What's new arround internet

Src Date (GMT) Titre Description Tags Stories Notes
TechRepublic.png 2019-01-17 19:23:02 Over 87GB of email addresses and passwords exposed in Collection 1 dump (lien direct)

An 87GB dump of email addresses and passwords containing almost 773 million unique addresses and just under 22 million unique passwords has been found.

SecurityAffairs.png 2019-01-17 18:56:03 Collection #1 dump, 773 million emails, 21 million passwords (lien direct)

The popular cyber security expert Troy Hunt has uncovered a massive data leak he called ‘Collection #1’ that included 773 million records. The name ‘Collection #1’ comes from the name of the root folder. Someone has collected a huge trove of data through credential stuffing, the ‘Collection #1’ archive is a set of email addresses […]

The post Collection #1 dump, 773 million emails, 21 million passwords appeared first on Security Affairs.

TechRepublic.png 2019-01-17 18:53:00 How to create a cloud-based virtual network in Microsoft Azure (lien direct)

Virtual networks provide the secure connection vital to the effective use of cloud-based services.

SecurityWeek.png 2019-01-17 18:40:01 Ongoing Attacks Hit West African Financial Institutions Since Mid-2017 (lien direct)

Cyber-attacks that have been ongoing since at least mid-2017 hit financial institutions in West Africa, Symantec security researchers report.

read more

ArsTechnica.png 2019-01-17 18:38:05 Windows 10 October 2018 Update is at last being pushed automatically (lien direct)

The update is still rolling out at a snail\'s pace.

ZDNet.png 2019-01-17 18:35:01 Online stores for governments and multinationals hacked via new security flaw (lien direct)

Little-known database management tool allowed hackers to take over sites and inject malicious code that steals payment card details.

SecurityWeek.png 2019-01-17 18:26:01 New Magecart Group Targets French Ad Agency (lien direct)

A new threat actor operating under the “Magecart” umbrella landed a malicious skimmer on hundreds of websites through a supply chain attack, security firms reveal.

read more

TechRepublic.png 2019-01-17 18:25:00 How to connect to VNC using SSH (lien direct)

If your network doesn\'t allow connections into the default VNC port 5901, you can tunnel it through SSH.

SecurityWeek.png 2019-01-17 18:01:00 773 Million Records Amassed in Massive Data Breach Collection (lien direct)

A newly discovered set of compromised login details contains roughly 773 million email addresses, Australian web security expert Troy Hunt reveals.

read more

TechRepublic.png 2019-01-17 17:58:00 ​4 ways to prepare for GDPR and similar privacy regulations (lien direct)

Data privacy is no longer a nice-to-have security commodity, but a must-have commodity.

bleepingcomputer.png 2019-01-17 17:48:04 BlackRouter Ransomware Promoted as a RaaS by Iranian Developer (lien direct)

A ransomware called BlackRouter has been discovered being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. This same actor previousl distributed another ransomware called Blackheart and promotes other infections such as a RAT. [...]

no_ico.png 2019-01-17 17:34:04 Long-Term Hacking Campaigns Against U.S Electric Grid (lien direct)

A recent deep dive by The Wall Street Journal reconstructs the worst hack into the US power systems, revealing attacks on hundreds of small contractors. Rather than strike the utilities head on, the hackers went after hundreds of contractors and sub-contractors and worked their way up the supply chain. Industry experts have said that Russian government hackers …

The ISBuzz Post: This Post Long-Term Hacking Campaigns Against U.S Electric Grid appeared first on Information Security Buzz.

no_ico.png 2019-01-17 17:22:01 Disaster Recovery: Beyond Backup (lien direct)

With the excessive amounts of data circulating in today\'s modern organizations, the importance offinding a perfect storage solution, that can safeguard data, is deemed more imperative than ever. As data generation shows no signs of slowing down, it\'s necessary to realize and accept that neither backup alone nor cloud alone will likely be a sufficient …

The ISBuzz Post: This Post Disaster Recovery: Beyond Backup appeared first on Information Security Buzz.

bleepingcomputer.png 2019-01-17 17:15:03 Twitter Fixes Four Year Old Bug in Android App Exposing Private Tweets (lien direct)

Twitter announced today that an issue in its app for Android exposed some users\' protected tweets for over four years, if they made certain changes to their account settings. [...]

SecurityWeek.png 2019-01-17 17:02:03 Misconfigured Server Leaks Oklahoma Department of Securities Data (lien direct)

A storage server configured for public access was found to expose terabytes of data belonging to the Oklahoma Department of Securities, UpGuard reveals.

read more

WiredThreatLevel.png 2019-01-17 16:58:05 A New \'Ghostbusters\' Movie Is Coming in 2020 (lien direct)

Also: Steve Carell is making a Space Force show for Netflix, and Apple is teaming up with Sofia Coppola and Bill Murray.

ZDNet.png 2019-01-17 16:46:00 West African banks hit by multiple hacking waves last year (lien direct)

Banks in Cameroon, Congo (DR), Equatorial Guinea, Ghana, and the Ivory Coast have been hit.

SecurityWeek.png 2019-01-17 16:45:03 Serious Flaws Found in ControlByWeb Industrial Weather Station (lien direct)

Researchers have discovered two potentially serious vulnerabilities in an industrial-grade weather station made by ControlByWeb, a company that specializes in products that allow organizations to remotely monitor and control electrical devices.

read more

no_ico.png 2019-01-17 16:32:03 Oklahoma Securities Commission Data Breach (lien direct)

Another huge leak of government information – a huge amount, 3 terabytes, of unprotected data from theOklahomaSecurities Commission wasuncoveredby Greg Pollock, a researcher with cybersecurity firm UpGuard. It amounted to millions of files, many on sensitive FBI investigations, all of which were left wide open on a server with no password, accessible to anyone with …

The ISBuzz Post: This Post Oklahoma Securities Commission Data Breach appeared first on Information Security Buzz.

no_ico.png 2019-01-17 16:30:05 200 Mil Chinese Resumes Exposed In MongoDB Leak (lien direct)

In response to news that200 million Chinese resumes were exposed in a MongoDBdatabase leakand there are indications the date was accessed at least a dozen timesexperts with OneSpan and Cequence offer perspective. Franklyn Jones, CMO atCequence: “It\'s unusual for data breaches to yield such a rich set of data on individuals. Unfortunately, it provides fraudsters …

The ISBuzz Post: This Post 200 Mil Chinese Resumes Exposed In MongoDB Leak appeared first on Information Security Buzz.

TechRepublic.png 2019-01-17 16:30:03 How use cases benefit developers and end users (lien direct)

The best use case will fail if developers lack the skills to understand the end users\' environment, mindset, and challenges.

TechRepublic.png 2019-01-17 16:20:05 68% of enterprise IT departments now using public cloud infrastructure (lien direct)

While public cloud adoption is high, security remains a top concern for businesses, according to a NetEnrich report.

bleepingcomputer.png 2019-01-17 16:06:00 Data Breach Collection with 773 Million Email Entries Leaked Online (lien direct)

A giant 87 gigabyte archive consisting of 773 million unique email addresses and their associated cracked, or dehashed, passwords has been spotted being promoted on an online hacking forum. This file is being called "Collection #1" and was designed to easily be used in credential stuffing attacks. [...]

TechRepublic.png 2019-01-17 15:46:04 Amazon Web Services launches fully-managed AWS Backup (lien direct)

The new service offers centralised backup in the cloud and on-premises.

Kaspersky.png 2019-01-17 15:41:02 Cyber-Jackpot: 773M Credentials Dumped on the Dark Web (lien direct)

Thousands of individual breaches make up the database, one of the largest troves of stolen credentials ever seen.

TechRepublic.png 2019-01-17 15:35:01 Malware can now evade cloud security tools, as cybercriminals target public cloud users (lien direct)

Refined malware payloads from Chinese threat actor Rocke Group are sidestepping security tools to install cryptocurrency miners on cloud systems.

DarkReading.png 2019-01-17 15:30:00 New Attacks Target Recent PHP Framework Vulnerability (lien direct)

Multiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads.

SecurityWeek.png 2019-01-17 15:27:04 ERP Security Firm Onapsis Acquires Competitor Virtual Forge (lien direct)

Onapsis, a company specializing in cybersecurity and compliance solutions for enterprise resource planning (ERP) products, on Wednesday announced that it has entered a definitive agreement to acquire competitor Virtual Forge.

read more

bleepingcomputer.png 2019-01-17 15:20:05 ES File Explorer Flaws Put 100 Million Users\' Data at Risk, Fix Promised (lien direct)

ES File Explorer users now have to wait to see what issue will be fixed in the next update: the always-on web server giving access to all their files to anyone on the same Wi-Fi network or the MitM attack vulnerability [...]

grahamcluley.png 2019-01-17 15:04:01 The Collection #1 data breach - what you need to do about it (lien direct)
The Collection #1 data breach - what you need to do about it

A huge collection of email addresses and passwords, which can be used in attempts to break into online accounts, has been discovered.

If you are one of the affected users, what should you do about it?

WiredThreatLevel.png 2019-01-17 15:00:00 In This Brutal \'Titan Games\' Event, Friction Is The Real Winner (lien direct)

Sure, you need big muscles to win the Lunar Impact event in Dwayne Johnson\'s new reality show. But you won\'t get anywhere without friction.

no_ico.png 2019-01-17 14:56:01 Iran Blamed For Global DNS Hijacking Campaign (lien direct)

Mandiant Incident Response and Intelligence teams have identified a wave of DNS hijacking that has affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America. Initial research suggests the actor or actors responsible have a nexus to Iran. This campaign has targeted …

The ISBuzz Post: This Post Iran Blamed For Global DNS Hijacking Campaign appeared first on Information Security Buzz.

ESET.png 2019-01-17 14:56:00 773 million email IDs, 21 million passwords for anyone to see in massive data dump (lien direct)

The vast dossier of stolen login details appears to have been gathered from data stolen in many breaches

TechRepublic.png 2019-01-17 14:52:01 Data science jobs up 29% this year, these cities pay pros the most (lien direct)

Demand for data scientists continues to grow, as average salaries for these positions often soar over $100,000, according to Indeed.

itsecurityguru.png 2019-01-17 14:40:03 DigiCert Completes Purchase Of QuoVadis, Expands European Presence And TLS, PKI Offerings. (lien direct)

DigiCert, Inc., the world\'s leading provider of TLS/SSL, IoT and other PKI solutions, today completed its acquisition of the QuoVadis Group from WISeKey International Holding Ltd (SIX: WIHN), a leading Swiss cybersecurity and IoT company. QuoVadis is a Qualified Trust Service Provider (TSP) in the European Union (EU) and Switzerland. DigiCert will continue to operate […]

The post DigiCert Completes Purchase Of QuoVadis, Expands European Presence And TLS, PKI Offerings. appeared first on IT Security Guru.

securityintelligence.png 2019-01-17 14:15:02 Board Directors Can\'t Afford to Ignore Cybersecurity Risk (lien direct)

As businesses rush to adopt emerging technologies such as AI, blockchain and big data, board directors must increase their engagement around cybersecurity risk.

The post Board Directors Can’t Afford to Ignore Cybersecurity Risk appeared first on Security Intelligence.

ZDNet.png 2019-01-17 14:13:02 Some Android GPS apps are just showing ads on top of Google Maps (lien direct)

Apps have been downloaded over 50 million times. Google has failed to removed them, even if they blatantly break their own license.

Kaspersky.png 2019-01-17 14:03:01 Cryptomining Malware Uninstalls Cloud Security Products (lien direct)

New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.

itsecurityguru.png 2019-01-17 14:01:01 Barracuda Boosts Total Email Protection With Forensics And Incident Response. (lien direct)

Barracuda, the trusted partner and leading provider for cloud-enabled security solutions, today announced the introduction of Forensics and Incident Response. Available to Barracuda Total Email Protection customers as a value-add, the solution automates incident response and provides remediation options, helping organizations address issues faster, more efficiently, and more effectively. Attackers often attempt to bypass traditional […]

The post Barracuda Boosts Total Email Protection With Forensics And Incident Response. appeared first on IT Security Guru.

no_ico.png 2019-01-17 14:00:04 Vulnerabilities In Web Hosting Platform (lien direct)

Bluehost, a popular web hosting platform, has been found to be riddled with vulnerabilities including one that would allow complete account takeover according to independent security researcher Paulos Yibelo. Expert Comments below: Mike Bittner, Digital Security and Operations Manager at The Media Trust: “By paying scant attention to security and privacy, web-hosting platform providers unknowingly …

The ISBuzz Post: This Post Vulnerabilities In Web Hosting Platform appeared first on Information Security Buzz.

AlienVault.png 2019-01-17 14:00:00 The Dark Web has a Serious Deduplication Problem (lien direct)

In a post released on 1/8/19, I wrote about the record number of breaches in 2018. This brought to mind a podcast that I was listening to a few days back hosted by Corey Nachreiner, CTO of WatchGuard Technologies, Inc. on his 443 Podcast. Corey discussed the potential data deduplication problem on the Dark Web. This article will attempt to break down how this can happen and how this can cause issues not only for users of the Dark Web, but also for those whose data has been stolen and placed on the Dark Web for purchase.

The breaches of 2018 were vast and widespread, affecting businesses from fast food to department stores to airlines with record amounts of data being lost. If you look at just the breaches I referenced in the previous article, total PII records counts are over one billion in the United States. In India, every citizen in the country had their data compromised with the breach of Aadhaar, the Indian biometric IT program owned and operated by the government of India. The Aadhar breach alone accounted for 1.1 Billion records lost to hackers.   

Researching this, I discovered that for just the US-based hacks in the article,  Americans and foreign travelers doing business with one of the breached companies had a total of 1.3 billion records stolen. If you figure there are approximately 330 million citizens of the United States and if every person in the US was affected they would have their personally identifiable information exposed to the Dark Web approximately 4 times.

While that may not seem like a lot, please consider that it would be nearly impossible for every US citizen to be breached. The US does not have a mandatory centralized identification system as the Indian government has. Then, of course, not all 330 million Americans were affected by these breaches due to lack of exposure to affected breached sites, age, and other factors. Let’s say that 150 million Americans were affected in some way - which would mean that about half of all US citizens were affected by the breaches of 2018. Let’s also assume that another 150 million citizens of other countries were affected by the breaches of 2018. That would calculate to 300 million total people affected by the breaches of 2018.

With a nice round number like 300 million people being affected one could assume there would be some duplicate records. With that being said, there are probably a lot of duplicate records. The total number of records duplicated per affected person I calculate at 4.333 records. This is admittedly a pretty arbitrary number, considering some people are more active than others on the web or at a particular retailer. Some people fly frequently, while others may not fly or stay in hotels at all. But this is an estimate to work with.

From the results of the 2018 breaches, it is fairly safe to say that a very large number of people globally had their PII stolen and many of those had the information stolen several times. Each time a little more and different information was stolen. Many people look at a cyber breach as a big, scary and mysterious thing. What they should be more concerned with is that their data is stolen multiple times, from different sources.

A lot of information stolen is static, like social security numbers and driver’s license numbers; however, much of it is not. You can change your credit card numbers, passport numbers, addresses, and phone numbers. You can even improve your health or change it in some way that would make the stolen data inaccurate.

Once you look at the statistics from the 2018 breaches and th

WiredThreatLevel.png 2019-01-17 14:00:00 The Detroit Auto Show Proves Americans Sure Love SUVs (lien direct)

The people want their cars big and gas-powered. The automakers are happy to provide.

SecurityWeek.png 2019-01-17 13:34:02 Flaw in Reservation System Impacts Many Airlines (lien direct)

A vulnerability discovered in a reservation system used by hundreds of airlines around the world could expose the details of millions of their customers, researchers warned this week.

read more

TechRepublic.png 2019-01-17 13:30:00 3 things businesses should know about Google\'s G Suite price increase (lien direct)

Google is raising prices for G Suite Basic and G Suite Business productivity suites for the first time. Here\'s how much you\'ll have to pay.

bleepingcomputer.png 2019-01-17 13:22:02 Microsoft Launches Azure DevOps Bounty Program (lien direct)

Microsoft Security Response Center (MSRC) announced the launch of a bug bounty program starting January 17 and targeting the Azure DevOps services and the latest release of Azure DevOps server [...]

ZDNet.png 2019-01-17 13:21:00 Oklahoma gov data leak exposes FBI investigation records, millions of department files (lien direct)

An Oklahoma Department of Securities server allowed anyone to download government files.

SecurityWeek.png 2019-01-17 13:12:02 Pessimism Pervades World Economic Forum Annual Survey (lien direct)

The annual World Economic Forum (WEF) Global Risks Perception Survey this year again includes two cybersecurity risks in the top five perceived long-term (10-year) risks. It is the same five as last year, although the order has changed. \'Data fraud or theft\' is still considered the fourth risk, but \'cyber-attacks\' have dropped from third to fifth.

read more

securityintelligence.png 2019-01-17 13:05:01 Bring Order to Chaos By Building SIEM Use Cases, Standards, Baselining and Naming Conventions (lien direct)

>Standards, baselines and naming conventions can remove barriers to threat detection and response and help security teams build effective SIEM use cases.

The post Bring Order to Chaos By Building SIEM Use Cases, Standards, Baselining and Naming Conventions appeared first on Security Intelligence.

WiredThreatLevel.png 2019-01-17 13:00:00 2 Food Processors Tested: Breville, Cuisinart (lien direct)

Even if your knife skills are solid, a food processor is still faster and more convenient for bigger projects.

WiredThreatLevel.png 2019-01-17 13:00:00 Be Careful Using Bots on Telegram (lien direct)

Introducing a bot to a secure Telegram conversation downgrades the level of encryption-without providing any visual cues.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

Information mise à jours le: 2019-01-19 06:03:28
Voir la liste des sources.

Mon email:

Vous souhaitez ne rien manquer: Notre RSS (filtré) Twitter