||
|
2020-10-27 13:24:47 | Fragomen law firm data breach exposed Google employee\'s data (lien direct) | Immigration law firm Fragomen has disclosed a data breach that exposed current and former Google employees’ personal information. Immigration law firm Fragomen, Del Rey, Bernsen & Loewy, LLP, one of the most prominent US law firms covering immigration law, disclosed a data breach. The security breach exposed current and former Google employees’ personal information after […] | Data Breach | ||
|
2020-10-27 10:47:20 | Law firm used by Google confirms data breach (lien direct) | Law firm Fragomen, Del Rey, Brensen and Loewy have confirmed they have suffered a data breach which involved the personal information of both current and former Google employees. The law firm based in New York provides companies with employment verification screening services in order to determine whether potential employees are authorized to work in the […] | Data Breach | ||
|
2020-10-26 22:02:42 | Nitro PDF data breach might impact major companies, including Microsoft, Google, and Apple (lien direct) | Nitro PDF suffered a massive data breach that impacts many major organizations, including Apple, Chase, Citibank, Google, and Microsoft. A massive data breach suffered by the Nitro PDF might have a severe impact on well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. Nitro Software, Inc. develops commercial software used to create, edit, sign, and […] | Data Breach | ||
|
2020-10-26 12:44:39 | Therapy patients blackmailed for cash after clinic data breach (lien direct) | Stolen data appears to have included personal identification records and notes about therapy sessions. | Data Breach | ||
|
2020-10-26 08:18:20 | COVID-19 vaccine manufacturer suffers a data breach (lien direct) | Dr. Reddy's, the Indian contractor for Russia's “Sputinik V” COVID-19 vaccine was hit with a cyber-attack that forced the company to close its plants. Indian COVID-19 vaccine manufacturer Dr. Reddy's Laboratories was hit with a cyber attack that forced it to shut down its plants in Brazil, India, Russia, the U.K., and the U.S.. According […] | Data Breach | ||
|
2020-10-23 10:23:34 | Experts Reacted On Pharma Giant Pfizer Exposes Patient Data On Unsecured Cloud Storage (lien direct) | It has been reported that Global pharmaceutical giant Pfizer Inc. has suffered a data breach with patient information found exposed on unsecured cloud storage. Discovered and publicised yesterday, the exposed data was found on a misconfigured Google Cloud storage bucket. The data included hundreds of conversations between Pfizer's automated customer support software and people using its prescription pharmaceutical … The ISBuzz Post: This Post Experts Reacted On Pharma Giant Pfizer Exposes Patient Data On Unsecured Cloud Storage | Data Breach | ||
 |
2020-10-22 15:48:01 | Affected by a Data Breach? Here Are Five Security Steps You Should Take (lien direct) | 
Five Tips to Secure Your Credit Card Data From This Recent Data Breach Users share their personal information with companies for multiple reasons. Whether they're checking into a hotel room, using a credit card to make a purchase at their favorite food spot, or collecting rewards points at a local coffee shop, consumers give companies […]
|
Data Breach | ★★ | |
 |
2020-10-21 12:00:00 | Are You One COVID-19 Test Away From a Cybersecurity Disaster? (lien direct) | One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue. | Ransomware Data Breach | ||
 |
2020-10-21 10:00:00 | Training Trainers: How IBM Uses Data Breach Simulations to Build Real-World Competency (lien direct) | Threat intelligence and response teams need to be ready to respond to an increasing barrage of risks and changes. To be exact, this is where breach-and-attack-simulation (BAS) comes in. Most groups use BAS platforms to validate security controls against various types of data breaches. Meanwhile, IBM Security saw that it could also be very useful as […] | Data Breach | ||
|
2020-10-20 13:27:47 | Albion Games Online Forum Suffers Data Breach – Experts Insight (lien direct) | A hacker has breached the forum of Albion Online, a popular free medieval fantasy MMORPG, and stole usernames and password hashes, the game maker disclosed on Saturday. “The intruder was able to access forum user profiles, which include the email addresses connected to those forum accounts,” said Sandbox Interactive GmbH, the company behind Albion Online. The attacker also … The ISBuzz Post: This Post Albion Games Online Forum Suffers Data Breach – Experts Insight | Data Breach | ||
|
2020-10-20 03:00:00 | Avoiding the snags and snares in data breach reporting: What CISOs need to know (lien direct) | Failing to report sensitive data breaches to US regulatory and law enforcement agencies just got more dangerous and confusing for CISOs and their organizations. If that failure is seen as a coverup, such as paying ransoms for retrieving sensitive data, it could lead to steep fines or jail time. | Data Breach Guideline | ||
|
2020-10-19 10:39:06 | British Airways fined £20 million for data breach (lien direct) | British Airways have been fined £20 million by the Information Commissioner’s Office (ICO) following a data breach from 2018 which affected 400,000 customers. The 2018 breach affected customers confidential personal and credit card data. The incident happen when British Airway’s systems were compromised by attackers, who modified customer details when they were inputted in order […] | Data Breach | ||
|
2020-10-19 09:47:14 | Albion Online game maker discloses data breach (lien direct) | Game maker says intruder gained access to its forum database by exploiting a vulnerability. | Data Breach | ||
|
2020-10-19 09:19:00 | Experts Reacted On News: British Airways Fined £20m For Data Breach (lien direct) | British Airways has been fined £20m for failing to protect the personal and financial details of more than 400,000 customers, according to Business Live. This follows an investigation by the Information Commissioner’s Office (IC)) after the airline was the subject to a cyber-attack, which it did not detect for more than two months, in 2018. The … The ISBuzz Post: This Post Experts Reacted On News: British Airways Fined £20m For Data Breach | Data Breach | ||
|
2020-10-16 17:16:59 | Britain\'s information commissioner fines British Airways for 2018 Hack (lien direct) | Britain's information commissioner has fined British Airways 20 million pounds for the 2018 hack that exposed data of 400,000 customers. In September 2018, British Airways suffered a data breach that exposed the personal information of 400,000 customers. The hackers potentially accessed the personal data of approximately 429,612 customers and staff. Exposed data included names, addresses, […] | Data Breach Hack | ||
|
2020-10-16 16:55:26 | Having saved credit card details in plaintext since 2015, British Airways is fined £20 million (lien direct) | British Airways has been fined £20 million (US $26 million) following a data breach which saw its systems hacked and the personal and payment card information of 400,000 customers stolen. Read more in my article on the Hot for Security blog. | Data Breach | ||
|
2020-10-16 12:27:59 | 300 Million Credit Cards From Dickey\'s BBQ Customers Sold On Dark Web – Expert Perspective (lien direct) | Krebs On Security is reporting that a popular dark web outlet for stolen credit cards is selling more than three million new card records this week, the result of a multi-year data breach at 100+ Dickey’s Barbeque Restaurant locations across the US. A Gurucul expert offers some perspective. The ISBuzz Post: This Post 300 Million Credit Cards From Dickey's BBQ Customers Sold On Dark Web – Expert Perspective | Data Breach | ||
|
2020-10-16 09:52:17 | British Airways fined £20m over data breach (lien direct) | The fine is the largest ever issued by the Information Commissioner's Office. | Data Breach | ||
 |
2020-10-15 20:44:44 | Breach at Dickey\'s BBQ Smokes 3M Cards (lien direct) | One of the digital underground's most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the payment card data was stolen in a two-year-long data breach at more than 100 Dickey's Barbeque Restaurant locations around the country. | Data Breach | ||
|
2020-10-15 15:00:00 | Barnes & Noble Warns Customers About Data Breach (lien direct) | Famed bookseller says non-financial data was exposed in a new attack. | Data Breach | ||
|
2020-10-15 09:08:38 | Barnes & Noble confirms cyberattack, suspected customer data breach (lien direct) | The bookseller's security incident also impacted Nook services. | Data Breach | ||
 |
2020-10-14 13:30:00 | Security All In Podcast: Live Episode with Cybereason CEO Lior Div (lien direct) |
With each major data breach the role of the Chief Information Security Officer becomes more complex, and more crucial. Ditch whatever preconception you may have-these individuals manage risk on a daily basis, with one foot in the world of business and another in the world of cybersecurity. |
Data Breach | ||
|
2020-10-10 13:04:07 | Carnival confirms data breach as a result of the August ransomware attack (lien direct) | Carnival Corporation, the world’s largest cruise line operator, has confirmed a data breach as a result of the august ransomware attack. Carnival Corporation, the world’s largest cruise line operator, has confirmed a data breach as a result of the ransomware attack that took place in August. Ransomware operators have stolen the personal information of customers, […] | Ransomware Data Breach | ||
|
2020-10-10 08:36:03 | Children and parent info exposed in Georgia DHS data breach (lien direct) | The personal and health data of children and adults involved in Child Protective Services cases was exposed. | Data Breach | ||
|
2020-10-09 13:57:54 | Expert Insight: CPS Under Fire Again After Data Breach Cases Jump 18% (lien direct) | The UK's Crown Prosecution Service (CPS) has recorded over 1600 data breaches over the course of a year, including scores of unauthorized disclosures classed as “severe,” it has emerged. The data featured in the CPS annual report revealed a total of 1627 recorded data breaches in the 2019-20 financial year, up 18% from the previous … The ISBuzz Post: This Post Expert Insight: CPS Under Fire Again After Data Breach Cases Jump 18% | Data Breach | ||
|
2020-10-07 11:12:54 | Customer records stolen in Chowbus data breach (lien direct) | Chowbus, the Asian food delivery service owned by Fantuan Group Inc., has experienced a data breach which has resulted in thousands of customers records being stolen. It is unknown how the breach happened, but Chowbus has stated that customers data has been stolen, including names, phone numbers, physical addresses and email addresses. Chowbus have claimed […] | Data Breach | ||
|
2020-10-07 10:54:33 | Experts On Gardai Investigate Major Data Breach At Limerick Hospital (lien direct) | University Hospital Limerick has launched an investigation into a major data breach in which a rogue non-HSE employee leaked personal details belonging to more than 600 patients, including 95 children, to the internet, the Limerick Leader reported exclusively this morning. This data belonging to 630 patients, including 95 children, was taken from an automated system that is … The ISBuzz Post: This Post Experts On Gardai Investigate Major Data Breach At Limerick Hospital | Data Breach Guideline | ||
 |
2020-10-05 08:24:19 | Combien vous coûterait une fuite de données ? (lien direct) | Les brèches de données sont plus fréquentes qu'on ne le croit. Et leur coût peut s'avérer très élevé si l'incident a exposé des données personnelles ou s'il est le résultat d'une cyber attaque. Le coût moyen d'une brèche de données a diminué de 1,5 % d'une année sur l'autre, coûtant aux entreprises 3,86 millions de dollars US par incident, selon le rapport 2020 Cost of a Data Breach Report d'IBM. L'étude annuelle a analysé les données de 524 entreprises qui, bien qu'étant basées dans 17 pays et régions et opérant (...) - Points de Vue | Data Breach | ||
|
2020-10-03 16:40:12 | Blackbaud – Data Breach Expert Comment (lien direct) | Blackbaud recently confirmed that bank details and passwords may have been stolen in a charity hack. Blackbaud suffered a data breach back in May, but the attack has resurfaced with new information coming out. The software developer originally paid the ransomware and confirmed bank details were not leaked. While the question around whether to pay … The ISBuzz Post: This Post Blackbaud – Data Breach Expert Comment | Ransomware Data Breach | ||
 |
2020-10-01 14:10:28 | 96% of Organizations Use Open Source Libraries but Less Than 50% Manage Their Library Security Flaws (lien direct) |  Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their codebase. But ??? shockingly ??? less than half of these organizations have invested in specific security controls to scan for open source vulnerabilities.
Why is it important to scan open source libraries?
For our State of Software Security: Open Source Edition report, we analyzed the security of open source libraries in 85,000 applications and found that 71 percent have a flaw. The most common open source flaws identified include Cross-Site Scripting, insecure deserialization, and broken access control. By not scanning open source libraries, these flaws remain vulnerable to a cyberattack. ツ?ツ?ツ?
Equifax made headlines by not scanning its open source libraries. In 2017, Equifax suffered a massive data breach from Apache Struts which compromised the data ??? including social security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent. The unfortunate reality is that if Equifax performed AppSec scans on its open source libraries and patched the vulnerability, the breach could have been avoided. ツ?
Why aren???t more organizations scanning open source libraries?
If 96 percent of organizations use open source libraries and 71 percent of applications have a third-party vulnerability, why is it that less than 50 percent of organizations scan their open source libraries? The main reason is that when application developers add third-party libraries to their codebase, they expect that library developers have scanned the code for vulnerabilities. Unfortunately, you can???t rely on library developers to keep your application safe. Approximately 42 percent of the third-party code pulled directly by an application developer has a flaw on first scan. And even if the third-party code appears to be free of flaws, more than 47 percent of third-party code has a transitive flaw that???s pulled indirectly from another library in use.
What are your options for managing library security flaws?
First off, it???s important to note that most flaws in open source libraries are easy to fix. Close to 74 percent of the flaws can be fixed with an update like a revision or patch. Even high priority flaws are easy to fix ??? close to 91 percent can be fixed with an update.
So, when it comes to managing your library security flaws, the concentration should not just be, ???How |
Data Breach Tool Vulnerability | Equifax | |
 |
2020-10-01 11:26:19 | A Simple Guide to Threat Hunting (lien direct) | Threats are continually changing and becoming more sophisticated. Making it impossible to buy a tool that detects every potential cyberthreat. You can help protect your business by taking a proactive approach to hunting threats. According to the 2020 Verizon Data Breach report, more than 25% percent of breaches took months or longer to discover This [...] | Data Breach Tool Threat | ||
 |
2020-09-29 14:00:00 | Weekly Threat Briefing: Federal Agency Breach, Exploits, Malware, and Spyware (lien direct) |
The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Cyber Espionage, FinSpy, Magento, Taurus Project and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
German-made FinSpy Spyware Found in Egypt, and Mac and Linux Versions Revealed
(published: September 25, 2020)
Security Researchers from Amnesty International have identified new variants of FinSpy, spyware that can access private data and record audio/video. While used as a law enforcement tool, authoritarian governments have been using FinSpy to spy on activists and dissidents. Spreading through fake Flash Player updates, the malware is installed as root with use of exploits, and persistence is gained by creating a logind.pslist file. Once a system is infected with the malware, it has the ability to run shell scripts, record audio, keylogging, view network information, and list files. Samples have been found of FinSpy for macOS, Windows, Android, and Linux.
Recommendation: Defense-in-depth (layering of security mechanisms, redundancy, fail-safe defense processes) is the best way to ensure safety from threat actors, including a focus on both network and host-based security. Prevention and detection capabilities should also be in place. Furthermore, all employees should be educated on the risks of spearphishing and how to identify such attempts.
MITRE ATT&CK: [MITRE ATT&CK] Logon Scripts - T1037 | [MITRE ATT&CK] Standard Application Layer Protocol - T1071
Tags: Amnesty, Android, Backdoor, Linux, macOS, FinSpy, Spyware
Magento Credit Card Stealing Malware: gstaticapi
(published: September 25, 2020)
Security researchers, at Sucuri, have identified a malicious script, dubbed “gstaticapi,” that is designed to steal payment information from Magento-based websites. The script first attempts to find the “checkout” string in a web browser URL and, if found, will create an element to the web pages header. This allows the JavaScript to handle external code-loading capabilities that are used to process the theft of billing and payment card information.
Recommendation: Sometimes webmasters discover that one of their sites has been compromised months after the initial infection. Websites, much like personal workstations, require constant maintenance and upkeep in order to adapt to the latest threats. In addition to keeping server software up to date, it is critical that all external-facing assets are monitored and scanned for vulnerabilities. The ability to easily restore from backup, incident response planning, and customer communication channels should all be established before a breach occurs.
MITRE ATT&CK: [MITRE ATT&CK] Command-Line Interface - T1059 | [MITRE ATT&CK] Input Capture - T1056 | [MITRE ATT&CK] Data Encoding - T1132
T |
Data Breach Malware Vulnerability Threat | APT 19 | ★★★★★ |
To see everything:
Our RSS (filtrered)
