What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-05 13:25:00 | Nature vs. Nurture Tip 3: Employ SCA With SAST (lien direct) |  For this year???s State of Software Security v11 (SOSS) report, we examined how both the ???nature??? of applications and how we ???nurture??? them contribute to the time it takes to close out a security flaw. We found that the ???nature??? of applications ??? like size or age ??? can have a negative effect on how long it takes to remediate a security flaw. But, taking steps to ???nurture??? the security of applications ??? like using multiple application security (AppSec) testing types ??? can have a positive effect on how long it takes to remediate security flaws.
In our first blog, Nature vs. Nurture Tip 1: Use DAST With SAST, we explored how organizations that combine DAST with SAST address 50 percent of their open security findings almost 25 days faster than organizations that only use SAST. In our second blog, Nature vs. Nurture Tip 2: Scan Frequently and Consistently, we addressed the benefits of frequent and consistent scanning by highlighting the SOSS finding that organization that scan their applications at least daily reduced time to remediation by more than a third, closing 50 percent of security flaws in 2 months.
For our third tip, we will explore the importance of software composition analysis (SCA) and how ??? when used in conjunction with static application security testing (SAST) ??? it can shorten the time it takes to address security flaws.
What is SCA and why is it important?
SCA inspects open source code for vulnerabilities. Some assume that open source code is more secure than first-party code because there are ???more eyes on it,??? but that is often not the case. In fact, according to our SOSS report, almost one-third of applications have more security findings in their third-party libraries than in primary code. Given that a typical Java application is 97 percent third-party code, this is a concerning statistic.
Since SCA is the only AppSec testing type that can identify vulnerabilities in open source code, if you don???t employ SCA, you could find yourself victim of a costly breach. In fact, in 2017, Equifax suffered a massive data breach from Apache Struts that compromised the data ??? including Social Security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent.
How can SCA with SAST shorten time to remediation?
If you are only using static analysis to assess the security of your code, your attack surface is likely bigger than you think. You need to consider third-party code as part of your attack surface, which is only uncovered by using SCA.
By incorporating software composition analysis into your security testing mix, you can find and address more flaws. According to SOSS, organizations that employ ???good??? scanning practices (like SCA with SAST), tend to be more mature and further along in their AppSec journey. And organizations with mature AppSec programs tend to remediate flaws faster. For example, employing SCA with SAST cuts ti |
Data Breach | Equifax | |
 |
2021-01-04 22:52:14 | Apex Laboratory disclose data breach after a ransomware attack (lien direct) | At-home laboratory services provider Apex Laboratory discloses a ransomware attack and consequent data breach. Apex Laboratory, Inc. is a clinical laboratory that has been providing home laboratory services to homebound and Nursing Home patients in the NY Metropolitan Area for over 20 years. The at-home laboratory services provider Apex Laboratory disclosed a ransomware attack, the […] | Ransomware Data Breach | ||
 |
2021-01-04 17:09:53 | T-Mobile Faces Yet Another Data Breach (lien direct) | The cyberattack incident is the wireless carrier's fourth in three years. | Data Breach | ||
 |
2021-01-04 14:10:00 | T-Mobile Hacked -- Again (lien direct) | The wireless carrier has suffered a data breach for the fourth time since 2018. | Data Breach | ||
 |
2021-01-04 12:25:19 | (Déjà vu) Hacker sells 368.8 million stolen user records on the dark web (lien direct) | A data breach broker has stolen the user records from twenty-six companies and is selling them on a hacker forum. Last Friday the hacker began to sell the 368.8 million stolen records on a hacker forum, with prices ranging from $1,800 to $4,000 depending on the company that the data was stolen from. Eight of […] | Data Breach | ||
 |
2021-01-04 10:45:24 | T-Mobile discloses its fourth data breach in three years (lien direct) | Personal details and financial information was not exposed, T-Mobile said. | Data Breach | ||
|
2020-12-31 18:48:52 | (Déjà vu) Threat actor is selling 368.8 million records from 26 data breaches (lien direct) | A data breach broker is selling user records allegedly from twenty-six data breaches on a hacker forum. Security experts from Bleeping Computer reported that a threat actor is selling user records allegedly stolen from twenty-six companies on a hacker forum. The total volume of data available for sale is composed of 368.8 million stolen user […] | Data Breach Threat | ||
 |
2020-12-31 10:04:01 | Data breach broker selling user records stolen from 26 companies (lien direct) | A data breach broker is selling the allegedly stolen user records for twenty-six companies on a hacker forum, BleepingComputer has learned. [...] | Data Breach | ||
|
2020-12-30 23:13:06 | (Déjà vu) T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed (lien direct) | T-Mobile has disclosed a data breach that exposed customers’ network information (CPNI), including phone numbers and calls records. T-Mobile has disclosed a data breach exposing customers’ account’s information. The T-Mobile security staff discovered “malicious, unauthorized access” to their systems. “We are reaching out to let you know about a security incident we recently identified and […] | Data Breach | ||
|
2020-12-30 12:04:12 | T-Mobile data breach exposed phone numbers, call records (lien direct) | T-Mobile has announced a data breach exposing customers' proprietary network information (CPNI), including phone numbers and call records. [...] | Data Breach | ||
|
2020-12-29 15:11:13 | Japanese Aerospace Firm Kawasaki Warns of Data Breach (lien direct) | The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data. | Data Breach | ||
|
2020-12-26 13:51:17 | Koei Tecmo discloses data breach after hacker leaks stolen data (lien direct) | Japanese game developer Koei Tecmo has disclosed a data breach and taken their European and American websites offline after stolen data was posted to a hacker forum. [...] | Data Breach | ||
|
2020-12-24 13:12:37 | FreePBX developer Sangoma hit with Conti ransomware attack (lien direct) | Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online. [...] | Ransomware Data Breach | ||
|
2020-12-24 10:20:49 | NetGalley discloses data breach after website was hacked (lien direct) | The NetGalley book promotion site has suffered a data breach that allowed threat actors to access a database with members' personal information. [...] | Data Breach Threat | ||
 |
2020-12-22 19:47:00 | Don\'t let a data breach sink your business: Here\'s what you need to know (lien direct) | Experts offer insights about the legal and financial hits, as well as the devastating loss of reputation, your business might suffer if it is the victim of a data breach. | Data Breach | ||
 |
2020-12-21 22:33:02 | Breach alerts dismissed as junk? New guide for sending vital emails may help (lien direct) | The SolarWinds supply chain attack will likely prompt scores of compromised companies to send critical data breach notifications to their customers. But steps may be required to ensure these and other critical messages don't get ignored, bounced or quarantined. | Data Breach | ||
 |
2020-12-21 04:00:31 | The 10 Most Common Website Security Attacks (and How to Protect Yourself) (lien direct) | Every website on the Internet is somewhat vulnerable to security attacks. The threats range from human errors to sophisticated attacks by coordinated cyber criminals. According to the Data Breach Investigations Report by Verizon, the primary motivation for cyber attackers is financial. Whether you run an eCommerce project or a simple small business website, the risk […]… Read More | Data Breach | ||
 |
2020-12-18 20:24:54 | Experts Insight On People\'s Energy Data Breach (lien direct) | Following news that People’s Energy has suffered a data breach affecting all 270,000 customers, Information security experts provide an insight below. The ISBuzz Post: This Post Experts Insight On People’s Energy Data Breach | Data Breach | ||
 |
2020-12-18 16:41:43 | SolarWinds hack impacts U.S. government and military, exposes most of Fortune 500 (lien direct) | In mid-December, security analysts announced a serious data breach at two U.S. government departments. The SolarWinds hack has turned out to be one of the most far-reaching and sophisticated cyberattacks ever carried out against the U.S. government - the full impact of which now appears to go well beyond what was initially suspected. In the past few days, we've learned more about the incident, including the scope, the attack vector, and ... | Data Breach Hack | ||
 |
2020-12-18 11:05:00 | UK Energy Firm Suffers Data Breach Impacting Entire Customer Database (lien direct) | Customers have been contacted following the incident | Data Breach | ||
 |
2020-12-17 14:34:41 | People\'s Energy data breach affects all 270,000 customers (lien direct) | The data stolen includes individuals' names, addresses and some dates of birth but not bank details. | Data Breach | ||
|
2020-12-16 15:17:43 | Irish Twitter fine Is Seasonal Reminder That Hackers Don\'t Take A Break (lien direct) | I know there are big breaches everywhere at the moment, Solarwinds being on fire and all, but see below for comments in response to the Twitter data breach fine in… The ISBuzz Post: This Post Irish Twitter fine Is Seasonal Reminder That Hackers Don’t Take A Break | Data Breach | ||
|
2020-12-15 17:53:00 | California Hospital Notifies 67k Patients of Data Breach (lien direct) | October cyber-attack may have exposed data belonging to 67k patients of Sonoma Valley Hospital | Data Breach | ||
|
2020-12-15 14:36:26 | Twitter fined £400,000 for breaking EU data law (lien direct) | The firm acknowledges it failed to notify the regulator of its 2019 data breach within the required time. | Data Breach | ||
 |
2020-12-15 11:00:00 | Why application-layer encryption is essential for securing confidential data (lien direct) | This blog was written by an independent guest blogger. Your business is growing at a steady rate, and you have big plans for the future. Then, your organization gets hit by a cyberattack, causing a massive data breach. Suddenly, your company’s focus is shifted to sending out letters to angry customers informing them of the incident - which is required by law in most states - and devising strategies to deal with the backlash. This is an all too common scenario for many businesses, and the unfortunate truth is that most organizations fail to adopt the correct cybersecurity procedures until after an attack. The good news is that with a proactive approach to protecting your data, these kinds of nightmares can be avoided. New technology is constantly providing hackers new opportunities to commit cybercrimes. Most organizations have encrypted their data whether it’s stored on the cloud or in a server provided by their web host, but this isn’t enough. Even properly encrypted disc level encryption is vulnerable to security breaches. In this article, we will discuss the weaknesses found in disc level encryption and why it’s best to ensure your data is encrypted at the application layer. We’ll also discuss the importance of active involvement from a cybersecurity team in the beginning stages of application development, and why developers need to have a renewed focus on cybersecurity in a “security-as-code” culture. The importance of application-layer security Organizations all too often have a piecemeal, siloed approach to security. Increasingly competitive tech environments have pushed developers into building new products at a pace cybersecurity experts sometimes can’t keep up with. This is why it’s becoming more common for vulnerabilities to be detected only after an application launches or a data breach occurs. Application layer encryption reduces surface area and encrypts data at the application level. That means if one application is compromised, the entire system does not become at risk. To reduce attack surfaces, individual users and third parties should not have access to encrypted data or keys. This leaves would-be cybercriminals with only the customer-facing end of the application for finding vulnerabilities, and this can be easily protected and audited for security. Building AI and application-layer security into code Application layer security and building security into the coding itself requires that your DevOps and cybersecurity experts work closely together to form a DevSecOps dream team. Developers are increasingly working hand-in-hand with cybersecurity experts from the very beginning stages of software development to ensure a “security-as-code” culture is upheld. However, there are some very interesting developments in AI that present opportunities to streamline this process. In fact, 78% of data scientists agree that artificial intelligence will have the greatest impact on data protection for the decade. Here are four ways AI is transforming application layer security: 1. Misuse detection or application security breach detection Also referred to as signature-based detection, AI systems alert teams when familiar attack patterns are noticed. | Data Breach Vulnerability Threat | Deloitte | |
|
2020-12-14 20:45:31 | Spotify Changes Passwords After Another Data Breach (lien direct) | This is the third breach in the past few weeks for the world's most popular streaming service. | Data Breach | ||
|
2020-12-14 14:10:33 | Spotify Pushes Pw. Reset After Leak – Gurucul, Point3 And YouAttest Perspectives (lien direct) | The massively popular streaming service Spotify issued a data breach notice stating data exposed “may have included email address, your preferred display name, password, gender, and date of birth only… The ISBuzz Post: This Post Spotify Pushes Pw. Reset After Leak – Gurucul, Point3 And YouAttest Perspectives | Data Breach | ||
|
2020-12-14 08:13:23 | Robotic Process Automation vendor UiPath discloses data breach (lien direct) | Last week, ZDnet reported in an exclusive that the tech unicorn UiPath admitted having accidentally exposed the personal details of some users. UiPath is a leading Robotic Process Automation vendor providing a complete software platform to help organizations efficiently automate business processes. The startup started reporting the security incident to its customers that had their data […] | Data Breach Guideline | ||
|
2020-12-11 12:52:36 | Ledger cryptocurrency wallets stolen in fake data breach (lien direct) | Ledger wallet users have been targetted by a phishing scam which used a fake data breach notification in order to steal cryptocurrency. The wallets were secured using a 24-word recovery phrase and support 12, 18, or 24-word recovery phrases used by other wallets. If someone knows the recovery phrase then they are able to access […] | Data Breach | ||
|
2020-12-10 22:40:39 | Tech unicorn UiPath discloses data breach (lien direct) | EXCLUSIVE: UiPath admits to accidentally exposing a sensitive file containing the personal details of some of its registered users. | Data Breach | ||
|
2020-12-10 17:54:40 | Fake data breach alerts used to steal Ledger cryptocurrency wallets (lien direct) | A phishing scam is underway that targets Ledger wallet users with fake data breach notifications used to steal cryptocurrency from recipients. [...] | Data Breach | ||
 |
2020-12-10 08:03:00 | FireEye breach explained: How worried should you be? (lien direct) | Cybersecurity firm FireEye announced Tuesday that a sophisticated group of hackers, likely state-sponsored, broke into its network and stole tools the company's experts developed to simulate real attackers and test the security of its customers. While this is a worrying development, it's unlikely that this will result in a significant risk increase to organizations, as some offensive tool leaks did in the past. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach Tool | ||
 |
2020-12-08 15:00:00 | Data Encryption: Simplifying Enterprise Key Management (lien direct) | Data encryption can help prevent malicious users and rogue processes from taking control of sensitive data. According to the 2020 Cost of a Data Breach report, the use of encryption is a top factor in reducing that cost. But, encrypted data is only as safe as the encryption keys. The IT or security teams must carefully manage […] | Data Breach | ||
|
2020-12-07 17:23:10 | Experian predicts 5 key data breach targets for 2021 (lien direct) | The pandemic warfare will shift to vaccine supply chains, home networks, and data from telemedicine visits in the new year. | Data Breach | ||
|
2020-12-04 10:53:17 | Israeli insurance company extorted by BlackShadow hackers (lien direct) | An Israeli insurance company has suffered a data breach with the attackers demanding almost $1 million in bitcoin as a ransom to prevent the companies stolen data being exposed. On November 30 the cybercrime group BlackShadow tweeted that they hacked into Shirbit, an Israeli insurance company, and had stolen files during the attack. “A huge […] | Data Breach | ||
|
2020-12-03 12:00:00 | Two cybersecurity hygiene actions to improve your digital life in 2021 (lien direct) | This blog was written by an independent guest blogger. It is that time of year again where we start planning resolutions for the coming year. A good start is putting cybersecurity on the top of the list whether you are a business or individual. According to a University of Maryland study, Hackers attack every 39 seconds, on average 2,244 times a day. It may be even higher now that more of us are working remotely because of Covid19 and the attack surface has greatly expanded in numbers and vulnerability. Clearly, with the plethora of breaches, spams, and ransomware we already experienced in 2020, we need to be better prepared in 2021. What are a couple of cybersecurity hygiene action upgrades that will improve outcomes in 2021? #1 Passwords Poor passwords have always been viewed as the low hanging fruit for hackers as the easiest way into the crown jewels of data. Yet, many still use common passwords such as #132456 #password, or birthdays that pose little barriers to letting the bad guys access your accounts, In fact, a UK National Cyber Security Centre 2019 survey analysis discovered that 23.2 million victim accounts from all parts of the world used 123456 as a password. Another 7.8 million data breach victims chose a 12345678 password. More than 3.5 million people globally picked up the word "password" to protect access to their sensitive information. Now that we have all become creatures of social media, hackers can use social engineering tactics by exploring your social media accounts that often highlight pet names (quite often used as passwords - I admit I have been guilty of that too) or other identifiable items that may give clues to passwords and interests. What is particularly alarming is that there are algorithmic programs that can also utilize public social sites and marketing information to “guess” passwords. Actions: remedies are easy to get beyond that bad habit of using easy passwords to crack. Do not use default passwords on your devices and when you do create passwords make them complicated. Consider making them long or using phrases with letters, numbers and characters. Also, do not use the same password for multiple accounts. Make it difficult for hackers to get in with one try. Make their challenges more difficult by using multifactor or biometric authentication such as a fingerprint, facial recognition, or texts to verify it is you when you sign in. And if you want to make things less stressful on your memory (we all forget our passwords), consider using a security token and/or password manager. The bottom line is that secure passwords are a basic step to stronger cyber hygiene. #2 Phishing Phishing is the tool of choice for many hackers. Phishing is commonly defined as a technique of hackers to exfiltrate your valuable data, or to spread malware. Anyone can be fooled by a targeted phish, especially when it appears to be coming as a personal email from someone higher up the work chain, or from a bank, organization or a website you may frequent. Usually the phishing malware comes via email attachments but can also be web-based. According to an analysis by Webroot, 46,000 new phishing sites are created every day and 1.385 million new, unique phishing sites are created each month. At a more granular level, the firm Wandera says that a new phishing site launches every 20 seconds. Advances in technologies have made it easier for hackers to phish. They can use readily available digital graphics, apply social engineering data, and a vast array of phishing tools, including some automated by machine learning. Phishing is often accompanied by ransomware and a tactic for hackers is to target leadership a | Ransomware Data Breach Malware Tool Vulnerability Threat Guideline | ||
|
2020-12-02 14:59:19 | COMMENT: AspenPointe Warns 295K Patients Of Data Breach exposing Their Personal Identifiable Information And Health Data (lien direct) | It was reported that the nonprofit U.S. healthcare provider AspenPointe has notified patients of a data breach. In a media statement, AspenPointe said they discovered unauthorised access to their network in September… The ISBuzz Post: This Post COMMENT: AspenPointe Warns 295K Patients Of Data Breach exposing Their Personal Identifiable Information And Health Data | Data Breach | ||
|
2020-12-01 11:00:00 | The Future of Cybersecurity: How to Prepare for a Crisis in 2020 and Beyond (lien direct) | When it comes to the future of cybersecurity, an ounce of prevention is worth far more than a pound of cure. According to the Ponemon Institute and IBM Security’s 2020 Cost of a Data Breach Report, enterprises that designated an incident response (IR) team, developed a cybersecurity incident response plan (CSIRP) and tested their plan […] | Data Breach | ||
|
2020-11-30 13:12:44 | Healthcare provider AspenPointe data breach affects 295K patients (lien direct) | U.S. healthcare provider AspenPointe notified patients of a data breach stemming from a September 2020 cyberattack that enabled attackers to steal protected health information (PHI) and personally identifiable information (PII). [...] | Data Breach | ||
|
2020-11-27 10:07:06 | Networking equipment vendor Belden discloses data breach (lien direct) | Belden says hackers accessed a limited number of company's file servers. | Data Breach | ||
|
2020-11-27 08:23:46 | Canon publicly confirms August ransomware attack and data breach (lien direct) | Canon finally confirmed that it has suffered a ransomware attack in early August that resulted in the theft of data from its servers. Canon has finally confirmed that it was the victim of a ransomware attack in early August and that the threat actors also stole data from its servers. In August, ZDNet first revealed […] | Ransomware Data Breach Threat | ||
|
2020-11-25 23:09:03 | Belden discloses data breach as a result of a cyber attack (lien direct) | Belden, the manufacturer of networking and cable products, disclosed a data breach, threat actors have stolen employee and business information. The manufacturer of networking and cable products Belden disclosed a data breach, the company revealed that attackers gained “unauthorized access and copying of some current and former employee data, as well as limited company information […] | Data Breach Threat | ||
|
2020-11-25 14:24:15 | Retail giant Home Depot agrees to a $17.5 million settlement over 2014 data breach (lien direct) | Retail giant Home Depot has agreed to a $17.5 million settlement in a multi-state investigation of the data breach that the company suffered in 2014. The US largest home improvement retailer giant Home Depot agrees to $17.5 million settlement over the 2014 data breach. In 2014, Home Depot revealed that the data breach impacted 56 million customers […] | Data Breach | ||
|
2020-11-25 10:07:21 | Home Depot agrees to $17.5 million settlement over 2014 data breach (lien direct) | The US retailer's point-of-sale systems were infected with malware. | Data Breach | ||
|
2020-11-24 03:00:00 | (Déjà vu) 8 types of phishing attacks and how to identify them (lien direct) | Every data breach and online attack seems to involve some kind of phishing attempt to steal password credentials, to launch fraudulent transactions, or to trick someone into downloading malware. Indeed, Verizon's 2020 Data Breach Investigations Report finds that phishing is the top threat action associated with breaches.Enterprises regularly remind users to beware of phishing attacks, but many users don't really know how to recognize them. And humans tend to be bad at recognizing scams. | Data Breach Threat | ||
|
2020-11-24 03:00:00 | 8 types of phishing attack and how to identify them (lien direct) | Every data breach and online attack seems to involve some kind of phishing attempt to steal password credentials, to launch fraudulent transactions, or to trick someone into downloading malware. Indeed, Verizon's 2020 Data Breach Investigations Report finds that phishing is the top threat action associated with breaches.Enterprises regularly remind users to beware of phishing attacks, but many users don't really know how to recognize them. And humans tend to be bad at recognizing scams. | Data Breach Threat | ||
|
2020-11-19 18:30:00 | Iowa Hospital Alerts 60K Individuals Affected by June Data Breach (lien direct) | The data breach began with a compromised employee email account. | Data Breach | ||
|
2020-11-18 11:00:31 | How to prevent expensive data breaches in the cloud (lien direct) | Security has become a major concern for customers of cloud service storage providers as more organizations migrate sensitive data and services to the cloud. A recent Ermetic survey found that nearly 80 percent of companies had experienced at least one cloud data breach in the past 18 months, while 43 percent reported 10 or more… | Data Breach | ||
|
2020-11-17 13:32:26 | Ticketmaster Fined £1.25m Over Payment Data Breach (lien direct) | The UK's Information Commissioner’s Officer confirmed on Friday that it was fining Ticketmaster £1.25 million in relation to a data breach of the ticketing firm's website back in 2018. The ISBuzz Post: This Post Ticketmaster Fined £1.25m Over Payment Data Breach | Data Breach | ||
|
2020-11-16 10:45:39 | Expert Insight: Info Of 27.7 Million Texas Drivers Exposed In Vertafore Data Breach (lien direct) | According to ZDNet, Vertafore, a provider of insurance software, has disclosed this week a data breach, admitting that a third-party accessed the details of 27.7 million Texas drivers. The incident… The ISBuzz Post: This Post Expert Insight: Info Of 27.7 Million Texas Drivers Exposed In Vertafore Data Breach | Data Breach |
To see everything:
Our RSS (filtrered)
