What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-18 20:10:20 | OpenWRT reports data breach after hacker gained access to forum admin account (lien direct) | The OpenWRT wiki, which contains the official download links, was not compromised, the project said. | Data Breach | ||
 |
2021-01-18 17:15:00 | Health Insurer Fined $5.1m Over Data Breach (lien direct) | Excellus Health Plan agrees to pay $5.1m to settle HIPAA violation case | Data Breach | ||
 |
2021-01-18 13:23:34 | OpenWRT Forum user data stolen in weekend data breach (lien direct) | The administrators of the OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach. [...] | Data Breach | ||
|
2021-01-14 17:04:00 | Hy-Vee Data Breach Settlement Proposed (lien direct) | Victims of months-long Hy-Vee data breach could receive $225 each under proposed settlement | Data Breach | ||
 |
2021-01-14 15:26:59 | (Déjà vu) British Airways Subject To Lawsuit After Data Breach – Industry Leader Comments (lien direct) | Following news that British Airways is facing a lawsuit for its failure to protect the personal data in 2018, please see the comment below from cybersecurity experts. Following news that British Airways is facing… The ISBuzz Post: This Post British Airways Subject To Lawsuit After Data Breach – Industry Leader Comments | Data Breach Guideline | ||
|
2021-01-13 19:04:00 | Capcom Data Breach May Have Impacted Extra 40k Customers (lien direct) | Gaming company warns ransomware attack may have compromised data of up to 390k customers | Ransomware Data Breach | ||
 |
2021-01-13 14:54:23 | Pfizer COVID-19 Vaccine Data Leaked Online (lien direct) | Following a data breach in December, the European Medicines Agency (EMA) today revealed, that data concerning the Pfizer/BioNTech COVID-19 vaccine, has been leaked online. Fortunately, the EMA has stated that the regulatory network remains fully functional and that any COVID-19 evaluation and approval timelines have not been affected by the breach. The stolen data includes […] | Data Breach | ★★★★ | |
|
2021-01-13 11:31:31 | Expert Reaction On Latest Update On Data Breach At Capcom (lien direct) | It has been reported that a ransomware attack launched against gaming company Capcom last November keeps getting worse. As per company announcement, personal data of up to 400,000 of its… The ISBuzz Post: This Post Expert Reaction On Latest Update On Data Breach At Capcom | Ransomware Data Breach | ||
|
2021-01-12 16:37:31 | Capcom: 390,000 people may be affected by ransomware data breach (lien direct) | Capcom has released a new update for their data breach investigation and state that up to 390,000 people may now be affected by their November ransomware attack. [...] | Ransomware Data Breach | ||
 |
2021-01-12 16:19:12 | Capcom confirms at least 16,000 people affected by Nov. data breach (lien direct) | "Sales reports, financial information, [and] game development documents" also got out. | Data Breach | ||
|
2021-01-12 12:28:43 | New Zealand Reserve Bank breached using bug patched on Xmas Eve (lien direct) | A recent data breach at the Reserve Bank of New Zealand, known as Te Pūtea Matua, was caused by attackers exploiting a critical vulnerability patched the same day. [...] | Data Breach Vulnerability | ||
 |
2021-01-12 11:00:00 | Why cybersecurity awareness is a team sport (lien direct) |
Image Source
This blog was written by an independent guest blogger.
Cybersecurity may be different based on a person's viewpoint. One may want to simply protect and secure their social media accounts from hackers, and that would be the definition of what cybersecurity is to them. On the other hand, a small business owner may want to protect and secure credit card information gathered from their point-of-sale registers and that is what they define as cybersecurity.
Despite differences in implementation, at its core, cybersecurity pertains to the mitigation of potential intrusion of unauthorized persons into your system(s). It should encompass all aspects of one’s digital experience--whether you are an individual user or a company.
Your cyber protection needs to cover your online platforms, devices, servers, and even your cloud storage. Any unprotected area of your digital journey can serve as an exploit point for hackers and cyber criminals intent on finding vulnerabilities.
People assume that it is the responsibility of the IT Department to stop any intrusion. That may be true up to a certain point, cybersecurity responsibility rests with everyone, in reality.
Cybersecurity should be everybody’s business.
The cybersecurity landscape is changing. With 68% of businesses saying that their cybersecurity risks have increased, it is no wonder that businesses have been making increased efforts to protect from, and mitigate attacks.
During the height of the pandemic, about 46% of the workforce shifted to working from home. We saw a surge in cybersecurity attacks - for example, RDP brute-force attacks increased by 400% around the same time.
This is why cybersecurity must be and should be everybody’s business. According to the 2019 Cost of Cybercrime Study, cyberattacks often are successful due to employees willingly participating as an internal actors or or employees and affiliates carelessly clicking a link by accident.
Sadly, it is still happening today. Unsuspecting employees can be caught vulnerable and cause a corporate-wide cyberattack by opening a phishing email or bringing risks into the company’s network in a BYOD (Bring Your Own Device) system.
Just a decade ago, Yahoo experienced a series of major data breaches, via a backdoor to their network system established by a hacker (or a group of hackers). Further digital forensic investigation shows the breach started from a phishing email opened by an employee.
Another example was Equifax when it experienced a data breach in 2017 and was liable for fines amounting to $425 million by the Federal Trade Commission (FTC).
Companies continue to double up on their investments in cybersecurity and privacy protection today to ensure that incidents like these do not happen to their own networks. But a network is only as strong as its weakest link. Hackers continue to innovate, making their attacks more and mo |
Ransomware Data Breach Malware Vulnerability Guideline | Equifax Equifax Yahoo Yahoo | |
|
2021-01-12 10:34:34 | Experts Insight On UN\'s Environmental Program Breach-100K+ Employee Records Leaked (lien direct) | A data breach has been discovered in the United Nations which exposed over 100k of UNEP's staff records. Researchers with Sakura Samurai, an ethical hacking and research group, discovered the… The ISBuzz Post: This Post Experts Insight On UN's Environmental Program Breach-100K+ Employee Records Leaked | Data Breach | ||
 |
2021-01-11 23:08:33 | Ubiquiti discloses a data breach (lien direct) | American technology company Ubiquiti Networks is disclosed a data breach and is notifying its customers via email. American technology vendor Ubiquiti Networks suffered a data breach and is sending out notification emails to its customers asking them to change their passwords and enable 2FA for their accounts. The company discovered unauthorized access to some of […] | Data Breach | ||
|
2021-01-11 15:41:51 | Networking giant Ubiquiti alerts customers of potential data breach (lien direct) | Networking device maker Ubiquiti has announced a security incident that may have exposed its customers' data. [...] | Data Breach | ||
|
2021-01-11 01:52:09 | United Nations data breach exposed over 100k UNEP staff records (lien direct) | This week, researchers have responsibly disclosed a vulnerability by exploiting which they could access over 100K private records of United Nations Environmental Programme (UNEP). The data breach stemmed from exposed Git directories which let researchers clone Git repositories and gather PII of a large number of employees. [...] | Data Breach Vulnerability | ||
|
2021-01-10 15:43:43 | New Zealand Reserve Bank suffers data breach via hacked storage partner (lien direct) | The Reserve Bank of New Zealand, known as Te Pūtea Matua, has suffered a data breach after threat actors hacked a third-party hosting partner. [...] | Data Breach Threat | ||
|
2021-01-09 18:55:09 | Dassault Falcon Jet hit by Ragnar Locker ransomware gang (lien direct) | Dassault Falcon Jet has disclosed a data breach that exposed personal information belonging to current and former employees. In December Dassault, Dassault Falcon Jet (DFJ) was the victim of a cyber attack that may have exposed personal information belonging to current and former employees. The data security incident also exposed information belonging to employees’ spouses […] | Ransomware Data Breach | ||
|
2021-01-08 14:04:50 | Dassault Falcon Jet reports data breach after ransomware attack (lien direct) | Dassault Falcon Jet has disclosed a data breach that may have led to the exposure of personal information belonging to current and former employees, as well as their spouses and dependents. [...] | Ransomware Data Breach | ||
 |
2021-01-07 09:18:28 | How to Communicate Application Security Success to Your Executive Leadership (lien direct) |  Over the past several years, there have been many changes to software development and software security, including new and enhanced application security (AppSec) scans and architectural shifts like serverless functions and microservices. But despite these advancements, our recent State of Software Security (SOSS) report found that 76 percent of applications have security flaws. Yet CISOs and application security program owners still find themselves having to justify and defend application security initiatives.
Members of the Veracode Customer Advisory Board (CAB), a group of AppSec professionals in several industries, faced this challenge as well. In response, a working group subset of the CAB collaborated to establish a set of metrics that security professionals can use to establish, drive adoption, and operationalize their application security program. These data points should help inform decisions at different stages of program maturity while answering the basic question: is the application security program effective or not?
How to determine and justify the required resources for an application security program
AppSec managers need a justi?ャ?able AppSec approach and dataset that set parameters around the program, give a starting point, and set up how the program will grow over time. That approach starts with providing evidence that an application security program is necessary and that it will reduce risk.
To show that an AppSec program is necessary, call attention to data points around flaw prevalence in applications (76 percent) or the average cost of a data breach ($3.86 million).
To show that AppSec programs reduce risk, consider stats like the one from our SOSS report that found that organizations scanning for security the most (more than 300 times per year) fix flaws 11.5x faster than organizations scanning the least.
How to determine and prove that development teams are adopting software security practices
AppSec success hinges on development buy-in and engagement. Therefore, proving that your AppSec program is effective requires evidence of developer adoption.
Consider highlighting the rate at which development teams are taking advantage of APIs to integrate security into their processes Then prove that developers are taking the time to fix the identified flaws by showing your developer???s fix rate (the # of findings closed / the # of findings open).
By examining the fix rate, you can see if developers are actively adopting AppSec practices by fixing ??? not just finding ??? vulnerabilities. The fix rate also shows you where additional training or resourcing investment is needed.
How to determine if the application security program is operating efficiently
AppSec programs are meant to be ongoing ??? not a one-off project with an end date. An effective AppSec program is ultimately a component of the software development process, just like QA, and the measures of success need to reflect that.
A key metric here is the correlation between security activities early in the development process and the number of security flaws found in a release candidate or in production. For example, the figure below shows the relationship between security test |
Data Breach Guideline | ||
|
2021-01-05 17:15:29 | Italian mobile operator offers to replace SIM cards after massive data breach (lien direct) | Hackers stole the personal data for 2.5 million Ho Mobile subscribers. | Data Breach | ||
|
2021-01-05 13:25:00 | Nature vs. Nurture Tip 3: Employ SCA With SAST (lien direct) |  For this year???s State of Software Security v11 (SOSS) report, we examined how both the ???nature??? of applications and how we ???nurture??? them contribute to the time it takes to close out a security flaw. We found that the ???nature??? of applications ??? like size or age ??? can have a negative effect on how long it takes to remediate a security flaw. But, taking steps to ???nurture??? the security of applications ??? like using multiple application security (AppSec) testing types ??? can have a positive effect on how long it takes to remediate security flaws.
In our first blog, Nature vs. Nurture Tip 1: Use DAST With SAST, we explored how organizations that combine DAST with SAST address 50 percent of their open security findings almost 25 days faster than organizations that only use SAST. In our second blog, Nature vs. Nurture Tip 2: Scan Frequently and Consistently, we addressed the benefits of frequent and consistent scanning by highlighting the SOSS finding that organization that scan their applications at least daily reduced time to remediation by more than a third, closing 50 percent of security flaws in 2 months.
For our third tip, we will explore the importance of software composition analysis (SCA) and how ??? when used in conjunction with static application security testing (SAST) ??? it can shorten the time it takes to address security flaws.
What is SCA and why is it important?
SCA inspects open source code for vulnerabilities. Some assume that open source code is more secure than first-party code because there are ???more eyes on it,??? but that is often not the case. In fact, according to our SOSS report, almost one-third of applications have more security findings in their third-party libraries than in primary code. Given that a typical Java application is 97 percent third-party code, this is a concerning statistic.
Since SCA is the only AppSec testing type that can identify vulnerabilities in open source code, if you don???t employ SCA, you could find yourself victim of a costly breach. In fact, in 2017, Equifax suffered a massive data breach from Apache Struts that compromised the data ??? including Social Security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent.
How can SCA with SAST shorten time to remediation?
If you are only using static analysis to assess the security of your code, your attack surface is likely bigger than you think. You need to consider third-party code as part of your attack surface, which is only uncovered by using SCA.
By incorporating software composition analysis into your security testing mix, you can find and address more flaws. According to SOSS, organizations that employ ???good??? scanning practices (like SCA with SAST), tend to be more mature and further along in their AppSec journey. And organizations with mature AppSec programs tend to remediate flaws faster. For example, employing SCA with SAST cuts ti |
Data Breach | Equifax | |
|
2021-01-04 22:52:14 | Apex Laboratory disclose data breach after a ransomware attack (lien direct) | At-home laboratory services provider Apex Laboratory discloses a ransomware attack and consequent data breach. Apex Laboratory, Inc. is a clinical laboratory that has been providing home laboratory services to homebound and Nursing Home patients in the NY Metropolitan Area for over 20 years. The at-home laboratory services provider Apex Laboratory disclosed a ransomware attack, the […] | Ransomware Data Breach | ||
 |
2021-01-04 17:09:53 | T-Mobile Faces Yet Another Data Breach (lien direct) | The cyberattack incident is the wireless carrier's fourth in three years. | Data Breach | ||
 |
2021-01-04 14:10:00 | T-Mobile Hacked -- Again (lien direct) | The wireless carrier has suffered a data breach for the fourth time since 2018. | Data Breach | ||
|
2021-01-04 12:25:19 | (Déjà vu) Hacker sells 368.8 million stolen user records on the dark web (lien direct) | A data breach broker has stolen the user records from twenty-six companies and is selling them on a hacker forum. Last Friday the hacker began to sell the 368.8 million stolen records on a hacker forum, with prices ranging from $1,800 to $4,000 depending on the company that the data was stolen from. Eight of […] | Data Breach | ||
|
2021-01-04 10:45:24 | T-Mobile discloses its fourth data breach in three years (lien direct) | Personal details and financial information was not exposed, T-Mobile said. | Data Breach | ||
|
2020-12-31 18:48:52 | (Déjà vu) Threat actor is selling 368.8 million records from 26 data breaches (lien direct) | A data breach broker is selling user records allegedly from twenty-six data breaches on a hacker forum. Security experts from Bleeping Computer reported that a threat actor is selling user records allegedly stolen from twenty-six companies on a hacker forum. The total volume of data available for sale is composed of 368.8 million stolen user […] | Data Breach Threat | ||
|
2020-12-31 10:04:01 | Data breach broker selling user records stolen from 26 companies (lien direct) | A data breach broker is selling the allegedly stolen user records for twenty-six companies on a hacker forum, BleepingComputer has learned. [...] | Data Breach | ||
|
2020-12-30 23:13:06 | (Déjà vu) T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed (lien direct) | T-Mobile has disclosed a data breach that exposed customers’ network information (CPNI), including phone numbers and calls records. T-Mobile has disclosed a data breach exposing customers’ account’s information. The T-Mobile security staff discovered “malicious, unauthorized access” to their systems. “We are reaching out to let you know about a security incident we recently identified and […] | Data Breach | ||
|
2020-12-30 12:04:12 | T-Mobile data breach exposed phone numbers, call records (lien direct) | T-Mobile has announced a data breach exposing customers' proprietary network information (CPNI), including phone numbers and call records. [...] | Data Breach | ||
|
2020-12-29 15:11:13 | Japanese Aerospace Firm Kawasaki Warns of Data Breach (lien direct) | The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data. | Data Breach | ||
|
2020-12-26 13:51:17 | Koei Tecmo discloses data breach after hacker leaks stolen data (lien direct) | Japanese game developer Koei Tecmo has disclosed a data breach and taken their European and American websites offline after stolen data was posted to a hacker forum. [...] | Data Breach | ||
|
2020-12-24 13:12:37 | FreePBX developer Sangoma hit with Conti ransomware attack (lien direct) | Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online. [...] | Ransomware Data Breach | ||
|
2020-12-24 10:20:49 | NetGalley discloses data breach after website was hacked (lien direct) | The NetGalley book promotion site has suffered a data breach that allowed threat actors to access a database with members' personal information. [...] | Data Breach Threat | ||
 |
2020-12-22 19:47:00 | Don\'t let a data breach sink your business: Here\'s what you need to know (lien direct) | Experts offer insights about the legal and financial hits, as well as the devastating loss of reputation, your business might suffer if it is the victim of a data breach. | Data Breach | ||
 |
2020-12-21 22:33:02 | Breach alerts dismissed as junk? New guide for sending vital emails may help (lien direct) | The SolarWinds supply chain attack will likely prompt scores of compromised companies to send critical data breach notifications to their customers. But steps may be required to ensure these and other critical messages don't get ignored, bounced or quarantined. | Data Breach | ||
 |
2020-12-21 04:00:31 | The 10 Most Common Website Security Attacks (and How to Protect Yourself) (lien direct) | Every website on the Internet is somewhat vulnerable to security attacks. The threats range from human errors to sophisticated attacks by coordinated cyber criminals. According to the Data Breach Investigations Report by Verizon, the primary motivation for cyber attackers is financial. Whether you run an eCommerce project or a simple small business website, the risk […]… Read More | Data Breach | ||
|
2020-12-18 20:24:54 | Experts Insight On People\'s Energy Data Breach (lien direct) | Following news that People’s Energy has suffered a data breach affecting all 270,000 customers, Information security experts provide an insight below. The ISBuzz Post: This Post Experts Insight On People’s Energy Data Breach | Data Breach | ||
 |
2020-12-18 16:41:43 | SolarWinds hack impacts U.S. government and military, exposes most of Fortune 500 (lien direct) | In mid-December, security analysts announced a serious data breach at two U.S. government departments. The SolarWinds hack has turned out to be one of the most far-reaching and sophisticated cyberattacks ever carried out against the U.S. government - the full impact of which now appears to go well beyond what was initially suspected. In the past few days, we've learned more about the incident, including the scope, the attack vector, and ... | Data Breach Hack | ||
|
2020-12-18 11:05:00 | UK Energy Firm Suffers Data Breach Impacting Entire Customer Database (lien direct) | Customers have been contacted following the incident | Data Breach | ||
 |
2020-12-17 14:34:41 | People\'s Energy data breach affects all 270,000 customers (lien direct) | The data stolen includes individuals' names, addresses and some dates of birth but not bank details. | Data Breach | ||
|
2020-12-16 15:17:43 | Irish Twitter fine Is Seasonal Reminder That Hackers Don\'t Take A Break (lien direct) | I know there are big breaches everywhere at the moment, Solarwinds being on fire and all, but see below for comments in response to the Twitter data breach fine in… The ISBuzz Post: This Post Irish Twitter fine Is Seasonal Reminder That Hackers Don’t Take A Break | Data Breach | ||
|
2020-12-15 17:53:00 | California Hospital Notifies 67k Patients of Data Breach (lien direct) | October cyber-attack may have exposed data belonging to 67k patients of Sonoma Valley Hospital | Data Breach | ||
|
2020-12-15 14:36:26 | Twitter fined £400,000 for breaking EU data law (lien direct) | The firm acknowledges it failed to notify the regulator of its 2019 data breach within the required time. | Data Breach | ||
|
2020-12-15 11:00:00 | Why application-layer encryption is essential for securing confidential data (lien direct) | This blog was written by an independent guest blogger. Your business is growing at a steady rate, and you have big plans for the future. Then, your organization gets hit by a cyberattack, causing a massive data breach. Suddenly, your company’s focus is shifted to sending out letters to angry customers informing them of the incident - which is required by law in most states - and devising strategies to deal with the backlash. This is an all too common scenario for many businesses, and the unfortunate truth is that most organizations fail to adopt the correct cybersecurity procedures until after an attack. The good news is that with a proactive approach to protecting your data, these kinds of nightmares can be avoided. New technology is constantly providing hackers new opportunities to commit cybercrimes. Most organizations have encrypted their data whether it’s stored on the cloud or in a server provided by their web host, but this isn’t enough. Even properly encrypted disc level encryption is vulnerable to security breaches. In this article, we will discuss the weaknesses found in disc level encryption and why it’s best to ensure your data is encrypted at the application layer. We’ll also discuss the importance of active involvement from a cybersecurity team in the beginning stages of application development, and why developers need to have a renewed focus on cybersecurity in a “security-as-code” culture. The importance of application-layer security Organizations all too often have a piecemeal, siloed approach to security. Increasingly competitive tech environments have pushed developers into building new products at a pace cybersecurity experts sometimes can’t keep up with. This is why it’s becoming more common for vulnerabilities to be detected only after an application launches or a data breach occurs. Application layer encryption reduces surface area and encrypts data at the application level. That means if one application is compromised, the entire system does not become at risk. To reduce attack surfaces, individual users and third parties should not have access to encrypted data or keys. This leaves would-be cybercriminals with only the customer-facing end of the application for finding vulnerabilities, and this can be easily protected and audited for security. Building AI and application-layer security into code Application layer security and building security into the coding itself requires that your DevOps and cybersecurity experts work closely together to form a DevSecOps dream team. Developers are increasingly working hand-in-hand with cybersecurity experts from the very beginning stages of software development to ensure a “security-as-code” culture is upheld. However, there are some very interesting developments in AI that present opportunities to streamline this process. In fact, 78% of data scientists agree that artificial intelligence will have the greatest impact on data protection for the decade. Here are four ways AI is transforming application layer security: 1. Misuse detection or application security breach detection Also referred to as signature-based detection, AI systems alert teams when familiar attack patterns are noticed. | Data Breach Vulnerability Threat | Deloitte | |
|
2020-12-14 20:45:31 | Spotify Changes Passwords After Another Data Breach (lien direct) | This is the third breach in the past few weeks for the world's most popular streaming service. | Data Breach | ||
|
2020-12-14 14:10:33 | Spotify Pushes Pw. Reset After Leak – Gurucul, Point3 And YouAttest Perspectives (lien direct) | The massively popular streaming service Spotify issued a data breach notice stating data exposed “may have included email address, your preferred display name, password, gender, and date of birth only… The ISBuzz Post: This Post Spotify Pushes Pw. Reset After Leak – Gurucul, Point3 And YouAttest Perspectives | Data Breach | ||
|
2020-12-14 08:13:23 | Robotic Process Automation vendor UiPath discloses data breach (lien direct) | Last week, ZDnet reported in an exclusive that the tech unicorn UiPath admitted having accidentally exposed the personal details of some users. UiPath is a leading Robotic Process Automation vendor providing a complete software platform to help organizations efficiently automate business processes. The startup started reporting the security incident to its customers that had their data […] | Data Breach Guideline | ||
|
2020-12-11 12:52:36 | Ledger cryptocurrency wallets stolen in fake data breach (lien direct) | Ledger wallet users have been targetted by a phishing scam which used a fake data breach notification in order to steal cryptocurrency. The wallets were secured using a 24-word recovery phrase and support 12, 18, or 24-word recovery phrases used by other wallets. If someone knows the recovery phrase then they are able to access […] | Data Breach |
To see everything:
