What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-06-06 08:40:00 | From phish to network compromise in two hours: How Carbanak operates (lien direct) | The past few years have seen an increase in the number of attacks against financial organizations by sophisticated cybercriminal groups that use manual hacking and stealthy techniques to remain hidden. Now, researchers from Bitdefender have released a report on an intrusion they investigated at an unnamed bank that documents in detail how these attackers operate and shows how fast they can gain control over a network. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-05-14 03:00:00 | 200 million-record breach: Why collecting too much data raises risk (lien direct) | If you don't collect it, no one can steal it.Sometimes the best way to secure customer data is not to collect it in the first place. While it can be tempting to "collect it all" just in case, most enterprises need far less data on their users to market to them effectively. Reducing the amount of data collected means that in the inevitable event of a breach, the repercussions will be far less severe. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-04-29 03:00:00 | How a data-driven approach to security helps a small healthcare team embrace automation (lien direct) | The healthcare industry is an inviting and lucrative target for threat actors. It holds lots of valuable personal, health and finance data living in environments that often depend on legacy technology that is hard to patch and is defended by small teams with limited resources. Worse, the cost for data breaches at healthcare organizations is high. Not only does the healthcare industry have the highest cost per record breached according to the 2018 Ponemon Cost of a Data Breach study ($408, nearly double the next-highest industry), but research published last year suggested healthcare data breaches may cause as many as 2,100 deaths per year in the United States. | Data Breach Threat | ||
|
2019-04-16 03:00:00 | How OneLogin responded to its breach and regained customer trust (lien direct) | Data breaches have become ubiquitous in today's businesses. In a world where companies of all shapes and sizes can become cyber attack victims, how you handle a data breach becomes critically important. | Data Breach | ||
|
2019-04-04 03:00:00 | Security technologies that provide the most savings (lien direct) | Security costs are on the increase Image by NicoElNino / Getty ImagesIDC estimates that worldwide Spending on Security Solutions will reach $103.1 Billion in 2019. Security budgets average around $9 million per year per enterprise, according to Kaspersky. While the average cost of a data breach according to IBM and Ponemon is $3.86 million. |
Data Breach | ||
|
2019-03-28 09:11:00 | APT group Elfin switches from data destruction to data stealing via WinRAR vulnerability (lien direct) | Elfin (aka APT33), a hacker group affiliated with the Iranian government, is described by Symantec as “one of the most active groups currently operating in the Middle East.” They have been linked with a string of attacks on U.S. and Saudi Arabian companies, particularly in the aerospace and energy sectors. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach Vulnerability | APT33 APT 33 | |
|
2019-03-26 03:00:00 | How to report a data breach under GDPR (lien direct) | The General Data Protection Regulation (GDPR) is a broad set of regulations that dictate how a company handles the personal data of citizens within the European Union. Articles 33 and 34 of the GDPR outlines the requirements to notify both a supervisory authority and affected data subjects in the event of a data breach. | Data Breach | ||
|
2019-02-21 12:01:00 | (Déjà vu) 7 mobile security threats you should take seriously in 2019 (lien direct) | Mobile security is at the top of every company's worry list these days - and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle. The stakes, suffice it to say, are higher than ever: The average cost of a corporate data breach is a whopping $3.86 million, according to a 2018 report by the Ponemon Institute. That's 6.4 percent more than the estimated cost just one year earlier. [ Learn how SandBlast Mobile simplifies mobile security. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-02-19 03:00:00 | Review: SlashNext is like shooting phish in a barrel (lien direct) | Using social engineering in conjunction with malicious program delivery, a technique known as phishing, remains one of the biggest threats to the cybersecurity landscape. If human users can be tricked into taking an action such as downloading malware, connecting with a compromised website, or even providing their credentials directly to criminals, it often overrides many of the automatic protections that cyber defenses offer. It's become so popular and so successful that the most recent Verizon Data Breach Investigations Report puts phishing and social engineering attacks at the center of 93 percent of breaches in 2018. | Data Breach | ||
|
2019-02-15 06:17:00 | (Déjà vu) Data breaches exposed 5 billion records in 2018. (lien direct) | The number of publicly known data breaches decreased last year compared to 2017, despite harsher breach notification rules going into effect in Europe. The number of compromised sensitive records also went down by more than a third, from 7.9 billion records to around 5 billion. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] According to a new report from security intelligence vendor Risk Based Security (RBS), over 6,500 incidents that resulted in compromised data have been publicly disclosed last year, two-thirds of them originating in the business sector. The government sector accounted for 13.9 percent, the medical sector for 13.4 percent and education for 6.5 percent. | Data Breach | ||
|
2019-02-06 10:43:00 | Report: Over 59,000 GDPR data breach notifications, but only 91 fines (lien direct) | Since the European Union's General Data Protection Regulation (GDPR) came into effect in May last year, EU organizations have reported almost 60,000 data breaches, but so far fewer than 100 fines have been issued by regulators. [ Learn how to protect personally identifiable information (PII) under GDPR. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-01-25 10:21:00 | What is a supply chain attack? Why you should be wary of third-party providers (lien direct) | A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data. This has dramatically changes the attack surface of the typical enterprise in the past few years, with more suppliers and service providers touching sensitive data than ever before. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-01-15 09:57:00 | IDG Contributor Network: Breaches, market volatility and the government shutdown: Security in the crosshairs (lien direct) | Last year ended with a number of high profile data breaches, tech stocks taking a massive tumble and the start of what has been to date the longest government shutdown on record. Marriott International's Starwood reservation system was hacked exposing the personal data of up to 500 million guests. Quora's data breach exposed up to 100 million users' names, email addresses, IP addresses, and more…Apple, Facebook and Google stocks took heavy hits in December 2018 as the global economy and privacy concerns took their toll, and investors worried about a looming bear market. And then came the government shutdown. For cybersecurity professionals looking ahead at the rest of 2019, these events present a trifecta of challenges. | Data Breach | ||
|
2019-01-07 06:05:00 | IDG Contributor Network: Managing identity and access management in uncertain times (lien direct) | If we remember one thing from 2018, it is that we are all victims now through one breach or another. Every day, we hear more news about another data breach affecting millions of users with significant financial and reputational consequences to its victims. With massive breaches like Equifax, Facebook, Deloitte, Quora and Yahoo, it is clear that breach notification services and multi-factor authentication (MFA) are not enough to prevent the next data breach headline from appearing in tomorrow's newspapers.Organizations have started thinking holistically, and rightly so, about risk and approaches to security using frameworks such as CARTA, Zero Trust, NIST SP 800 and IDSA. These frameworks offer progressive thinking and valuable approaches to modern identity strategy, but there is no one size fits all. These frameworks are akin to buying furniture from IKEA; assembly required, but with a lot more complexity and a lot more at stake. | Data Breach | Equifax Deloitte Yahoo | |
|
2018-12-20 05:01:00 | The 18 biggest data breaches of the 21st century (lien direct) | Data breaches happen daily, in too many places at once to keep count. But what constitutes a huge breach versus a small one? CSO compiled a list of 18 of the biggest or most significant breaches of the 21st century.This list is based not necessarily on the number of records compromised, but on how much risk or damage the breach caused for companies, insurers and users or account holders. In some cases, passwords and other information were well protected by encryption, so a password reset eliminated the bulk of the risk. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2018-12-18 03:00:00 | 13 data breach predictions for 2019 (lien direct) | Data breaches are inevitable at any organization. But what form will those breaches take? How will the attackers gain access? What will they steal or damage? What motivates them to attempt the attacks? CSO has gathered predictions from industry experts about where, how and why cyber criminals will attempt to break into networks and steal data during the coming year. | Data Breach | ||
|
2018-11-20 04:04:00 | 6 mobile security threats you should take seriously in 2019 (lien direct) | Mobile security is at the top of every company's worry list these days - and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle. The stakes, suffice it to say, are higher than ever: The average cost of a corporate data breach is a whopping $3.86 million, according to a 2018 report by the Ponemon Institute. That's 6.4 percent more than the estimated cost just one year earlier. [ Learn how SandBlast Mobile simplifies mobile security. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2018-11-08 03:00:00 | Top application security tools for 2019 (lien direct) | The 2018 Verizon Data Breach Investigations Report says most hacks still happen through breaches of web applications. For this reason, testing and securing applications has become a priority for many organizations. That job is made easier by a growing selection of application security tools. Below is a list of some of the best application security tools available, with descriptions of the situations where they can be most effective. | Data Breach | ||
|
2018-10-30 03:00:00 | Biggest data breach penalties for 2018 (lien direct) | Uber: $148 million Image by Getty/UberIn 2016 ride-hailing app Uber had 600,000 driver and 57 million user accounts were breached. Instead of reporting the incident the company paid the perpetrator $100,000 to keep the hack under wraps. Those actions, however, cost the company dearly. The company was fined $148 million -- the biggest data-breach payout in history – for violation of state data breach notification laws. |
Data Breach Hack | Uber | |
|
2018-10-22 14:00:00 | BrandPost: Know the Facts – Today\'s Cyberthreat Landscape (lien direct) | The facts are undeniable: A new global survey by Ponemon and ServiceNow of nearly 3,000 cybersecurity professionals reveals that more than half the companies have experienced a breach in the past year.In this session Bob Bragdon, Senior Vice President and Publisher of CSO, and Janene Casella, Director of Product Marketing for Security and Risk, ServiceNow, explore the Ponemon survey findings.Casella offers a sobering take on the 48% stat. “As our IT environments continue to expand, we're more and more vulnerable to attacks -- and we know that cybercrime is very profitable, whether that's selling personal information or ransomware, which was huge last year,” she says. “The other thing is that cybercrime is becoming more and more expensive for those who get breached. The average cost of data breach is reaching about $3 million US.” | Data Breach | ||
|
2018-10-22 03:06:00 | 3 top multi-cloud security challenges, and how to build a strategy (lien direct) | A data breach or intruder alert will send security teams into high gear as they scramble to stem the damage and determine the cause. | Data Breach | ||
|
2018-10-02 14:18:00 | Gwinnett Medical Center investigating possible data breach (lien direct) | After being contacted by Salted Hash about a possible data breach, Gwinnett Medical Center(GMC), a not-for-profit network of healthcare providers in Gwinnett County, Georgia, has confirmed they're investigating what they're calling an IT incident.Salted Hash first became aware of a possible data breach at GMC late last week, but the exact details surrounding the incident were not immediately available.What we learned was that on Saturday (Sept. 29), IT staff at GMC Lawrenceville became aware of an incident involving several hundred patient records at the least. Immediately following the discovery, the alleged attackers sent threats.Sometime later, an agent from the local FBI field office arrived and offered to assist, but it isn't clear if the FBI knew something was wrong, or if the law enforcement agency was called in after the threats were made. | Data Breach | ||
|
2018-09-19 06:14:00 | (Déjà vu) State Department confirms breach of unclassified email system (lien direct) | The U.S. State Department confirmed it suffered a data breach that exposed employee data; the breach affected the State Department's unclassified email system.It's not like the agency suddenly decided to tell the public about the breach, though. The incident came to light only after Politico got hold of a Sept. 7, 2018, “Sensitive but Unclassified” notice about the breach.After a State Department spokesperson confirmed the compromise of its email system, Politico was told, “This is an ongoing investigation, and we are working with partner agencies, as well as the private sector service provider, to conduct a full assessment.” | Data Breach | ||
|
2018-09-19 06:14:00 | (Déjà vu) State Department confirms breach of unclassified email system, employee data exposed (lien direct) | The U.S. State Department confirmed it suffered a data breach that exposed employee data; the breach affected the State Department's unclassified email system.It's not like the agency suddenly decided to tell the public about the breach; the incident only came to light after Politico got hold of a Sept. 7 “Sensitive but Unclassified” notice about the breach.After a State Department spokesperson confirmed the compromise of its email system, Politico was told, “This is an ongoing investigation and we are working with partner agencies, as well as the private sector service provider, to conduct a full assessment.” | Data Breach | ||
|
2018-09-13 03:00:00 | Wanted: Data breach risk ratings, because not all breaches are equal (lien direct) | I recently downloaded every known, recorded data breach by the Privacy Rights Clearinghouse, which has been the most thorough and stalwart public recorder of data breaches in the United States for over two decades. The data file contained just over 8,600 data breaches. I found a few dupes and some missing or erroneous information, but overall, it's the best public, non-profit, and free source you're going to find. | Data Breach | ||
|
2018-09-10 03:00:00 | What is the cost of a data breach? (lien direct) | Data breaches are getting more expensive Image by Getty ImagesThe average cost of a data breach has risen to $3.86 million, according to a new report from IBM. The latest version of its annual report shows a 6.6 percent increase in costs; including direct losses, indirect costs related to time and effort in dealing with a breach, and lost opportunities such as customer churn as result of bad publicity. |
Data Breach | ||
|
2018-09-06 03:00:00 | Why security pros are addicted to FUD and what you can do about it (lien direct) | After more than 30 years in the security industry, I must confess, I am (sadly) still addicted to FUD. For example, one recent morning I clicked (and tweeted) these cyber headline stories: Augusta University Health Reports Major Data Breach Superdrug denies data breach Health Data Breach Victim Tally for 2018 Soars Judge approves Anthem's $115M data breach settlement Indeed, big data breach stories and other major security incidents that keep offering large doses of fear, uncertainty and doubt (FUD) to the world, just keep drawing me back. | Data Breach | ||
|
2018-08-17 08:40:00 | IDG Contributor Network: Balancing cybersecurity and regulatory compliance (lien direct) | Rigorous regulations like GDPR and California's Consumer Privacy Act will only become more prevalent, as long as our current cybersecurity landscape continues to suffer the near-crippling data breach affliction. Attackers seem to be one step ahead of defenders, constantly changing their attack vectors as new technologies become available, such as artificial intelligence and automated bots. But is coming up with new laws protecting or hindering our progress?Regulatory compliance over cybersecurity As witnessed overseas, many companies are struggling to stay compliant with standards like GDPR, and are more focused on meeting the minimum requirement rather than proper security policies, which hackers can easily find weaknesses in. The result of regulatory requirements is that they become outdated fairly quickly in the cyber world. What's worse, regulation outlines that are made publicly available essentially provide hackers a roadmap to breaking through defenses. By the time governing bodies overseeing these standards implement measures to fix these vulnerabilities, it' already too late. Businesses are exhausting time, manpower and capital on regulatory compliance that is inherently vulnerable, rather than fool-proof defenses that will protect all stakeholders. | Data Breach | ★★★★ | |
|
2018-08-13 03:00:00 | 3 reasons companies fail to assess the scope of a data breach (lien direct) | First comes the embarrassing breach announcement. Then, a few days or weeks later, another one -- a few million stolen records were missed the first time around. Then another announcement, with another upward correction. With each new revelation, the hacked organization loses credibility and faces greater liability. | Data Breach | ||
|
2018-08-10 06:40:00 | How did the TimeHop data breach happen? (lien direct) | In July 2018, TimeHop, in a very transparent manner, discussed the breach of their service which affected approximately 21 million records, some of which included personal identifying information (PII) such as name, email, phone number, and date of birth, while others contained variants.Reviewing the sequence of events, we see that a trusted insider placed the company's data at risk when their employee credentials were used by a third-party to log into TimeHop's Cloud Computing Environment. How the intruder obtained the employee's log-in credentials is unknown. | Data Breach | ||
|
2018-08-01 04:15:00 | IDG Contributor Network: Is California\'s Consumer Privacy Act of 2018 going to be GDPR version 2? (lien direct) | While there is time before the California Consumer Privacy Act of 2018 comes into effect, which is January 1, 2020, businesses need to start planning now for compliance. The CCPA provides California consumers with significantly expanded rights as to the collection and use of their personal information by businesses. It covers any business meeting revenue or data collection volume triggers and that collects or sells information about California residents.Applicability to businesses The CCPA uses a much broader definition of personal information than is generally used in privacy statutes in the United States, including the definition in California's own data breach notification statute. Personal information under the CCPA includes “information that identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.” With this broad definition, the types of information protected under the CCPA are much closer to those found in the European Union's General Data Protection Regulation (“GDPR”). | Data Breach | ||
|
2018-07-17 08:33:00 | IDG Contributor Network: 8 steps to secure unmanaged devices in the enterprise (lien direct) | For many years now, enterprise networks have seen a steady stream of new devices that are outside of IT department control. The mobility trend has given way to the rise of the IoT and the result is a lot of unmanageable endpoints that represent a clear security risk. Smart lighting, printers, Bluetooth keyboards, smart TVs, video cameras, switches and routers are all connected devices that often lack any built-in security.This security blind spot is ripe for exploitation by cybercriminals probing your network for weaknesses. Despite 97 percent of risk professionals admitting that a data breach or cyber-attack caused by unsecure IoT devices could be catastrophic for their organization, according to a survey by the Ponemon Institute and Shared Assessments, just 15 percent have an inventory of most of their IoT and only 46 percent have a policy in place to disable devices that pose a risk. | Data Breach | ||
|
2018-07-10 03:00:00 | Duty of care: Why (and how) law firms should up their security game (lien direct) | June 17, 1972, changed the legal profession forever.The Watergate break-in, and subsequent coverup, implicated more than a dozen lawyers working for the White House or the Committee for the Re-election of the President (CREEP). The scandal led to calls to regulate the legal profession, and today ethics is a mandatory part of law school training and bar association rules of conduct. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2018-07-02 18:55:00 | No data breach at Patreon, but proactive notice caused some concern (lien direct) | Patreon, the membership platform that helps creators get paid for their work, sent users a letter on Monday warning them about a data breach at Typeform.Patreon uses Typeform for user surveys, and on June 27, Typeform announced a data breach that impacts thousands of people. Being proactive, Patreon wanted to alert their users, but the wording of the letter led to some confusion.The Patreon letter recaps the Typeform data breach, and then informs the recipient that "as a result, we are reaching out to you as the data that was potentially impacted includes your [name and email address]." | Data Breach | ||
|
2018-06-29 08:50:00 | BrandPost: 3 Musts for VPN Multi-Factor Authentication (lien direct) | Remember the good old days, when the only people who needed access to your virtual private network (VPN) were full-time, on-site employees using company-issued devices? Today, the people who need VPN access are as likely to be contractors as employees, and as likely to be logging in from a personal device as an office laptop. VPN access makes it easier for them to connect to the resources they need, improving your organization's ability to work collaboratively and productively. But it can also increase your identity risk.Think about it: How do you know that the third party who's trying to access resources is really who they claim to be? Or that they haven't shared their credentials with someone else in their organization who isn't entitled to access? Just because someone has a legitimate username/password to access the VPN doesn't mean they're the legitimate owner of those credentials. According to the 2017 Verizon Data Breach Investigations Report, 81 percent of hacking-related data breaches involve weak or stolen passwords. | Data Breach |
To see everything:
Our RSS (filtrered)
