What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-10-02 17:42:00 | Zendesk discloses 2016 data breach (lien direct) | Zendesk said hacker accessed data of 10,000 users, including passwords, emails, names, and phone numbers. | Data Breach | ||
 |
2019-10-02 12:00:08 | Nearly 60% of businesses suffered a data breach in the past 3 years (lien direct) | Some 36% of companies who haven't suffered a breach said it is likely they are unknowingly experiencing one now. | Data Breach | ||
 |
2019-10-02 09:40:36 | Nearly all companies have suffered a data breach (lien direct) | In the last three years, almost two thirds (60 per cent) of businesses have experienced a data breach. This is according to a new global report from Bitdefender, which also adds that those that haven't been attacked yet – expect to experience such a scenario soon. As a matter of fact, more than a third of […] | Data Breach | ||
 |
2019-10-01 12:35:00 | Cost of Data Breach Hits $1.4M, Security Budgets Near $19M (lien direct) | Researchers report businesses with an internal SOC suffer half the average financial damage. | Data Breach | ||
|
2019-10-01 10:32:28 | (Déjà vu) Friends Players Compromised in Data Breach with 218M Words (lien direct) | The same attacker was reportedly behind the Collection #1 and Collection #2 data dumps earlier this year. A cybercriminal operating under the alias Gnosticplayers has broken into the Words with Friends database and gained access to 218 million player records, The Hacker News reports. The popular puzzle game is owned by Zynga, one of the […] | Data Breach | ||
|
2019-09-30 12:50:50 | Why companies must start rehearsing their responses now to give them the best possible chance of mitigating cyberattacks when – and not if – they happen (lien direct) | By David Cook, Senior Associate – Privacy and Cyber Security Compliance and Litigation at Eversheds Sutherland, and finalist in the Security Serious Unsung Heroes Awards. It seems like barely a week goes by without a high-profile data breach being reported on the front pages of our newspapers. Hacking and cyberattacks appear to be becoming more […] | Data Breach | ||
|
2019-09-30 11:00:00 | 218M Words with Friends Players Compromised in Data Breach (lien direct) | The same attacker was reportedly behind the Collection #1 and Collection #2 data dumps earlier this year. | Data Breach | ||
 |
2019-09-30 03:00:00 | Marriott data breach FAQ: How did it happen and what was the impact? (lien direct) | In late 2018, the Marriott hotel chain announced that one of its reservation systems had been compromised, with hundreds of millions of customer records, including credit card and passport numbers, being exfiltrated by the attackers. While Marriott has not disclosed the full timeline or technical details of the assault, what we do know tells us quite a bit about the current threat landscape - and offers lessons for other enterprises on how to protect themselves.We answer 10 frequently asked questions.When was the Marriott breach? On September 8, 2018, an internal security tool flagged as suspicious an attempt to access the internal guest reservation database for Marriott's Starwood brands, which include the Westin, Sheraton, St. Regis, and W hotels. This prompted an internal investigation that determined, through a forensics process that Marriott has not discussed in detail, that the Starwood network had been compromised sometime in 2014 - back when Starwood had been a separate company. Marriott purchased Starwood in 2016, but nearly two years later, the former Starwood hotels hadn't been migrated to Marriott's own reservation system and were still using IT infrastructure inherited from Starwood, an important factor that we'll revisit in more detail later. | Data Breach Tool Threat | ||
|
2019-09-27 11:16:15 | Almost 5 million customers, delivery drivers and partners hit by DoorDash data breach – expert comments (lien direct) | Food delivery company, DoorDash, has confirmed it was hit by a data breach which exposed the data of close to 5 million customers, delivery people and partners. The breach took place in May of this year, and it’s unclear why it has taken DoorDash so long to reveal the details. According to a spokesperson for […] | Data Breach | ||
 |
2019-09-27 10:43:53 | DoorDash Data Breach Impacts 4.9M Users – Experts Comments (lien direct) | DoorDash has confirmed a data breach impacting 4.9 million users including customers, delivery workers (Dashers) and merchants. The food delivery company said that the breach happened on May 4 and that customers who joined after April 5, 2019 are not affected. It's still unclear why it took several months for DoorDash to publicly address the incident. … The ISBuzz Post: This Post DoorDash Data Breach Impacts 4.9M Users – Experts Comments | Data Breach | ||
|
2019-09-27 09:53:47 | (Déjà vu) Data Breach exposes DoorDash data info of 5 Million Users (lien direct) | DoorDash has announced a data breach where an unauthorized user was able to gain access to the personal information of 4.9 million consumers, Dashers, and merchants. In a security notice published on their site and through emails being sent to affected users, DoorDash states that an unauthorized party was able to gain access to user […] | Data Breach | ||
 |
2019-09-27 07:40:12 | DoorDash Data Breach exposes data of approximately 5 million users (lien direct) | DoorDash is a San Francisco–based on-demand food delivery service, the company confirmed it has suffered a data breach that exposed roughly 5 million users. DoorDash announced a data breach that exposed the personal information of 4.9 million consumers, Dashers, and merchants. According to the data breach notification sent to the impacted customers and the security note published […] | Data Breach | ||
 |
2019-09-27 02:08:41 | DoorDash Breach Exposes 4.9 Million Users\' Personal Data (lien direct) | Do you use DoorDash frequently to order your food online?
If yes, you are highly recommended to change your account password right now immediately.
DoorDash-the popular on-demand food-delivery service-today confirmed a massive data breach that affects almost 5 million people using its platform, including its customers, delivery workers, and merchants as well.
DoorDash is a San |
Data Breach | ||
 |
2019-09-26 17:07:12 | DoorDash Data Breach Exposes Info of Roughly 5 Million Users (lien direct) | DoorDash has announced a data breach where an unauthorized user was able to gain access to the personal information of 4.9 million consumers, Dashers, and merchants. [...] | Data Breach | ||
 |
2019-09-26 13:24:44 | CrowdStrike-Ukraine Explained (lien direct) | Trump's conversation with the President of Ukraine mentions "CrowdStrike". I thought I'd explain this.What was said?This is the text from the conversation covered in this“I would like you to find out what happened with this whole situation with Ukraine, they say Crowdstrike... I guess you have one of your wealthy people... The server, they say Ukraine has it.”Personally, I occasionally interrupt myself while speaking, so I'm not sure I'd criticize Trump here for his incoherence. But at the same time, we aren't quite sure what was meant. It's only meaningful in the greater context. Trump has talked before about CrowdStrike's investigation being wrong, a rich Ukrainian owning CrowdStrike, and a "server". He's talked a lot about these topics before.Who is CrowdStrike?They are a cybersecurity firm that, among other things, investigates hacker attacks. If you've been hacked by a nation state, then CrowdStrike is the sort of firm you'd hire to come and investigate what happened, and help prevent it from happening again.Why is CrowdStrike mentioned?Because they were the lead investigators in the DNC hack who came to the conclusion that Russia was responsible. The pro-Trump crowd believes this conclusion is false. If the conclusion is false, then it must mean CrowdStrike is part of the anti-Trump conspiracy.Trump always had a thing for CrowdStrike since their first investigation. It's intensified since the Mueller report, which solidified the ties between Trump-Russia, and Russia-DNC-Hack.Personally, I'm always suspicious of such investigations. Politics, either grand (on this scale) or small (internal company politics) seem to drive investigations, creating firm conclusions based on flimsy evidence. But CrowdStrike has made public some pretty solid information, such as BitLy accounts used both in the DNC hacks and other (known) targets of state-sponsored Russian hackers. Likewise, the Mueller report had good data on Bitcoin accounts. I'm sure if I looked at all the evidence, I'd have more doubts, but at the same time, of the politicized hacking incidents out there, this seems to have the best (public) support for the conclusion.What's the conspiracy?The basis of the conspiracy is that the DNC hack was actually an inside job. Some former intelligence officials lead by Bill Binney claim they looked at some data and found that the files were copied "locally" instead of across the Internet, and therefore, it was an insider who did it and not a remote hacker.I debunk the claim here, but the short explanation is: of course the files were copied "locally", the hacker was inside the network. In my long experience investigating hacker intrusions, and performing them myself, I know this is how it's normally done. I mention my own experience because I'm technical and know these things, in contrast with Bill Binney and those other intelligence officials who have no experience with such things. He sounds impressive that he's formerly of the NSA, but he was a mid-level manager in charge of budgets. Binney has never performed a data breach investigation, has never performed a pentest.There's other parts to the conspiracy. In the middle of all this, a DNC staffer was murdered on the street, possibley due to a mugging. Naturally this gets included as part of the conspiracy, this guy ("Seth Rich") must've been the "insider" in this attack, and mus | Data Breach Hack Guideline | NotPetya | |
|
2019-09-26 10:54:25 | Over 70,000 users\' data exposed via dating app, Heyyo (lien direct) | Yet another online dating data breach was reported, with yet another Elasticsearch server in question. Online dating app Heyyo has left an Elasticsearch server online without password protection. The unsecured server was discovered by security researchers at WizCase. The leak contained private information, including messages, photos, sexual preferences, occupation, and more for over 70,000 registered […] | Data Breach | ||
|
2019-09-26 10:53:13 | Over 8,000 Florida residents hit by possible data breach (lien direct) | The city of Palm Bay is monitoring a possible data breach involving the city's online utilities payment system. The company that operates the system found evidence of malware that may have compromised the billing information of thousands of customers. The city said the information on Click2Gov is encrypted, meaning if someone attempted to access billing information, […] | Data Breach Malware | ||
|
2019-09-23 12:03:18 | Verizon\'s Incident Preparedness And Response Report Urges Businesses To \'Be Prepared, Be Proactive And Practice, Practice, Practice\' (lien direct) | Incident Response Plans require frequent workouts to be fit for purpose NEW YORK – Businesses are more aware than ever of how cybercrime could impact their reputation, and their bottom line. Annual reports such as the Verizon Data Breach Investigations Report and the Verizon Insider Threat Report continue to flag those cyber-threats and trends that should be on every organization's radar. However, … The ISBuzz Post: This Post Verizon's Incident Preparedness And Response Report Urges Businesses To 'Be Prepared, Be Proactive And Practice, Practice, Practice' | Data Breach Threat | ||
 |
2019-09-23 08:46:59 | NEW TECH: How \'cryptographic splitting\' bakes-in security at a \'protect-the-data-itself\' level (lien direct) | How can it be that marquee enterprises like Capital One, Marriott, Facebook, Yahoo, HBO, Equifax, Uber and countless others continue to lose sensitive information in massive data breaches? Related: Breakdown of Capital One breach The simple answer is that any organization that sustains a massive data breach clearly did not do quite enough to protect […] | Data Breach | Equifax Yahoo Uber | |
|
2019-09-23 08:04:23 | Thinkful forces a password reset for all users after a data breach (lien direct) | The online education platform for developers Thinkful suffered a security breach and is notifying the incident to its customers requiring them to reset their passwords. The online education platform for developers Thinkful has suffered a data breach, just a few days after it has announced it would be acquired by the education tech firm Chegg for […] | Data Breach | ||
 |
2019-09-20 15:43:55 | 200,000 Sign Petition Against Equifax Data Breach Settlement (lien direct) | 200,000 Sign Petition to "Force Equifax to Pay for Their Greed" | Data Breach | Equifax | |
|
2019-09-19 13:45:54 | Yahoo data breach settlement means affected users may get $100 (lien direct) | If you had a Yahoo account between January 1, 2012 and December 31, 2016, you may be entitled to a bit of money. | Data Breach | Yahoo | |
|
2019-09-18 16:15:52 | Malindo Air has confirmed passenger data breach. (lien direct) | KUALA LUMPUR: Malaysia’s Malindo Air, a subsidiary of Indonesia’s Lion Group, said on Wednesday (Sep 18) it was investigating a data breach involving the personal details of its passengers. Malindo Air’s statement followed a report by Moscow-based cybersecurity firm Kaspersky Lab that the details of around 30 million passengers of Malindo and fellow Lion Group subsidiary […] | Data Breach | ||
|
2019-09-18 07:11:00 | IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador\'s History (lien direct) | Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country's history.
Personal records of more than 20 million adults and children, both dead and alive, were found publicly exposed on an unsecured |
Data Breach | ||
|
2019-09-17 16:11:39 | Arrest made in Ecuador\'s massive data breach (lien direct) | Ecuador police arrest director of data analytics firm that leaked the personal records of most of Ecuador's population. | Data Breach | ||
|
2019-09-17 11:10:24 | Financial asset firm PCI ordered to pay $1.5 million for poor cybersecurity practices (lien direct) | Phillip Capital Inc. has been penalized for a data breach and failing to disclose the incident to clients quickly. | Data Breach | ||
|
2019-09-17 01:02:42 | Security Firm: Data Breach Exposes Millions of Ecuadorians (lien direct) | Millions of Ecuadorians are at risk of identity theft because a security breach exposed a trove of data including names, phone numbers and birth dates, a cyber security firm said Monday. | Data Breach | ||
 |
2019-09-16 13:00:00 | Hacker prevention: tips to reduce your attack surface (lien direct) |
These days it seems that every time you open your favorite news source there is another data breach related headline. Victimized companies of all sizes, cities, counties, and even government agencies have all been the subject of the “headline of shame” over the past several months or years. With all this publicity and the increasing awareness of the general public about how data breaches can impact their personal privacy and financial wellbeing, it is no surprise that there is a lot of interest in preventing hacking. The trouble is that there is no way to prevent others from attempting to hack into any target they chose. Since there is a practically limitless number of targets to choose from, the attacker need only be lucky or skilled enough to succeed once. In addition, the risk of successful prosecution of perpetrators remains low. However, while you can’t prevent hacking, you can help to reduce your attack surface to make your organization less likely to be the subject of attacks.
At this point, lets differentiate between opportunistic attacks and targeted attacks. Opportunistic attacks are largely automated, low-complexity exploits against known vulnerable conditions and configurations. Ever wonder why a small business with a small geographic footprint and almost no online presence gets compromised? Chances are good they just had the right combination of issues that an automated attack bot was looking to exploit. These kinds of events can potentially end a small to medium business as a going concern while costing the attacker practically nothing.
Targeted attacks are a different story all together. These attacks are generally low, slow and persistent; targeting your organizations technical footprint as well as your employees, partners and supply chain. While targeted attacks may utilize some of the same exploitable conditions that opportunistic attacks use, they tend to be less automated in nature so as to avoid possible detection for as long as possible. In addition, they may involve a more frequent use of previously unknown exploit vectors (“zero day’s”) to reach their goals or abuse trusted connections with third parties to gain access to your organization. Ultimately it doesn’t matter which of these kinds of attacks results in a breach event, but it is important to think of both when aligning your people, processes and technology for maximum effect to mitigate that risk.
There have been many articles written regarding best practices for minimizing the risk of a cyber-security incident. Rather than recount a list of commonly cited controls, I would like to approach the topic from a slightly different perspective and focus on the top six technical controls that I feel are likely to help mitigate the most risk, provided that all the “table stakes” items are in place (i.e. you have a firewall, etc.).
Patch and Update Constantly: Ultimately the most hacker-resistant environment is the one that is best administered. Organizations are short cutting system and network administration activities through budget / staff reductions and lack of training. This practice often forces prioritization and choice about what tasks get done sooner, later or at all. Over time this creates a large, persistent baseline of low to medium risk issues in the environment that can contribute to a wildfire event under the right conditions. Lack |
Data Breach Malware Hack | ||
|
2019-09-16 04:57:16 | How Cloud-Based Automation Can Keep Business Operations Secure (lien direct) | The massive data breach at Capital One – America's seventh-largest bank, according to revenue – has challenged many common assumptions about cloud computing for the first time.
Ironically, the incident, which exposed some 106 million Capital One customers' accounts, has only reinforced the belief that the cloud remains the safest way to store sensitive data.
"You have to compare [the cloud] |
Data Breach | ||
 |
2019-09-12 10:45:02 | 5 Things You Can Do After a Data Breach to Help Mitigate Cost (lien direct) | >Reading Time: 5 minutes The cost of a data breach is rising, and a carefully planned and regularly rehearsed response can go a long way toward saving your company money in the wake of a security incident. | Data Breach | ||
 |
2019-09-12 08:00:22 | How to Foil the 6 Stages of a Network Intrusion (lien direct) | The cost of a breach is on the rise. A recent report from IBM revealed that the average cost of a data breach had risen 12 percent over the past five years to $3.92 million per incident on average. Additionally, this publication uncovered that data breaches originating from malicious digital attacks were both the most […]… Read More | Data Breach | ||
|
2019-09-12 03:00:42 | (Déjà vu) What to Do If You Receive a Legitimate \'Unusual Account Activity\' Notice (lien direct) | Sadly, it's all too common for consumers to receive notices of “unusual account activity” these days. Yes, service providers might send out these letters after learning of a data breach that affected a large portion of their customer base. But sprawling security incidents aren't the only motivation here for issuing these types of notifications. Indeed, […]… Read More | Data Breach | ||
|
2019-09-12 03:00:04 | What to Do If You Receive a Legitimate “Unusual Account Activity” Notice (lien direct) | Sadly, it's all too common for consumers to receive notices of “unusual account activity” these days. Yes, service providers might send out these letters after learning of a data breach that affected a large portion of their customer base. But sprawling security incidents aren't the only motivation here for issuing these types of notifications. Indeed, […]… Read More | Data Breach | ||
|
2019-09-10 14:14:03 | CirclCI Data Breach Exposed Customer GitHub And Bitbucket Logins (lien direct) | According to this link, https://www.scmagazineuk.com/circlci-data-breach-exposed-customer-github-bitbucket-logins/article/1595997, CircleCI has informed its clients that a third-party analytics vendor suffered an incident exposing login information for their GitHub and Bitbucket accounts. The information compromised included usernames and email addresses associated with GitHub and Bitbucket and IP addresses and user agent strings Additionally, organisation name, repository URLs and names, branch names, … The ISBuzz Post: This Post CirclCI Data Breach Exposed Customer GitHub And Bitbucket Logins | Data Breach | ||
|
2019-09-09 19:06:05 | More than 99% of attacks in the past year relied on human error to gain access (lien direct) | Experiencing a data breach purely from being internet-connected is quite rare. Hackers rely on users to open or install a malicious payload, according to Proofpoint. | Data Breach | ||
|
2019-09-05 13:15:03 | Over 328,000 Users Hit By Foxit Data Breach (lien direct) | It has been reported that PDF solutions provider Foxit has informed customers that it had recently detected unauthorised access to data associated with its “My Account” service. The company told SecurityWeek that the incident impacted 328,549 users. The compromised data includes names, email addresses, passwords, phone numbers, company names, and IP addresses, but payment information was not exposed. The ISBuzz Post: This Post Over 328,000 Users Hit By Foxit Data Breach | Data Breach | ||
|
2019-09-05 13:10:04 | Multicloud Deployments Are Twice As Likely To Fall Victim To Security Breaches (lien direct) | A new report has found that 52% of multicloud environments have suffered a breach within the past year, compared with 24% of hybrid cloud users. More than half of firms running multicloud environments have been hit with a data breach in the past year, compared with 24% of hybrid cloud organisations and 24% of single-cloud users. Great article on … The ISBuzz Post: This Post Multicloud Deployments Are Twice As Likely To Fall Victim To Security Breaches | Data Breach | ||
|
2019-09-05 13:00:00 | DK-Lok data breach exposes global enterprise client data, internal emails (lien direct) | Requests to plug the leaking database were read and trashed - information ironically revealed through the exposed system. | Data Breach | ||
|
2019-09-04 13:00:00 | Yves Rocher Third Party Data Breach Exposes Millions Of Customer Records (lien direct) | Cosmetics giant Yves Rocher is warning that a major data leak exposed the personal data of millions of its customers and sensitive internal company information to the public. The data exposure stems from a database left unprotected by a third-party consultant to the firm. Researchers with vpnMentor on Monday said that they discovered an unprotected Elasticsearch … The ISBuzz Post: This Post Yves Rocher Third Party Data Breach Exposes Millions Of Customer Records | Data Breach | ||
|
2019-09-04 12:49:03 | (Déjà vu) Exposed Data From Mastercard Loyalty Scheme Breach Now Online (lien direct) | It has been reported that a database containing sensitive information of about 90,000 German Mastercard “Priceless Specials” loyalty program members shared online following a breach discovered on August 20 was added to data breach site Have I Been Pwned on September 1. MasterCard has notified German and Belgium regulators of a data breach affecting customers of its ‘Priceless … The ISBuzz Post: This Post Exposed Data From Mastercard Loyalty Scheme Breach Now Online | Data Breach | ||
|
2019-09-04 12:39:02 | (Déjà vu) Cracked Passwords For Millions Of Poshmark Accounts Being Sold Online (lien direct) | Dehashed login details for customers of Poshmark, an online marketplace for buying and selling used clothes and accessories, have been circulating online following the data breach a few months ago. At the beginning of the year, Poshmark announced that it had 40 million community members. According to data breach platform Have I Been Pwned, login details … The ISBuzz Post: This Post Cracked Passwords For Millions Of Poshmark Accounts Being Sold Online | Data Breach | ||
|
2019-09-04 10:06:04 | Customer personal information exposed on flight booking side, Option Way. (lien direct) | A data breach at flight booking site Option Way exposed personal details on passengers and their flight and travel plans. Researchers at vpnMentor led by Noam Rotem and Ran Locar were “able to access over 100 GB of data, a massive amount of customers' unencrypted Personally Identifiable Information (PII),” including names, birth dates, gender email addresses, […] | Data Breach | ||
|
2019-09-04 10:05:04 | (Déjà vu) 562,000 users emails and passwords have been exposed due to the XKCD Forum breach. (lien direct) | The forums of the XKCD webcomic created by Randall Munroe in 2005 are currently offline after being impacted by a data breach which exposed the information of 561,991 users on July 1. The compromised user information including usernames, emails, and IP addresses, as well as hashed and salted passwords stored in MD5 phpBB3 format, was added to Have […] | Data Breach | ||
|
2019-09-04 04:50:03 | Over 328,000 Users Hit by Foxit Data Breach (lien direct) | PDF solutions provider Foxit last week informed customers that it had recently detected unauthorized access to data associated with its “My Account” service. | Data Breach | ||
|
2019-09-03 19:47:04 | XKCD forum data breach impacted 562,000 subscribers (lien direct) | The popular webcomic platform XKCD has suffered a data breach that exposed data of its forum users, the incident impacted 562,000 subscribers. XKCD is one of the most popular webcomic platform created by the American author Randall Munroe in 2005, it is a webcomic of romance, sarcasm, math, and language. XKCD has suffered a data […] | Data Breach | ||
|
2019-09-03 14:24:03 | 562,000 Impacted in XKCD Forum Data Breach (lien direct) | The XKCD forum has been taken offline after suffering a data breach that impacted 562,000 subscribers. The forum is associated with XKCD, a webcomic that American author Randall Munroe created in 2005, and which is described in its tagline as “A webcomic of romance, sarcasm, math, and language.” | Data Breach | ||
|
2019-09-03 11:53:01 | XKCD Forum Breach Exposes Emails, Passwords of 562,000 Users (lien direct) | The forums of the XKCD webcomic created by Randall Munroe in 2005 are currently offline after being impacted by a data breach which exposed the information of 561,991 users on July 1. [...] | Data Breach | ||
|
2019-09-03 08:31:02 | XKCD Forum Hacked – Over 562,000 Users\' Account Details Leaked (lien direct) | XKCD-one of the most popular webcomic platforms known for its geeky tech humor and other science-laden comic strips on romance, sarcasm, math, and language-has suffered a data breach exposing data of its forum users.
The security breach occurred two months ago, according to security researcher Troy Hunt who alerted the company of the incident, with unknown hackers stealing around 562,000 |
Data Breach | ||
|
2019-09-03 05:05:00 | One million cracked Poshmark accounts being sold online (lien direct) | Login details of more than 36 million Poshmark accounts are available for sale in the cybercrime underground. Earlier in August, Poshmark, a social commerce marketplace where people in the United States can buy and sell new or used clothing, shoes, and accessories, disclosed a data breach that took place in May 2018. The company discovered […] | Data Breach | ||
|
2019-09-02 17:06:04 | Data of 90K Mastercard Priceless Specials Members Shared Online (lien direct) | A database containing sensitive information of about 90,000 German Mastercard "Priceless Specials" loyalty program members shared online following a breach discovered on August 20 was added to data breach site Have I Been Pwned on September 1. [...] | Data Breach |
To see everything:
Our RSS (filtrered)
