What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-20 18:46:39 | Sequoia Capital Venture Capital firm discloses a data breach (lien direct) | Sequoia Capital, one of the most prominent venture capital firms, told its investors that an unauthorized third party had access to their information. Sequoia Capital, one of the most prominent venture capital firms that focus on the technology industry, discloses a data breach. The company informed its investors that an unauthorized third party had access to their […] | Data Breach | ||
 |
2021-02-20 12:57:44 | Kroger data breach exposes pharmacy and employee data (lien direct) | Supermarket giant Kroger has suffered a data breach after a service used to transfer files securely was hacked, and threat actors stole files. [...] | Data Breach Threat | ||
 |
2021-02-19 17:16:51 | International law firm Jones Day hacked with data posted on dark web (lien direct) | This week, it was confirmed that international law firm Jones Day had data stolen from cybercriminals and is a direct result of the wider data breach suffered by file-sharing service Accellion. The hacker, which goes by the name Clop, had uploaded much of the sensitive information on the dark web which may have included data […] | Data Breach | ||
|
2021-02-19 11:11:34 | Millions of Californian DMV records possibly exposed in breach (lien direct) | The Californian Department of Motor Vehicles (DMV) has suffered a data breach that could have possibly exposed over a year’s worth of data after a third-party contractor was compromised during a cyberattack. During this breach customer addresses and licence plate numbers were exposed, but the DMV has confirmed that social security numbers, birthdates, voter registration, […] | Data Breach | ||
|
2021-02-18 23:02:17 | US cities disclose data breaches after vendor\'s ransomware attack (lien direct) | A ransomware attack against the widely used payment processor ATFS has sparked data breach notifications from numerous cities and agencies within California and Washington. [...] | Ransomware Data Breach | ||
 |
2021-02-18 17:25:00 | California DMV Halts Data Transfers After Vendor Breach (lien direct) | California drivers warned of data breach after Seattle verification company suffers ransomware attack | Ransomware Data Breach | ||
 |
2021-02-18 14:38:59 | Expert On Hundreds Of Thousands Immigration And COVID Records Exposed In Jamaica (lien direct) | It has been reported that Jamaica just experienced a massive data breach that exposed the immigration and COVID-19 records of hundreds of thousands of people who visited the island over the… | Data Breach | ||
 |
2021-02-17 18:35:26 | Global Law Firm Attributes Data Breach to Compromise at File Sharing Provider (lien direct) |
An international law firm attributed a data breach to a compromise at a cloud solutions company that provides file-sharing services. According to the Wall Street Journal, a threat actor claimed to have stolen data from global law firm Jones Day and published that information on the dark web. |
Data Breach Threat | ||
|
2021-02-17 17:31:00 | Jones Day Denies Network Breach (lien direct) | America's tenth-largest law firm says its network was not compromised following Accellion data breach | Data Breach | ||
 |
2021-02-17 06:01:00 | What is an incident response plan? Reviewing common IR templates, methodologies (lien direct) | This article was written by an independent guest author. In today’s threat landscape, it’s no longer if an incident will happen, it’s when. Defending your organization and having a plan for what to do if an incident occurs is more critical than ever. And frankly, the benefits of having an incident response plan are quantifiable. Ponemon’s Cost of a Data Breach Report compared organizations boasting robust security Incident Response (IR) capabilities with those that do not. Well-prepared businesses reported less breach-related costs by an average of about $2 million USD. What is an incident response plan? An Incident Response Plan (IRP) serves as a blueprint, outlining the steps to be followed when responding to a security incident. Think of the IRP as a set of guidelines and processes your security team can follow so threats can be identified, eliminated, and recovered from. It is an essential tool for minimizing damage caused by threats, such as data loss, loss of customer trust, or abuse of resources. With a robust IRP, your company’s team can respond quickly and more efficiently against any type of threat. No matter what type of attack an organization faces, all cyberattacks require incident response. The best scenarios are those in which sufficient preventive measures are in place, including threat detection and intelligence integration tools. For organizations looking to get started with an IRP, there are many templates and frameworks available. Two industry standard incident response frameworks are the National Institute of Standards and Technology (NIST) framework and the SysAdmin, Audit, Network, and Security (SANS) institute framework. We’ve compared the SANS and NIST frameworks here. Whichever playbook, template or framework you choose, make sure you have the right team in place and are prepared to dedicate the time and resources to this critical organizational process. Who should carry out an incident response plan? While a robust incident response plan is incredibly important, having the right people with the relevant skillsets to execute the plans is equally crucial. To handle a cybersecurity incident effectively, your company should have an incident response team in place. In some organizations, it’s called a Computer Security Incident Response Team (CSIRT) and others may refer to it as a Security Incident Response Team (SIRT) or Computer Incident Response Team (CIRT). The team’s mission is to execute on the incident response plan as soon as an incident is discovered. The incident response team is divided into several groups, each playing a key role in mitigating an incident's potential damage. The team should be comprised of technical and non-technical people who can work together to identify, manage, eradicate and recover from any threat. They are responsible for collecting, analyzing and taking action based on incident data and information, and well as communicating with other stakeholders in the organization and critical third parties, including press, legal, affected customers and law enforcement. The best-prepared CSIRTs should include the following specialized teams: The Security Operations Centers (SOC), | Data Breach Tool Threat | ★★★★★ | |
|
2021-02-15 14:20:03 | 3.2 billion emails and passwords leaked in data breach (lien direct) | Over 3.2 billion email addresses and paired passwords have been posted online in what is being called one of the biggest breaches of all time. The database of passwords and emails are thought to have been compiled following data breaches carries out on various platforms, such as Netflix, Gmail, LinkedIn and many more. According to […] | Data Breach | ||
 |
2021-02-12 20:39:52 | (Déjà vu) Yandex Employee Caught Selling Access to Users\' Email Inboxes (lien direct) | Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users.
The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for personal gain.
"The employee was one of three system administrators with the necessary access |
Data Breach | ||
 |
2021-02-12 20:17:10 | Yandex Data Breach Exposes 4K+ Email Accounts (lien direct) | In a security notice, Yandex said an employee had been providing unauthorized access to users' email accounts “for personal gain.” | Data Breach | ||
|
2021-02-12 11:02:37 | (Déjà vu) Yandex suffers data breach after sysadmin sold access to user emails (lien direct) | Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. [...] | Data Breach | ||
 |
2021-02-10 12:36:31 | Investor data breach \'fatigue\' reduces Wall Street punishment for cybersecurity failures (lien direct) | As data breaches are now common, acceptance now lessens the impact on share prices. | Data Breach | ||
 |
2021-02-10 04:45:25 | Antivirus Firm Emsisoft Discloses Data Breach (lien direct) | Antivirus solutions provider Emsisoft revealed last week that a third-party had accessed a publicly exposed database containing technical logs. | Data Breach | ||
 |
2021-02-09 13:00:00 | Cloud Security Considerations to Watch Out for During Mergers and Acquisitions (lien direct) | Staying vigilant through each phase of a mergers and acquisitions (M&A) process can help businesses overcome cloud threats. Threat actors have hit victims during M&As in the past, such as the data breach that affected more than 500 million customers in 2018. Such cases force businesses to look into data exposure before and after M&As, […] | Data Breach Threat | ★★★★ | |
|
2021-02-08 18:12:00 | Law Firm Data Breach Impacts UPMC Patients (lien direct) | PHI of more than 36k UPMC patients may have been exposed following attack on law firm | Data Breach | ||
|
2021-02-08 14:00:25 | Web Developer Hub SitePoint Discloses Data Breach (lien direct) | Web development resources provider SitePoint has notified users of a data breach that resulted in some of their information being stolen. Based in Melbourne, Australia, and established more than two decades ago, SitePoint provides users with access to tutorials and books that can help them learn the basics of web development. | Data Breach | ||
|
2021-02-07 10:44:34 | Web developers SitePoint discloses a data breach (lien direct) | The website, and publisher of books, courses and articles for web developers, SitePoint discloses a data breach that impacted 1M users. SitePoint is an Australian-based website, and publisher of books, courses and articles for web developers. The company has disclosed a data breach and notified its users via email. Threat actors offered for sale an archive containing […] | Data Breach Threat | ||
|
2021-02-05 20:31:39 | Webdev tutorials site SitePoint discloses data breach (lien direct) | SitePoint admits data breach after one million user creds were sold on a hacking forum last December. | Data Breach | ||
|
2021-02-05 13:30:00 | BA Data Breach Victims Granted Extension to File Claims (lien direct) | Breach victims who have not filed their claim encouraged to do so | Data Breach | ||
|
2021-02-05 12:34:09 | SitePoint discloses data breach after stolen info used in attacks (lien direct) | The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum. [...] | Data Breach | ||
|
2021-02-05 10:22:03 | Foxtons Group hack: database of stolen data for sale on the dark web (lien direct) | British estate agency Foxtons Group suffered a major data breach in October last year, which enabled attackers to exfiltrate a database of personal and financial information. The personal identifiable information was then uploaded on dark web forums, where evidence suggests it was accessed over 15,073 times. According to iNews, Foxtons Group was informed by the […] | Data Breach | ||
|
2021-02-04 20:58:19 | Expert Commentary: Several Thousand Addresses Leaked In FHKC Insurance Data Breach (lien direct) | The Florida Healthy Kids Corporation (FHKC), a US provider of children's health insurance, data breach which exposed the addresses of several thousands of who applied for or renewed insurance coverage online… | Data Breach | ||
|
2021-02-04 15:42:15 | Airbus CyberSecurity Subsidiary Stormshield Discloses Data Breach (lien direct) | Stormshield, a wholly-owned subsidiary of France-based cybersecurity company Airbus CyberSecurity, has disclosed a data breach that resulted in source code and customer information getting compromised. | Data Breach | ||
|
2021-02-04 13:41:58 | Hackers steal StormShield firewall source code in data breach (lien direct) | Leading French cybersecurity company StormShield disclosed that their systems were hacked, allowing a threat actor to access the companies' support ticket system and steal source code for Stormshield Network Security firewall software. [...] | Data Breach Threat Guideline | ||
|
2021-02-04 10:03:48 | (Déjà vu) 1.4 million Washington unemployment claimants affected by state auditor breach (lien direct) | On Monday, The Washington State Auditor Office disclosed that it had suffered a data breach that exposed the personal information of some 1.4 million employment claimants. It appears that the records became exposed in December, following a data breach of Accellion, a software provider used by the State Auditor Office for the transfer of large […] | Data Breach | ||
|
2021-02-03 22:30:08 | Oxfam Australia investigates data breach after database sold online (lien direct) | Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database belonging on a hacker forum. [...] | Data Breach Threat | ||
 |
2021-02-03 16:18:11 | What should you say if you have a data breach? Catch up with Jason Nurse at Sophos Evolve (lien direct) | Learn why it's way better to rehearse what to say if you suffer a data breach than to make it up as you go along. | Data Breach | ||
|
2021-02-03 10:49:10 | Newspaper speculates Foxtons Group data breach (lien direct) | The i newspaper speculated that Foxtons Group has experienced a data breach, with thousands of customers’ personal and financial data leaked on the dark web. The exclusive news for i claims that Foxtons did not take action when they first found out in January that their customers’ data was available on the dark web following […] | Data Breach | ||
|
2021-02-03 09:48:00 | Over Three Million US Drivers Exposed in Data Breach (lien direct) | Dealership service provider appears to have been targeted | Data Breach | ||
|
2021-02-03 06:38:44 | Hackers stole personnel records of software developer Wind River (lien direct) | The global leader of embedded system software Wind River Systems discloses a data breach that resulted in the theft of customers’ personal information. Wind River Systems, a global leader in delivering software for smart connected systems, discloses a data breach. The company claims its technology is found in more than 2 billion products, it develops […] | Data Breach Guideline | ||
|
2021-02-03 03:03:03 | Female escort review site data breach affects 470,000 members (lien direct) | An online community promoting female escorts and reviews of their services has suffered a data breach after a hacker downloaded the site's database. [...] | Data Breach | ||
|
2021-02-02 18:32:45 | Embedded Software Developer Wind River Discloses Data Breach (lien direct) | Embedded system software provider Wind River Systems has started informing employees of a data breach that resulted in their personal information being stolen by a third party. | Data Breach | ||
|
2021-02-02 13:23:40 | Over 1 Million Impacted by Data Breach at Washington State Auditor (lien direct) | The Office of the Washington State Auditor (SAO) has disclosed a cybersecurity incident in which the personal information of more than 1 million individuals might have been stolen. | Data Breach | ||
|
2021-02-02 11:57:59 | (Déjà vu) 1.6 million Washington unemployment claims exposed in data breach (lien direct) | The Office of the Washington State Auditor (SAO) has experienced a data breach which has resulted in the exposure of 1.6 million employment claims, and the sensitive personal information that they contain. The Washington SAO revealed that a threat actor had exploited a vulnerability in Accellion, a secure file transfer service that helps organisations share […] | Data Breach Vulnerability Threat | ||
 |
2021-02-02 00:00:00 | (Déjà vu) Mélanges clés de la montée des ransomwares en 2020: Ransomware-as-a-service et double extorse. Key Drivers of Rise of Ransomware in 2020: Ransomware-as-a-Service and Double ExtortionThe key drivers in the rise of ransomware have been double extortion and RaaS.Read More (lien direct) |
Ransomware-as-a-Service and Double ExtortionâRansomware has been a known method for cyber attacks for more than 30 years and has significantly evolved within this timespan. The growth in the number of ransomware attacks in 2020 has marked a pivotal milestone in the ransomware evolution. According to a Check Point study, Global Surges in Ransomware Attacks, in Q3 2020 the daily average of ransomware attacks has increased by 50%, and has specifically increased by 98.1% in the United States. Additionally, the average amount of money requested by attackers in Q3 2020 increased by 178% compared to Q4 of 2019. Supporting this trend, Coalitionâs Cyber Insurance Claims Report stated that more than 40% of the cyber incident claims in Q1 and Q2 2020 were due to ransomware attacks. âTaking into account these statistics, Kovrr has conducted research that included monitoring the activity of trending threats actors, the attacks they were involved with and the victims of these operations through 2020. The research included data from various proprietary and third party data sources including leaked data from the dark web. The research revealed that ransomware attacks have evolved in the following two areas:âMethodology - unlike ransomware attacks witnessed in the past, the last half year of 2020 was characterized by adoption of a new attack method which includes - stealing the companyâs data along with encrypting the attacked companyâs data. This practice is also known as âDouble Extortionâ because the attacker not only encrypts the data but also threatens to publish the companyâs stolen data.  Ransomware as - a - service (RaaS) - a method that recently became popular, which enables potential attackers to purchase already existing ransomware and use it for their desired purposes. âKovrr has researched 16 active âdouble extortionâ ransomware attack campaigns in the last year. Of the campaigns studied, 75% use social engineering (phishing emails) to propagate, while 25% of them involve exploiting a vulnerability in remote access software. In order to fully understand the effect of the ransomware campaigns, Kovrr applied the CRIMZON⢠framework to better analyze and report findings of the research. CRIMZON are an easy to use open framework to measure and understand cyber risk exposure that focus on the minimal elements needed to describe cyber risk accumulation. Elements of the CRIMZON include location, industry, and entity size. Applying the CRIMZON framework to the ransomware campaign research found the top 5 CRIMZON exposed were: âUS_NY_I_S [United States_New York_Services_Small Company]GB_I_S [Great Britain_Services_Small Company] CA_I_S [Canada_Services_Small Company] CA_E_S [Canada_Transportation & Communications_Small Company] US_CA_I_S [United States_California_Services_Small Company]âMost of the attacked companies are located in the U.S. (more than 50% of the targets), followed by Canada, the United Kingdom, Germany and France. Within the U.S., the main states affected were California, Texas, Florida and New York. The industries to which most of the attacked companies belong to are Services (20% of the services category is attributed to educational services), Transportation and Communication, and Manufacturing. âThese findings have a significant impact on the cyber insurance market both in terms of rising claim numbers and entity of the amount claimed. The increase in attacks is more concentrated in particular combinations of location, industry, and entity size (CRIMZON), meaning certain CRIMZON are more susceptible to an attack than others. This paper addresses new ransomware trend characteristics by providing an overview of two major ransomware campaigns encountered in the research; provides examples of ways in which a portfolio can be influenced as a result of the wide a | Ransomware Data Breach Tool Vulnerability Threat Prediction | ★★★ | |
|
2021-02-01 16:15:30 | Data breach exposes 1.6 million Washington unemployment claims (lien direct) | Washington's State Auditor office has suffered a data breach that exposed the personal information in 1.6 million employment claims. [...] | Data Breach | ||
|
2021-02-01 14:21:06 | Florida Medicaid Website Hacked For 7 Rears, Hundreds Of Thousands Affected (lien direct) | Tallahassee-based children Medicaid health plan Florida Healthy Kids Corp. began notifying members on Jan. 27 of a 7-year data breach that exposed the personal information of hundreds of thousands of health plan… | Data Breach | ||
|
2021-01-30 21:37:25 | UScellular data breach: attackers ported customer phone numbers (lien direct) | US wireless carrier UScellular discloses data breach, personal information of customers may have been exposed and their phone numbers ported. US wireless carrier UScellular discloses a data breach that exposed personal information of its customers. United States Cellular Corporation, is the fourth-largest wireless carrier in the United States, with over 4.9 million customers in 426 […] | Data Breach | ||
|
2021-01-29 13:49:51 | USCellular suffers data breach (lien direct) | USCellular has suffered a data breach due to hackers gaining access to their CRM. Once the hackers infiltrated the CRM they were then able to view customers’ accounts and personal data. USCellular stated in a data breach notification filed to the attorney general’s office in Vermont, that the retail store’s employees were victims of a […] | Data Breach | ★★ | |
|
2021-01-29 12:25:41 | Stranded Australians\' Data “unintentionally” Shared (lien direct) | The Australian government admitted to unintentionally sharing sensitive passenger information with one of the department’s consular clients. This data breach occurred on January 24th, in which passenger’s full name, gender, date of birth, email address, passport details (number, expiry, issuing country), Australian citizenship status, phone number, current location, and flight booking reference of those booked […] | Data Breach | ||
 |
2021-01-29 06:56:04 | Sensitive Data Shared with Cloud Services, (Fri, Jan 29th) (lien direct) | Yesterday was the data protection day in Europe[1]. I was not on duty so I'm writing this quick diary a bit late. Back in 2020, the Nitro PDF service suffered from a data breach that impacted many companies around the world. This popular service allows you to create, edit and sign PDF documents. A few days ago, the database leak was released in the wild[2]: 14GB compressed, 77M credentials. | Data Breach | ||
|
2021-01-28 20:07:08 | Threat Modeling and Social Issues (lien direct) | For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now: “Does your organization have a plan in place if one of your employees is accused via Twitter of being an insurrectionist? If your software was being used to spread plans for a riot, could… | Data Breach Threat | ||
|
2021-01-28 18:41:34 | USCellular hit by a data breach after hackers access CRM software (lien direct) | Mobile network operator USCellular suffered a data breach after hackers gained access to its CRM and viewed customers' accounts. [...] | Data Breach | ||
|
2021-01-28 14:08:06 | VIP Games Data Breach Exposes Millions Of Users\' Data (lien direct) | It has been reported that casual gaming provider VIP Games has suffered a data breach, exposing millions of records relating to users of the service. VIP games have more than 20,000 active… | Data Breach | ||
|
2021-01-28 10:12:36 | Citrix\'s $2.3 million settlement offer for employees impacted by data breach approved (lien direct) | Hackers lurked undetected in company systems for five months. | Data Breach | ||
 |
2021-01-26 12:15:38 | Massive Brazilian Data Breach (lien direct) | I think this is the largest data breach of all time: 220 million people. (Lots more stories are in Portuguese.) | Data Breach | ||
|
2021-01-25 21:08:02 | 2.28M MeetMindful Daters Compromised in Data Breach (lien direct) | The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download. | Data Breach |
To see everything:
