What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-14 04:04:00 | Pepsi Bottling Ventures suffers data breach (lien direct) | Pepsi Bottling Ventures, the largest bottlers of Pepsi beverages in the US, has reported a data breach affecting the personal information of several employees.The company filed a notice of the data breach with the Attorney General of Montana on February 10 after discovering that a threat actor had accessed confidential information of certain current and former employees. “As a precautionary measure, we are writing to make you aware of an incident that may affect the security of some of your personal information,” the company wrote in its incident report. It said that as of now it is not aware of any kind of identity theft or fraud involving the leaked personal data. To read this article in full, please click here | Data Breach Threat | ★ | |
|
2023-01-20 02:11:00 | T-Mobile suffers 8th data breach in less than 5 years (lien direct) | Telecom player T-Mobile US has suffered a cybersecurity incident that resulted in the exposure of personal details of 37 million users, the company reported in a filing to the US Securities and Exchange Commission on Thursday. Customer data such as customer name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features were exposed, the company revealed. However, T-Mobile in a statement insisted that customer payment card information (PCI), social security numbers/tax IDs, driver's license or other government ID numbers, passwords/PINs or other financial account information were not exposed, it . To read this article in full, please click here | Data Breach | ★ | |
|
2023-01-19 02:00:00 | How CISOs can manage the cybersecurity of high-level executives (lien direct) | High-level executives, including board members and C-level executives, often have access to sensitive information, making them prime targets for bad actors looking to penetrate corporate defenses. Their personal devices, among other points of entry, are glaring attack vectors for cybercriminals looking to get in on the top floor.As CISOs know, cyber incidents all too often include the human element-and executives are all too human. According to the Verizon 2022 Data Breach Investigations Report, 82% of breaches involved a human element, the bulk of them involving phishing, business email compromise (BEC), and stolen credentials.To read this article in full, please click here | Data Breach | ★★ | |
|
2023-01-17 04:47:00 | European data protection authorities issue record €2.92 billion in GDPR fines (lien direct) | European data regulators issued a record €2.92 billion in fines last year, a 168% increase from 2021. That's according to the latest GDPR and Data Breach survey from international law firm DLA Piper, which covers all 27 Member States of the European Union, plus the UK, Norway, Iceland, and Liechtenstein. This year's biggest fine of €405 million was imposed by the Irish Data Protection Commissioner (DPC) against Meta Platforms Ireland Limited relating to Instagram for alleged failures to protect children's personal data. The Irish DPC also fined Meta €265 million for failing to comply with the GDPR obligation for Data Protection by Design and Default. Both fines are currently under appeal.To read this article in full, please click here | Data Breach | ★★★ | |
|
2023-01-12 10:00:00 | BrandPost: How Financial Institutions Can SOAR to Success with Devo SOAR (lien direct) | According to the 2022 IBM Cost of a Data Breach Report, the global average cost of a data breach is $4.35 million. Data breaches in the US are even more costly, averaging over $9 million. However, it isn't just the big players caught in the line of fire. IBM's report also found that 83% of companies will experience a data breach soon, meaning financial institutions of all sizes - from local credit unions to Fortune 500s - are at risk. While ransomware attacks get the most time in the financial headlines, most breaches aren't caused by external factors or threat actors. The majority of system availability problems actually occur due to a lack of staff knowledge and protective protocols, software issues and limited security visibility across the institution. However, “more visibility” is not synonymous with “seeing more alerts.” In fact, the opposite is true. Keep reading to see how Devo SOAR helped a leading US bank streamline its SOC.To read this article in full, please click here | Ransomware Data Breach Threat Guideline | ★★ | |
|
2023-01-06 04:22:00 | Twitter\'s mushrooming data breach crisis could prove costly (lien direct) | Since Elon Musk purchased Twitter in late October, non-stop turmoil and controversy have dogged the company, from massive staff firings and resignations to reputational damage from Musk's careless and often bizarre tweets. Now, mushrooming concern around a possible data breach stemming from a now-fixed Twitter flaw is poised to drive the company further down unless Twitter takes quick action.Even as regulators in Europe begin to probe what appears to be a massive Twitter data breach, Twitter and Elon Musk have failed to comment publicly on the true extent of the breach. Experts say that unless Twitter gets ahead of the curve, informs regulators of the facts, and notifies users of how much of their public and private information has been exposed, the company could suffer serious financial and operating consequences.To read this article in full, please click here | Data Breach | ★★ | |
|
2023-01-04 15:19:00 | Attackers use stolen banking data as phishing lure to deploy BitRAT (lien direct) | In a case that highlights how attackers can leverage information from data breaches to enhance their attacks, a group of attackers is using customer information stolen from a Colombian bank in phishing attacks with malicious documents, researchers report. The group, which might have been responsible for the data breach in the first place, is distributing an off-the-shelf Trojan program called BitRAT that has been sold on the underground market since February 2021.Stolen data used to add credibility to future attacks Researchers from security firm Qualys spotted the phishing lures that involved Excel documents with malicious documents but appeared to contain information about real people. Looking more into the information, it appeared the data was taken from a Colombian cooperative bank. After looking at the bank's public web infrastructure, researchers found logs that suggested the sqlmap tool was used to perform an SQL injection attack. They also found database dump files that attackers created.To read this article in full, please click here | Data Breach Tool | ★ | |
|
2022-11-11 01:54:00 | Medibank hackers revealed to be in Russia (lien direct) | The Australian Federal Police has revealed that those responsible for the data breach of Australian private health insurer Medibank are in Russia.On October 13, Medibank paused trading in the Australian Securities Exchange and announced there had been a “cyber incident”. At the time the company believed no data had been accessed and that the main issue was at its ahm and international student policy management units.But what started as the second largest breach in Australia's history slowly unraveled into a potentially much more harmful breach than the infamous Optus breach, which impacted a third of the Australian population.To read this article in full, please click here | Data Breach | ||
|
2022-10-24 11:01:00 | BrandPost: How a Zero Trust Platform Approach Takes Security to the Next Level (lien direct) | Even though many organizations have a goal of achieving zero trust, this goal may not always be realizable in the solutions they are implementing. In fact, a recent survey found that while most responding organizations said they had implemented or were implementing a zero trust strategy, more than half of them didn't have the ability to authenticate users and devices on an ongoing basis. Giving too much trust could have disastrous – and costly – results. IBM estimates that the worldwide average cost of a data breach is currently a staggering $4.24 million.To read this article in full, please click here | Data Breach | ||
|
2022-10-06 13:16:00 | Guilty verdict in the Uber breach case makes personal liability real for CISOs (lien direct) | Yesterday, a federal jury handed down a guilty verdict to Joe Sullivan, the former CSO on charges of “obstruction of the proceedings of the Federal Trade Commission and misprision of felony in connection with the attempted cover-up of a 2016 hack at Uber” according to a notice published by the Department of Justice (DOJ).US Attorney Stephanie Hinds, upon learning of the verdict, admonished companies that are storing data as to their responsibility to also “protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission (FTC) and took steps to prevent the hackers from being caught. We will not tolerate the concealment of important information from the public by corporate executives more interested in protecting their reputation and that of their employers than in protecting users. Where such conduct violates the federal law, it will be prosecuted.”To read this article in full, please click here | Data Breach Hack | Uber Uber | |
|
2022-09-28 13:00:00 | BrandPost: Moving Security Technologies to the Cloud? 4 Tips for CISOs (lien direct) | As organizations increasingly migrate their data and applications to the cloud, it's more important than ever to understand how to protect this highly sensitive business information. Preventing leaks and data theft is critical for maintaining customer trust. And the cost of a single data breach can reach millions of dollars for many companies.While cloud computing may initially introduce some security complexity, it's worth it in the end. The cloud provides a more secure environment than you could ever hope for with on-premises servers. The challenge? How do you shift to the cloud without disrupting your business.Here are four steps CISOs can take to ensure a smooth transition:To read this article in full, please click here | Data Breach | ||
|
2022-09-16 03:46:00 | Uber responding to “cybersecurity incident” following reports of significant data breach (lien direct) | Ride-hailing giant Uber has confirmed that it is responding to a cybersecurity incident as reports emerge that the firm has suffered a significant network data breach forcing it to shut down several internal communications and engineering systems.Attacker announces Uber breach through compromised Slack account In a statement on Twitter, Uber wrote “We are currently responding to a cybersecurity incident. We are in touch with law enforcement and will post additional updates here as they become available.” While details from the company are currently sparse, a report by the New York Times on Thursday claimed that a hacker was able to compromise an employee's Slack account and used it to send a message to Uber employees announcing that the company had suffered a data breach.To read this article in full, please click here | Data Breach | Uber Uber | |
|
2022-09-05 05:04:00 | Samsung reports second data breach in 6 months (lien direct) | Samsung has opened up about a data breach it detected on or around August 4, affecting the personal information of some of its customers.“In late July 2022, an unauthorized third party acquired information from some of Samsung's US systems. On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected,” Samsung said in a statement. The company said that the issue did not impact social security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information. Affected customers could be impacted at varied levels, the company said. However, Samsung did not reveal how many customers were affected by the incident. To read this article in full, please click here | Data Breach | ||
|
2022-09-01 06:14:00 | BrandPost: How to Avoid Cloud Misconfigurations (lien direct) | Organizations with cloud workloads need to protect themselves against a variety of risks. While most organizations focus on security against attackers, breaches resulting from simple misconfigurations can be just as commonplace.For instance, the 2022 Verizon Data Breach Investigation Report (DBIR) found that cloud misconfigurations pose an ongoing threat to organizations. Error, especially misconfigured cloud storage, factored in 13% of data breaches analyzed by Verizon this year.To read this article in full, please click here | Data Breach Threat | ||
|
2022-08-29 04:19:00 | Facebook agrees to settle class action lawsuit related to Cambridge Analytica data breach (lien direct) | Facebook parent Meta Platforms agreed Friday to settle a class action lawsuit seeking damages for allowing British political consulting firm Cambridge Analytica access to the private data of tens of millions of Facebook users. The settlement will spare CEO Marc Zuckerberg an embarrassing court appearance to defend his company.Lawyers acting for the plaintiffs and for Facebook filed a joint request with the US District Court for the Northern District of California on Friday, asking the judge to put the class action on hold for sixty days while the two parties finalized a written settlement for an as-yet undisclosed amount. The high profile lawsuit has been running for over four years and claims that Facebook shared data of millions of US voters with Cambridge Analytica.To read this article in full, please click here | Data Breach | ||
|
2022-08-16 02:00:00 | The 12 biggest data breach fines, penalties, and settlements so far (lien direct) | Sizable fines assessed for data breaches since 2019 suggest that regulators are getting more serious about organizations that don't properly protect consumer data. Marriott was hit with a $124 million fine, later reduced, while Equifax agreed to pay a minimum of $575 million for its 2017 breach. Now, the Equifax fine has been eclipsed by the $1.19 billion fine levied against the Chinese firm Didi Global for violating that nation's data protection laws, and by the $877 million fine against Amazon last year for running afoul of the General Data Protection Regulation (GDPR) in Europe.To read this article in full, please click here | Data Breach | Equifax Equifax | |
|
2022-08-10 02:00:00 | U.S. Federal Court breach reveals IT and security maturation issues (lien direct) | In late July 2022, Politico ran a story detailing how the U.S. Department of Justice was investigating a recent data breach of the federal court system, which dated back to early 2020. The chair of the House Judiciary Committee, Jerrold Nadler (D-NY), described the breach as a “system security failure of the U.S. Courts' document management system.”On the same day, July 28, 2022, the U.S. Government Accountability Office (GAO) published the report GAO-22-105068 “U.S. Courts: Action Needed to Improve IT Management and Establish a Chief Information Officer.” The GAO report described systemic shortcomings in the administration of the U.S. court system, including the lack of a CIO, to oversee the substantive infrastructure.To read this article in full, please click here | Data Breach | ||
|
2022-08-01 07:44:00 | Global cost of data breach reaches record high of $4.35 million: IBM (lien direct) | The global average cost of data breaches reached an all-time high of $4.35 million in 2022 compared with $4.24 million in 2021, according to a new IBM Security report. About 60% of the breached organizations raised product and services prices due to the breaches.The annual report, conducted by Ponemon Institute and analyzed and sponsored by IBM Security, is based on the analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. According to the report, about 83% of the organizations have experienced more than one breach in their lifetime, with nearly half of the costs reported to be incurred more than a year after the breach.To read this article in full, please click here | Data Breach | ||
|
2022-08-01 05:07:00 | BrandPost: Solving the Challenges of Remediating Configuration Settings (lien direct) | A data breach can result in catastrophic consequences for any organization. Ensuring that your IT environment is safe from cyber threats can be a real challenge.To keep intruders out of your networks and data, you need more than up-to-date guidance. You also need to continually assess system configurations for conformance to security best practices and harden thousands of individual settings in your environment.But where do you start?Begin with recognized security best Practices The CIS Critical Security Controls (CIS Controls) are a prioritized set of actions that mitigate the most common cyber attacks. They translate cyber threat information into action. The CIS Benchmarks are secure configuration recommendations designed to safeguard systems against today's evolving cyber threats. Both CIS best practices provide organizations of all sizes with specific and actionable recommendations to enhance cyber defenses. Both are also mapped to or referenced by a number of industry standards and frameworks like NIST, HIPAA, PCI DSS, and more.To read this article in full, please click here | Data Breach Threat | ||
|
2022-07-14 16:00:00 | Data breaches explained: Types, examples, and impact (lien direct) | What is a data breach? A data breach is a security incident in which a malicious actor breaks through security measures to illicitly access data. Data about individuals-names, birthdates, financial information, social security numbers and driver's license numbers, and more-lives in innumerable copies across untold numbers of servers at private companies, public agencies, and in the cloud. If someone who isn't authorized to access personally identifiable information (PII) manages to get a look at it, that can have dire consequences both for the individual and for the organization that stored the data and was supposed to keep it safe. To read this article in full, please click here | Data Breach | ||
|
2022-07-05 02:00:00 | 6 signs your IAM strategy is failing, and how to fix it (lien direct) | Companies have been developing and executing identity and access management (IAM) strategies for decades. "It started with mainframe time sharing, so nothing is new," says Jay Bretzmann, program director for security products at IDC. Despite that long experience, there are still opportunities for mistakes, especially when companies are upgrading their IAM platforms to those that can better deal with modern IT deployments.Here are six ways to tell that a company's IAM strategy is failing.1. Users can't access their applications, but criminals can The primary goal of an IAM platform is to allow legitimate users to access the resources that they need, while keeping out the bad guys. If the opposite is happening, then something is wrong. According to the latest Verizon Data Breach Incident Report, stolen credentials were the most common attack method last year, involved in half of all breaches and in over 80% of web application breaches.To read this article in full, please click here | Data Breach | ||
|
2022-07-04 02:00:00 | 11 top cloud security threats (lien direct) | Identity and access issues topped the list of concerns of IT pros in the Cloud Security Alliance's annual Top Threats to Cloud Computing: The Pandemic 11 report released earlier this month. "Data breaches and data loss were the top concerns last year," says CSA Global Vice President of Research John Yeoh. "This year, they weren't even in the top 11.""What that tells me is the cloud customer is getting a lot smarter," Yeoh continues. "They're getting away from worrying about end results-a data breach or loss is an end result-and looking at the causes of those results (data access, misconfigurations, insecure applications) and taking control of them."To read this article in full, please click here | Data Breach Threat | ||
|
2022-06-14 02:00:00 | Vulnerability management mistakes CISOs still make (lien direct) | Multiple breaches, including the massive 2017 data breach at the credit reporting agency Equifax, have been traced back to unpatched vulnerabilities-a 2019 Tripwire study found that 27% of all breaches were caused by unpatched vulnerabilities, while a 2018 Ponemon study put the number at a jaw-dropping 60%.To read this article in full, please click here | Data Breach | Equifax | |
|
2022-06-02 02:00:00 | Ransomware roundup: System-locking malware dominates headlines (lien direct) | As we head into the unofficial start of summer, it does not appear the criminal groups that run ransomware schemes are planning to take any time to rest. Ransomware was all over the infosec news headlines in the past week, with one new report revealing that its presence has grown more in the last year than in the past several years combined.Here's roundup of noteworthy ransomware stories you might have missed.DBIR finds ransomware increased by double digits Verizon Business' annual Data Breach Investigations Report (DBIR) is out and confirms what many CISOs already know: ransomware continues to plague business. Ransomware-related breach instances rose 13%, an increase larger than in the past 5 years combined.To read this article in full, please click here | Ransomware Data Breach Malware | ||
|
2022-05-19 02:00:00 | Uber CISO\'s trial underscores the importance of truth, transparency, and trust (lien direct) | Truth, transparency and trust are the three T's that all CISOs and CSOs should embrace as they march through their daily grind of keeping their enterprise and the data safe and secure. Failure to adhere to the three T's can have serious consequences.Case in point: A federal judge recently ordered Uber Technologies to work with its former CSO, Joseph Sullivan (who held the position from April 2015 to November 2017), and review a plethora of Uber documents that Sullivan has requested in unredacted form for use in his defense in the upcoming criminal trial.The case against Uber's former CSO By way of background, Uber's former CSO faces a five-felony count superseding indictment associated with his handling of the company's 2016 data breach. The court document, filed in December 2021, alleges Sullivan “engaged in a scheme designed to ensure that the data breach did not become public knowledge, was concealed, and was not disclosed to the FTC and to impacted users and drivers.” Furthermore, the two individuals, who are believed to have affected the hack and subsequently requested payment for non-disclosure ultimately received $100,000 from Uber's bug bounty program. These individuals were identified in media as, Vasile Mereacre, a Canadian citizen living in Toronto, and Brandon Glover, a Florida resident, both of whom were later indicted for their breach of Lynda (a company acquired by Linkedin).To read this article in full, please click here | Data Breach Hack | Uber Uber | |
|
2020-12-10 08:03:00 | FireEye breach explained: How worried should you be? (lien direct) | Cybersecurity firm FireEye announced Tuesday that a sophisticated group of hackers, likely state-sponsored, broke into its network and stole tools the company's experts developed to simulate real attackers and test the security of its customers. While this is a worrying development, it's unlikely that this will result in a significant risk increase to organizations, as some offensive tool leaks did in the past. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach Tool | ||
|
2020-11-24 03:00:00 | (Déjà vu) 8 types of phishing attacks and how to identify them (lien direct) | Every data breach and online attack seems to involve some kind of phishing attempt to steal password credentials, to launch fraudulent transactions, or to trick someone into downloading malware. Indeed, Verizon's 2020 Data Breach Investigations Report finds that phishing is the top threat action associated with breaches.Enterprises regularly remind users to beware of phishing attacks, but many users don't really know how to recognize them. And humans tend to be bad at recognizing scams. | Data Breach Threat | ||
|
2020-11-24 03:00:00 | 8 types of phishing attack and how to identify them (lien direct) | Every data breach and online attack seems to involve some kind of phishing attempt to steal password credentials, to launch fraudulent transactions, or to trick someone into downloading malware. Indeed, Verizon's 2020 Data Breach Investigations Report finds that phishing is the top threat action associated with breaches.Enterprises regularly remind users to beware of phishing attacks, but many users don't really know how to recognize them. And humans tend to be bad at recognizing scams. | Data Breach Threat | ||
|
2020-10-29 03:00:00 | Supply chain attacks show why you should be wary of third-party providers (lien direct) | A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data. This has dramatically changes the attack surface of the typical enterprise in the past few years, with more suppliers and service providers touching sensitive data than ever before. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2020-10-20 03:00:00 | Avoiding the snags and snares in data breach reporting: What CISOs need to know (lien direct) | Failing to report sensitive data breaches to US regulatory and law enforcement agencies just got more dangerous and confusing for CISOs and their organizations. If that failure is seen as a coverup, such as paying ransoms for retrieving sensitive data, it could lead to steep fines or jail time. | Data Breach Guideline | ||
|
2020-09-29 06:05:00 | BrandPost: How to Defend Against Today\'s Top 5 Cyber Threats (lien direct) | Cyber threats are constantly evolving. As recently as 2016, Trojan malware accounted for nearly 50% of all breaches. Today, they are responsible for less than 7%.That's not to say that Trojans are any less harmful. According to the 2020 Verizon Data Breach Investigations Report (DBIR), their backdoor and remote-control capabilities are still used by advanced threat actors to conduct sophisticated attacks.Staying ahead of evolving threats is a challenge that keeps many IT professionals awake at night. Understanding today's most important cyber threats is the first step toward protecting any organization from attack. | Data Breach Malware Threat | ||
|
2020-08-31 06:00:00 | Cloud technology great for security but poses systemic risks, according to new report (lien direct) | Although nearly 30 years old, cloud computing is still a “new” technology for most organizations. The cloud promises to reduce costs and increase efficiencies through storage and management of large repositories of data and systems that are theoretically cheaper to maintain and easier to protect. [ Follow these 5 tips for better cloud security. | Get the latest from CSO by signing up for our newsletters. ] Given the growing rush by organizations to move to the cloud, it's no surprise that some policymakers in Washington are calling for regulation of this disruptive technology. Last year, Representative Katie Porter (D-CA) and Nydia Velázquez (D-NY), urged the Financial Stability Oversight Council (FSOC) to consider cloud services as essential elements of the modern banking system and subject them to an enforced regulatory regime. Their calls for this kind of oversight came in the wake of a major data breach of Capital One in which an employee of the financial institution was able to steal more than 100 million customer credit applications by exploiting a misconfigured firewall in operations hosted on Amazon Web Services (AWS). | Data Breach | ||
|
2020-08-19 05:56:00 | BrandPost: Center for Internet Security\'s Community Defense Model (lien direct) | The CIS Critical Security Controls (CIS Controls) are a set of more than 170 cybersecurity defensive measures, called safeguards, organized into a set of 20 Control activities. A community of security experts cooperate to keep this list of safeguards up-to-date based on vendor summaries of recent attack activity described in reports like the Verizon Data Breach Investigations Report (DBIR) and their experiences defending actual networks. Enterprises can select safeguards from the CIS Controls to create a robust cyber defense mission for their organization. | Data Breach | ||
|
2020-03-23 03:00:00 | New York\'s SHIELD Act could change companies\' security practices nationwide (lien direct) | The Stop Hacks and Improve Electronic Data Security Act, otherwise known as the SHIELD Act, is a New York State bill signed into law last July. One key provision in the legislation that could significantly change security practices across the country is slated to go into effect March 21, possibly inducing companies big and small to change the way they secure and transmit not only New Yorkers' private data but all consumers' sensitive information.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Technically an amendment to the state's data breach notification law, the SHIELD Act could have as much of an impact on internet and tech companies' privacy and security practices as the more famous California Consumer Privacy Act (CCPA) or even the European Union's General Data Protection Regulation (GDPR) experts say. | Data Breach | ||
|
2020-02-25 03:00:00 | 8 mobile security threats you should take seriously in 2020 (lien direct) | Mobile security is at the top of every company's worry list these days - and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle. The stakes, suffice it to say, are higher than ever: The average cost of a corporate data breach is a whopping $3.86 million, according to a 2018 report by the Ponemon Institute. That's 6.4 percent more than the estimated cost just one year earlier. [ Learn how SandBlast Mobile simplifies mobile security. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2020-02-19 16:12:00 | BrandPost: How to Maximize Resources in Your Cybersecurity Workforce (lien direct) | There's no denying that skilled people will always be an integral part of cybersecurity operations. After all, every cybersecurity threat requires a conversation around it, intelligent intervention, and thorough analysis to combat future issues.Yet without the right resources at their fingertips, even the most knowledgeable cybersecurity workforce is set up to fail. Consider this in the context of a misconfiguration in the cloud-one of the top cloud security threats. If this issue is buried beneath a pile of other threats and alerts or SecOps need days or maybe even weeks to identify the root of the problem, cyber attackers have more room to make their way in the perimeter and exfiltrate sensitive data. (This year's Capital One data breach is a prime example.) | Data Breach Threat | ||
|
2020-01-29 11:53:00 | Episode 2: Three things that keep Biogen CISO Bob Litterer up at night (lien direct) | Bob Litterer, VP and CISO of biotech giant Biogen, isn't a worrier at heart, but there are a few things that keep him up at night. High on that list is the interdependencies in his company's third-party network; a data breach anywhere in that ecosystem could have a devastating ripple effect. Also topping Litterer's list of worries are the exposed underbelly of operational technology and cloud sprawl, which can leave organizations with more exposure than they may realize. | Data Breach | ||
|
2019-12-26 03:00:00 | What is Magecart? How this hacker group steals payment card data (lien direct) | Magecart definition Magecart is a consortium of malicious hacker groups who target online shopping cart systems, usually the Magento system, to steal customer payment card information. This is known as a supply chain attack. The idea behind these attacks is to compromise a third-party piece of software from a VAR or systems integrator or infect an industrial process unbeknownst to IT. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-12-19 07:05:00 | (Déjà vu) Learn how to be an ethical hacker with this $39 in-depth training bundle (lien direct) | It seems like there's a new data breach every month, and as hackers ramp up their efforts to steal our private info, it's only natural to feel afraid. What can you do to fight back? Oddly enough, the best way to prevent cybersecurity attacks is by fighting fire with fire. As an ethical hacker, you can make a living by exploiting cybersecurity vulnerabilities, and this $39 bundle will show you how. | Data Breach | ||
|
2019-11-19 07:21:00 | IDG Contributor Network: 3 keys to preserving customer relationships in the wake of a data breach (lien direct) | For any organization, the primary objective of a “crisis” is to get through the event with as little long-term impact as possible. This means all the elements of your company that were thriving beforehand should still be thriving afterwards. From this perspective, it's not enough to get a system back up and running after a data breach, if you've damaged other parts of the business in the process – for example, your customers lose trust in you and take their business elsewhere.Recent data from Centrify and the Ponemon Institute suggest that customers are becoming increasingly sensitive to the impact of a data breach and how a company manages the response, with 65% saying a data breach had caused them to lose trust in the organization, and 27% discontinuing their relationship with that company. The 2019 Cost of Data Breach Report from IBM Security and the Ponemon Institute found that 36% of the cost of an average data breach was due to business disruption, a category that includes lost customers. The report also found that the average cost of a data breach was nearly $1 million lower when a company lost less than 1 percent of their customers. For those losing over 4 percent of their customers, the cost was roughly $1.8 million more. The report concluded that “the loss of customer trust had serious financial consequences,” on businesses experiencing a data breach. | Data Breach | ||
|
2019-11-15 07:48:00 | BrandPost: 5 Recommendations for Preparing for and Responding to a Network Breach (lien direct) | A data breach can have a devastating effect on an organization. According to the Ponemon Institute's annual Cost of a Data Breach Report, the average total cost of a data breach is now $3.92 million, with an average of 25,575 records being stolen or compromised. But recovering lost data is only part of the equation. Extended downtime can quickly compound costs on an hour-by-hour basis. And more difficult to quantify is regaining lost consumer confidence and damage to an organization's brand, which can take months or years to repair. | Data Breach | ||
|
2019-11-04 07:05:00 | This 12-course bundle will teach you how to be an ethical hacker for $39 (lien direct) | It seems like there's a new data breach every month, and as hackers ramp up their efforts to steal our private info, it's only natural to feel afraid. What can you do to fight back? Oddly enough, the best way to prevent cybersecurity attacks is by fighting fire with fire. As an ethical hacker, you can make a living by exploiting cybersecurity vulnerabilities, and this $39 bundle will show you how. | Data Breach | ||
|
2019-10-21 03:00:00 | Top cloud security controls you should be using (lien direct) | Another day, another data breach - thanks to misconfigured cloud-based systems. This summer's infamous Capital One breach is the most prominent recent example. The breach resulted from a misconfigured open-source web application firewall (WAF), which the financial services company used in its operations that are hosted on Amazon Web Services (AWS). [ Follow these 5 tips for better cloud security. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-10-17 05:36:00 | IDG Contributor Network: Privacy legislation: The road ahead (lien direct) | Midway along my drive to work each morning, I gain the freedom to unbuckle. New Hampshire, known for its “Live Free or Die” motto, is the only state in the union that views my seatbelt use as optional. As I cross state lines from Maine to New Hampshire, the rules of the road change.Increasingly, the same can be said for the laws governing privacy. While those patrolling the beat might understand the jurisdictional boundaries; technologically, they're often irrelevant, forcing many organizations to pay attention to all such laws at once.It's a winding road ahead.As privacy professionals driving new technologies forward peer beyond their dashboards, a rapidly changing US landscape is unfolding. The US privacy regime is already complex. It features a host of sectoral laws at the federal level, FTC enforcement of unfair and deceptive practices to plug the holes, 50 plus data breach notification laws, mini state-level FTC acts, a smattering of state privacy laws, and an aggressive plaintiff's bar. While that's a lot to grapple with, the pace of change in privacy laws, and the technologies they seek to regulate, is only accelerating. | Data Breach | ||
|
2019-10-14 03:00:00 | Equifax data breach FAQ: What happened, who was affected, what was the impact? (lien direct) | In March 2017, personally identifying data of hundreds of millions of people was stolen from Equifax, one of the credit reporting agencies that assess the financial health of nearly everyone in the United States.As we'll see, the breach spawned a number of scandals and controversies: Equifax was criticized for everything ranging from their lax security posture to their bumbling response to the breach, and top executives were accused of corruption in the aftermath. And the question of who was behind the breach has serious implications for the global political landscape.How did the Equifax breach happen? Like plane crashes, major infosec disasters are typically the result of multiple failures. The Equifax breach investigation highlighted a number of security lapses that allowed attackers to enter supposedly secure systems and exfiltrate terabytes of data. | Data Breach | Equifax | |
|
2019-09-30 03:00:00 | Marriott data breach FAQ: How did it happen and what was the impact? (lien direct) | In late 2018, the Marriott hotel chain announced that one of its reservation systems had been compromised, with hundreds of millions of customer records, including credit card and passport numbers, being exfiltrated by the attackers. While Marriott has not disclosed the full timeline or technical details of the assault, what we do know tells us quite a bit about the current threat landscape - and offers lessons for other enterprises on how to protect themselves.We answer 10 frequently asked questions.When was the Marriott breach? On September 8, 2018, an internal security tool flagged as suspicious an attempt to access the internal guest reservation database for Marriott's Starwood brands, which include the Westin, Sheraton, St. Regis, and W hotels. This prompted an internal investigation that determined, through a forensics process that Marriott has not discussed in detail, that the Starwood network had been compromised sometime in 2014 - back when Starwood had been a separate company. Marriott purchased Starwood in 2016, but nearly two years later, the former Starwood hotels hadn't been migrated to Marriott's own reservation system and were still using IT infrastructure inherited from Starwood, an important factor that we'll revisit in more detail later. | Data Breach Tool Threat | ||
|
2019-07-31 05:55:00 | IDG Contributor Network: Is the cloud lulling us into security complacency? (lien direct) | The recent CapitalOne breach has certainly made lots of headlines in less than a day since the story broke out. And sadly, it has already thrust the $700M settlement that was reached from the largest ever data breach – the Equifax one – onto the sidelines just days after the news of that settlement broke out.But going back to CapitalOne, there are lots of lessons to be learned there certainly. I want to focus on where CapitalOne's data centers were and what that means for the rest of the planet from a security perspective. CapitalOne has been one of the most vocal AWS customers. They have appeared at numerous AWS events and touted how they have completely shuttered all their data centers and run exclusively on Amazon. And to be fair, they have also shared their best practices and use of AWS services. | Data Breach | Equifax | |
|
2019-07-26 03:00:00 | The biggest data breach fines, penalties and settlements so far (lien direct) | Sizable fines assessed for data breaches in 2019 suggest that regulators are getting more serious about organizations that don't properly protect consumer data. In the UK British Airways was hit with a record $230 million penalty, followed shortly by a $124 million fine for Marriott, while in the US Equifax agreed to pay a minimum of $575 million for its 2017 breach. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | Equifax | |
|
2019-07-24 04:38:00 | Equifax\'s billion-dollar data breach disaster: Will it change executive attitudes toward security? (lien direct) | Equifax announced on Monday that it has agreed to a record-breaking settlement related to its massive 2017 data breach, which exposed the personal and financial records of more than 148 million people. The settlement requires the beleaguered credit ratings agency to spend at least $1.38 billion to resolve consumer claims against it. It creates a non-reversionary fund of $380.5 million to pay benefits to the class of consumers harmed by the breach, including cash compensation, credit monitoring, and help with identity restoration. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | Equifax | |
|
2019-06-20 03:00:00 | A new website explains data breach risk (lien direct) | Data breaches are so common that even a theft of a billion records of seriously confidential information barely makes the news. It's business as usual. Part of the problem is that all the data breaches involving our data become melded together. It seems as if all our personal data is already out there - many times over. So, who cares if it happens once (or ten times) more? We're numb to yet another attack that includes our personal data. In the beginning we feared every announced data breach. Now we don't fear any. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach |
To see everything:
Our RSS (filtrered)
