What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-26 15:30:34 | DoorDash discloses new data breach tied to Twilio hack (lien direct) | Food delivery firm DoorDash has disclosed a data breach exposing customer and employee data that is linked to the recent cyberattack on Twilio. [...] | Data Breach Hack | ||
 |
2022-08-25 20:05:19 | LastPass Says Source Code Stolen in Data Breach (lien direct) | Password management software firm LastPass has suffered a data breach that led to the theft of source code and proprietary technical information. | Data Breach | LastPass | |
 |
2022-08-25 13:11:36 | Expert Commentary On The Plex Data Breach (lien direct) | A Plex data breach has exposed usernames, email addresses, and encrypted passwords. As Troy Hunt, Microsoft Regional Director, said on Twitter “Aw crap, I'm pwned in a @plex data breach. Again. I can't do anything to *not* be in a breach like this (short of not using the service)” The scale of the security failure […] | Data Breach | ||
 |
2022-08-25 11:00:40 | Liberty Counsel\'s Donor Records and Pro-Trump Election Messaging Exposed in Data Breach (lien direct) | >Thanks to its tax status, the Southern Poverty Law Center-designated hate group has largely avoided public scrutiny. | Data Breach | ||
 |
2022-08-24 23:12:45 | Plex discloses data breach and urges password reset (lien direct) | >The streaming media platform Plex is urging its users to reset passwords after threat actors gained access to its database. Plex is an American streaming media service and a client–server media player platform. The company disclosed a data breach after threat actors have access to a limited subset of data stored in a compromised database. Exposed data includes emails, usernames, and […] | Data Breach Threat | ||
 |
2022-08-24 10:30:00 | Reset your password now! Plex suffers data breach (lien direct) | >Categories: NewsTags: Plex Tags: breach Tags: sign out Tags: change password Tags: Troy Hunt Tags: HaveIBeenPwnd In an email sent to its users, Plex revealed that a cybercriminal accessed a limited subset of customer data, including emails and encrypted passwords. (Read more...) | Data Breach | ||
|
2022-08-24 07:49:00 | (Déjà vu) Plex warns users to reset passwords after a data breach (lien direct) | The Plex media streaming platform is sending password reset notices to many of its users in response to discovering unauthorized access to one of its databases. [...] | Data Breach | ||
|
2022-08-22 14:16:51 | Misconfigured Meta Pixel exposed healthcare data of 1.3M patients (lien direct) | U.S. healthcare provider Novant Health has disclosed a data breach impacting 1,362,296 individuals who have had their sensitive information mistakenly collected by the Meta Pixel ad tracking script. [...] | Data Breach | ||
|
2022-08-22 13:46:29 | Textile Company Sferra Discloses Data Breach (lien direct) | Textile company Sferra Fine Linens on Friday announced that it has started notifying individuals of a cybersecurity incident involving their personal information. Founded in 1891, Sferra designs and sells Italian-made luxury linen products, including luxury sheets, table linens, and bedding collections, as well as decorative home accessories. | Data Breach | ||
|
2022-08-22 11:35:43 | Greek natural gas operator suffers ransomware-related data breach (lien direct) | Greece's largest natural gas distributor DESFA confirmed on Saturday that they suffered a limited scope data breach and IT system outage following a cyberattack. [...] | Data Breach | ||
 |
2022-08-19 13:00:00 | How EDR Security Supports Defenders in a Data Breach (lien direct) | >The cost of a data breach has reached an all-time high. It averaged $4.35 million in 2022, according to the newly published IBM Cost of a Data Breach Report. What’s more, 83% of organizations have faced more than one data breach, with just 17% saying this was their first data breach. What can organizations do […] | Data Breach | ||
|
2022-08-17 16:02:00 | Healthcare Breaches Costliest for 12 Years Running, Hit New $10.1M Record High (lien direct) | >IBM Security and the Ponemon institute release an annual report known as one the most significant industry benchmarks. The Cost of a Data Breach analysis examines real-world breaches in great detail, producing insights into the factors that impact the cost of cyber-attacks. In the 2022 report just released, the healthcare sector stands out for extremely […] | Data Breach | ||
 |
2022-08-17 10:00:00 | A pragmatic approach to risk management & resilience (lien direct) | Cybersecurity starts with the ability to recognize your cyber risk. We will explore several topics related to taking a practical approach to managing risk and achieving cyber resilience. This is a blog series with collective thoughts from Bindu Sundaresan, Director AT&T Cybersecurity, and Nick Simmons, AVP, Cybersecurity. Cybercrime has become increasingly frequent, complex, and costly, posing a risk to all businesses regardless of size. How do you plan to respond when falling victim to a breach? Would you know who to call, how to react, or what to tell your employees, customers, and media? Could your organization absorb the potential financial and reputational impact of a lawsuit? The answer cannot be, "we store everything in the cloud, so we are good." Who owns the risk? Could your brand's image survive? What is acceptable, and how do you know your current plan will suffice? What more could your company do to understand better and manage the risk? These questions are all top of mind and need to be addressed from an overall business perspective. This blog summarizes the fundamental steps and offers suggestions to understand, manage, and respond to risk. Beyond technology, focus on risk and resilience It can be easy to deploy security technology and think you've mitigated risk to your business. Unfortunately, technology investment is no guarantee of protection against the latest threats. It is critical to take a risk-based approach to security, meaning leaders must identify and focus on specific elements of cyber risk to decrease enterprise risk. Specifically, the many components of cyber risk must be understood and prioritized for enterprise cybersecurity efforts. Organizations are increasingly aiming to shift from cybersecurity to cyber resilience, and the following recommendations can help forge this path: Understand the threats Measure the potential financial impact of cyber exposures compared to the company's risk appetite level; and Proactively manage cyber risks with clear action plans based on their capabilities and capacities to protect against cybercrime Risk-based approach Cyber resiliency requires a risk-based approach, accomplishing two critical things at once. First, it designates risk reduction as the primary goal, enabling the organization to prioritize investment, including implementation-related problem solving based squarely on a cyber program's effectiveness at reducing risk. Second, the program distills top management's risk-reduction targets into pragmatic implementation programs with precise alignment from senior executives to the front line. Following the risk-based approach, a company will no longer "build the control everywhere"; rather, the focus will be on building the appropriate controls for the worst vulnerabilities to defeat the most significant threats that target the business' most critical areas. The risk-based approach to cybersecurity is thus ultimately interactive and a dynamic tool to support strategic decision-making. Focused on business value, utilizing a common language among the interested parties, and directly linking enterprise risks to controls, the approach helps translate executive decisions about risk reduction into control implementation. The power of the risk-based approach to optimize risk reduction at any level of investment is enhanced by its flexibility, adjusting to an evolving risk-appetite strategy as needed. A risk-based approach recognizes that there are no perfect security solutions. Still, those that strategically balance security, scalability, access, usability, and cost can ultimately provide the best long-term protection against an evolving adversary. Fundamentally, risk transformation changes security strategy from an outside-in perspective, where external threats and regulations drive strategy, to an | Ransomware Data Breach Tool Vulnerability Threat Patching Guideline | ||
 |
2022-08-16 17:06:00 | When Efforts to Contain a Data Breach Backfire (lien direct) | Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico's second-largest bank was fake news and harming the bank's reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download. | Data Breach Threat | ||
 |
2022-08-16 02:00:00 | The 12 biggest data breach fines, penalties, and settlements so far (lien direct) | Sizable fines assessed for data breaches since 2019 suggest that regulators are getting more serious about organizations that don't properly protect consumer data. Marriott was hit with a $124 million fine, later reduced, while Equifax agreed to pay a minimum of $575 million for its 2017 breach. Now, the Equifax fine has been eclipsed by the $1.19 billion fine levied against the Chinese firm Didi Global for violating that nation's data protection laws, and by the $877 million fine against Amazon last year for running afoul of the General Data Protection Regulation (GDPR) in Europe.To read this article in full, please click here | Data Breach | Equifax Equifax | |
|
2022-08-15 17:46:24 | Twilio hack exposed Signal phone numbers of 1,900 users (lien direct) | Phone numbers of close to 1,900 Signal users were exposed in the data breach Twilio cloud communications company suffered at the beginning of the month. [...] | Data Breach Hack | ||
 |
2022-08-12 16:25:57 | The potential consequences of data breach, and romance scams – Week in security with Tony Anscombe (lien direct) | The NHS was victim of a potential cyberattack, which raises the question of the impact of those data breach for the public. | Data Breach | ||
 |
2022-08-11 16:15:09 | Video | Sontiq BreachIQ™ (lien direct) | >
Every data breach differs in terms of the type, amount and sensitivity of the information stolen. BreachIQ™ takes identity protection to the next level by providing hyper-personalized data breach insights and customized action plans based on an individual's unique breach history and risk exposure - providing their own dynamic Identity Safety Score.
|
Data Breach | ||
|
2022-08-11 11:59:50 | 120K Priority Health Members Impacted By Third-Party Data Breach (lien direct) | Following news that priority Health issued a notice about a third-party data breach that originated at the law firm Warner Norcross & Judd (WNJ) in October 2021 (https://healthitsecurity.com/news/120k-priority-health-members-impacted-by-third-party-data-breach), cyber security experts explain the risk of third party companies. | Data Breach | ||
|
2022-08-10 13:48:54 | Hackers behind Twilio data breach also targeted Cloudflare employees (lien direct) | >Cloudflare revealed that at least 76 employees and their family members were targeted by smishing attacks similar to the one that hit Twilio. The content delivery network and DDoS mitigation company Cloudflare revealed this week that at least 76 employees and their family members received text messages on their personal and work phones. According to […] | Data Breach | ||
|
2022-08-10 10:00:00 | Security Automation Can Save You $3.05M in a Data Breach (lien direct) | >When it comes to reducing security breach costs, companies with security artificial intelligence (AI) and automation can save millions, per a new report. According to the most recent IBM Cost of a Data Breach Report, organizations with fully deployed security AI and automation save $3.05 million per data breach compared to those without. That’s a 65.2% […] | Data Breach | ||
|
2022-08-10 02:00:00 | U.S. Federal Court breach reveals IT and security maturation issues (lien direct) | In late July 2022, Politico ran a story detailing how the U.S. Department of Justice was investigating a recent data breach of the federal court system, which dated back to early 2020. The chair of the House Judiciary Committee, Jerrold Nadler (D-NY), described the breach as a “system security failure of the U.S. Courts' document management system.”On the same day, July 28, 2022, the U.S. Government Accountability Office (GAO) published the report GAO-22-105068 “U.S. Courts: Action Needed to Improve IT Management and Establish a Chief Information Officer.” The GAO report described systemic shortcomings in the administration of the U.S. court system, including the lack of a CIO, to oversee the substantive infrastructure.To read this article in full, please click here | Data Breach | ||
 |
2022-08-09 10:08:23 | Twilio Suffers Phishing Based Data Breach (lien direct) | Twilio, the communications giant, has confirmed that hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials. The company, based in San Francisco, allows users to build voice and SMS capabilities, such as two-factor authentication (2FA), into applications, said that it became aware that someone gained “unauthorised access” to information […] | Data Breach | ||
|
2022-08-09 09:25:56 | How to stay safe from cybercriminals and avoid data breaches (lien direct) | A data breach is any person's nightmare. It can affect you mentally and financially, and an 100% unhackable device or account necessitates taking precautionary measures. Hackers target small and medium businesses as they don't have the resources to pay for cybersecurity tools and network upgrades to protect their data against the latest cybercriminals' tricks as […] | Data Breach | ||
 |
2022-08-09 07:24:25 | Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack (lien direct) | Customer engagement platform Twilio on Monday disclosed that a "sophisticated" threat actor gained "unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "limited number" of accounts. The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary "well-organized" and "methodical | Data Breach Threat | ||
|
2022-08-09 00:00:00 | Twitter data breach affects 5.4M users (lien direct) | >Categories: PrivacyTwitter has confirmed a data breach on July 2. (Read more...) | Data Breach | ||
 |
2022-08-08 21:29:35 | How to find out if you are involved in a data breach -- and what to do next (lien direct) | Here's a guide highlighting the tools you can use to determine if your account is at risk. | Data Breach | ||
|
2022-08-08 18:16:46 | (Déjà vu) Twilio discloses data breach that impacted customers and employees (lien direct) | >Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications company Twilio discloses a data breach, threat actors had access to the data of some of its customers. The attackers accessed company systems using employee credentials obtained through a sophisticated SMS phishing attack. Twilio is […] | Data Breach Threat | ||
|
2022-08-08 14:17:51 | Email marketing firm hacked to steal crypto-focused mailing lists (lien direct) | Email marketing firm Klaviyo disclosed a data breach after threat actors gained access to internal systems and downloaded marketing lists for cryptocurrency-related customers. [...] | Data Breach Threat | ||
|
2022-08-08 10:37:06 | Twilio discloses data breach after SMS phishing attack on employees (lien direct) | Cloud communications company Twilio says some of its customers' data was accessed by attackers who breached internal systems after stealing employee credentials in an SMS phishing attack. [...] | Data Breach | ||
|
2022-08-05 22:08:30 | Twitter confirms zero-day used to access data of 5.4 million accounts (lien direct) | >Twitter confirmed that the recent data breach that exposed data of 5.4 million accounts was caused by the exploitation of a zero-day flaw. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered […] | Data Breach Vulnerability Threat | ||
|
2022-08-05 12:00:00 | Twitter confirms zero-day used to expose data of 5.4 million accounts (lien direct) | Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users' accounts, allowing a threat actor to compile a list of 5.4 million user account profiles. [...] | Data Breach Vulnerability Threat | ||
|
2022-08-03 15:22:35 | APIs attacked in 94% of companies in past year (lien direct) | Salt Security, the API security company, today released the Salt Labs State of API Security Report, Q3 2022. In its latest edition, the bi-annual report found that 94% of survey respondents experienced security problems in production APIs in the past year, with 20% stating their organisations suffered a data breach as a result of security […] | Data Breach | ||
 |
2022-08-03 12:50:01 | New Data Breach Extortion Attack Begins with a Fake Duolingo or MasterClass Subscription Scam (lien direct) |
|
Data Breach | ||
 |
2022-08-02 22:30:39 | Black Kite: Cost of data breach averages $15 million (lien direct) | >With the median cost per incident coming in at $130,000, most data breaches do not cross the $1 million threshold. | Data Breach | ||
|
2022-08-01 13:00:00 | How to Prepare for and Respond to a Data Privacy Breach (lien direct) | >Before I started covering cybersecurity, I thought the term ‘breach’ had a single meaning — that an attacker stole data from a computer system. I also thought all the different versions of the word meant the same thing. However, I’ve since learned the nuances and differences between a breach, a data breach and a data […] | Data Breach | ||
|
2022-08-01 10:39:47 | (Déjà vu) Congress Warns of US Court Records Data Breach (lien direct) | Lawmakers on the Hill revealed last week that a cyber-attack on the US justice system had compromised a public document management system. Jerrold Nadler (D-NY), chairman of the House Judiciary Committee, revealed the discovery at a hearing on oversight in the Justice Department. Nadler disclosed that three hostile actors had breached the Public Access to Court […] | Data Breach | ||
|
2022-08-01 07:44:00 | Global cost of data breach reaches record high of $4.35 million: IBM (lien direct) | The global average cost of data breaches reached an all-time high of $4.35 million in 2022 compared with $4.24 million in 2021, according to a new IBM Security report. About 60% of the breached organizations raised product and services prices due to the breaches.The annual report, conducted by Ponemon Institute and analyzed and sponsored by IBM Security, is based on the analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. According to the report, about 83% of the organizations have experienced more than one breach in their lifetime, with nearly half of the costs reported to be incurred more than a year after the breach.To read this article in full, please click here | Data Breach | ||
|
2022-08-01 05:07:00 | BrandPost: Solving the Challenges of Remediating Configuration Settings (lien direct) | A data breach can result in catastrophic consequences for any organization. Ensuring that your IT environment is safe from cyber threats can be a real challenge.To keep intruders out of your networks and data, you need more than up-to-date guidance. You also need to continually assess system configurations for conformance to security best practices and harden thousands of individual settings in your environment.But where do you start?Begin with recognized security best Practices The CIS Critical Security Controls (CIS Controls) are a prioritized set of actions that mitigate the most common cyber attacks. They translate cyber threat information into action. The CIS Benchmarks are secure configuration recommendations designed to safeguard systems against today's evolving cyber threats. Both CIS best practices provide organizations of all sizes with specific and actionable recommendations to enhance cyber defenses. Both are also mapped to or referenced by a number of industry standards and frameworks like NIST, HIPAA, PCI DSS, and more.To read this article in full, please click here | Data Breach Threat | ||
|
2022-07-29 19:34:45 | 911 Proxy Service Implodes After Disclosing Breach (lien direct) | 911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911's proxy software with other titles, including “free” utilities and pirated software. | Data Breach | ||
|
2022-07-29 16:44:16 | To settle with the DoJ, Uber must confess to a cover-up. And it did. (lien direct) | The 2016 Uber data breach affected the personal information of 57 million people. And then the company covered it all up. | Data Breach | Uber Uber | |
 |
2022-07-29 15:43:19 | Big Questions Remain Around Massive Shanghai Police Data Breach (lien direct) | Why was PII belonging to nearly 1 billion people housed in a single, open database? Why didn't anyone notice it was downloaded? | Data Breach | ||
|
2022-07-29 12:02:50 | OneTouchPoint Discloses Data Breach Impacting Over 30 Healthcare Firms (lien direct) | Mailing and printing services vendor OneTouchPoint has disclosed a data breach impacting more than 30 healthcare providers and health insurance carriers. Headquartered in Hartland, Wisconsin, OneTouchPoint offers print, marketing execution and supply chain management services to organizations in the healthcare sector. | Data Breach | ||
 |
2022-07-28 16:00:00 | Checklist 289: Breaches, Edits, and Heat (lien direct) | >IBM reports on the cost of a data breach - and it impacts you even if you haven't been involved in one. Plus: The latest iOS 16 beta shows that Apple is listening. | Data Breach | ||
 |
2022-07-28 00:00:00 | 2022 semble être sur la cible de l'année la plus basse des violations signalées par les grandes sociétés américaines dans les six premiers mois de 2022, les grandes sociétés américaines [de revenus> 2 milliards] ont déclaré le moins de violations de données au cours des cinq dernières années. 2022 seems to be on target for the lowest year of reported breaches by large US corporationsIn the first six months of 2022, large [Revenue >2bn] US corporations reported the fewest data breaches in the past five years.Read More (lien direct) |
âThe number of data breaches reported in the first 6 months of 2022 has put this year on track to be the lowest year of reports in the last 5 years for large [Revenue >2bn] US corporations. By looking at the rate at which data breach events have been reported so far this year, we predict that the number of events reported is expected to be15-20% of the number of breaches reported in 2021âPossible causes:Increased reporting delays: But the time to report has shown a decreasing trend over the last 4 yearsGenuine improvement in cyber defenses preventing data exfiltration Reduction in reporting requirements, or public disclosure preventionIn this analysis we look at all the reported cyber events which involve data exfiltration (data breach), allocated to the year in which the event started. Comparing the number of events reported at each point during the year then gives us an indication for the rate which can be compared between years.The data and populationThe data collected represents public reports of data breaches from US companies with an annual revenue above $2bn (Excluding public services).The data used includes breach events reported up to end of Q2 2022It is this area where the cyber reporting requirements are highest, there is a high level of data available. It is important to note that this will not be all events which occur, only those disclosed, but by looking for changes in the behavior we can look at the potential causes.Overall Breach CountAs of the end of Q2 2022, we have seen 18 breach reports of events occurring in 2022 compared to the 160 cyber events reported from 2021, and 292 from 2020. While we are only 50% through 2022, the number of events reported so far from the first half is 25% of the 2021 total reported at the same point through 2021. To fully compare 2022 against prior years we need to take into account a number of factors:Events not yet reported: some events have occurred but have not yet been reported either because they have not yet been discovered, or because the have been discovered but not publicly disclosedEvents not yet occurred: events which have yet to occur, in the second half of 2022 (and have not yet been reported)âââHow the year unfoldsTo explore how 2022 is emerging, we can look at the rate at which events are being reported. That is to show not just the total report to date, but how the total number of events reported in a year has emerged from the start of the year. To do this we plot the cumulative number of events reported vs the number of days from the start of each incident year.What we see is an indication of how many incidents have been reported from each year have been reported after the same number of days. A steep curve indicates a greater number of incidents reported per month.** Note that the event counts are lower because we do not have exact disclosure dates for all events.ââFrom the chart we can see that the number of reported cyber incidents after 6 months (180 days) of experience is low for 2022 compared with all other years since 2015. This leads us to believe that 2022 is on track to have a very low number of overall incidents reported.There could be a few explanations for thisReporting Delay: The time taken to report incidents has increased in 2022, and there will be a correction in the later part of the yearCybersecurity Investment: The overall number of incidents reported will be lower due to improvements in security postureRegulatory Action: the overall number of incidents reported will be lower due to changes in how the events are reported (or required to be reported)âReporting DelayTo consider if the low reported number of events in 2022 is being driven by an increase in a delay between a cyber event starting and it being reported, we have looked at the trend over the last 10 yearsThe chart below shows the trend over the last 10 years.âââThere has been a steady reduction in median reporting delay from 204 days in 2017 to 63 days | Data Breach Prediction Cloud | ★★★ | |
 |
2022-07-27 20:12:10 | Uber\'s former head of security faces fraud charges after allegedly covering up data breach (lien direct) | The former Chief Security Officer of Uber is facing wire fraud charges over allegations that he covered up a data breach that saw hackers steal the records of 57 million passengers and drivers. Read more in my article on the Hot for Security blog. | Data Breach | Uber Uber | |
|
2022-07-27 17:21:51 | Average Data Breach Costs Soar to $4.4M in 2022 (lien direct) | Call it a 'cyber-tax': Those costs are usually passed on to consumers, not investors, as compromised businesses raise prices for goods and services. | Data Breach | ||
|
2022-07-27 14:10:49 | IBM Security: Cost of Data Breach Hitting All-Time Highs (lien direct) | A study commissioned by IBM Security says the global average cost of a data breach reached an all-time high of $4.35 million and warned that the absence of zero trust principles at studied organizations are pushing those costs even higher. | Data Breach | ||
|
2022-07-27 11:34:53 | Twitter Data Breach From Former Gartner Cybersecurity Analyst (lien direct) | Following the news that Twitter suffered a data breach that saw 5.4 million users' details leaked online please find a comment below from Cyber security experts. The comment covers how the attack opens the door to high-profile attacks on famous users, with the likely outcome of crypto scam efforts, and the further threats that can […] | Data Breach | ||
|
2022-07-27 10:32:19 | T-Mobile agrees to pay customers $350 million in settlement over data breach (lien direct) | >T-Mobile has proposed to settle its 2021 data breach by paying $350 million, along with an incremental spend of $150 million in security. | Data Breach |
To see everything:
Our RSS (filtrered)
