What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-06 10:38:26 | Experts Insight On Facebook Data Leak (lien direct) | Cybersecurity experts provide an insight below on latest facebook data breach in which 533 million Facebook users phone numbers have been leaked to an online forum, originally Tweeted by Alon Gal, CTO… | Data Breach | ||
 |
2021-04-05 15:19:42 | 2,5M+ users can check whether their data were exposed in Facebook data leak (lien direct) | You can check if your personal information is included in the Facebook data leak by querying the data breach notification service Have I Been Pwned. The news of the availability on a hacking forum of the personal information for 533,313,128 Facebook users made the headlines. The availability of the data was first reported by Alon Gal, […] | Data Breach | ||
|
2021-04-05 15:09:20 | Expert Insight: Arup\'s Data Breach (lien direct) | Industry leaders and experts provide an insight on the recent news about Arup, a global consultancy firm, and the data breach that it endured resulting in staff bank acct #’s… | Data Breach Guideline | ||
 |
2021-04-05 07:52:56 | How the Work-From-Home Shift Impacts SaaS Security (lien direct) | The data is in. According to IBM Security's 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has increased 630%.
Moreover, 75% of respondents report that discovery and recovery time from data breaches has significantly increased due |
Data Breach | ||
 |
2021-04-04 14:28:25 | How to check if your info was exposed in the Facebook data leak (lien direct) | Data breach notification service Have I Been Pwned can now be used to check if your personal information was exposed in yesterday's Facebook data leak that contains the phone numbers and information for over 500 million users. [...] | Data Breach | ||
|
2021-04-03 16:51:01 | (Déjà vu) Capital One discovered more customers\' SSNs exposed in 2019 hack (lien direct) | More clients of Capital One have been impacted in the 2019 data breach, the US bank is notifying them of their SSNs exposure. US bank Capital One notified a number of additional customers that their Social Security numbers were exposed in the data breach that took place in July 2019. A hacker that was going […] | Data Breach Hack | ||
|
2021-04-02 11:46:15 | Capital One notifies more clients of SSNs exposed in 2019 data breach (lien direct) | US bank Capital One notified additional customers that their Social Security numbers were exposed in a data breach announced in July 2019. [...] | Data Breach | ||
 |
2021-04-02 10:00:00 | 5 steps to respond to a data breach (lien direct) | This blog was written by an independent guest blogger. You’ve just been breached. What do you do next? Depending on personality, preparation, and ability under crisis, there are a variety of responses to choose from, some effective and some not. Hopefully, you’re the rare breed who plans in advance how to respond. Even better if this planning includes how to prevent them. But to execute a logical, effective response, keep reading. In this guide, I’ll take you through a methodical process of handling a data breach and how to stop it from happening again. Let’s get to it. 1. Stop the breach At the risk of resembling Captain Obvious, before anything else you need to stop the data leak. But to do that you have to recognize a data breach exists. For some organizations the problem with data breaches isn’t responding to them – it’s knowing they are happening at all. Research indicates that breach detection can take half a year or longer on average. That should be a mind-boggling statistic and testament to the general widespread lack of effective cybersecurity. By the time the problem is spotted, potentially private data has been leaking into the wrong hands for a long time. So... contain it quickly. Isolate the systems that have been compromised and immediately take them offline. Late though it might be, it’s critical to stop the problem from spreading to other parts of your network. Shut down any user accounts that you believe have been used to steal data – it’s better to be safe than sorry. You can restore them later. 2. Assess the damage Next, get ready to undertake some forensics. These should be focused not just on tracing how your data was accessed, but the likely impact of it being released to the general public, in the unfortunate event that happens. While determining whether it’s a data breach, leak, or compromise, you should also ask yourself (and your team) a number of questions: What was the attack vector? Was the attack based on social-engineering tactics or through user accounts? How sensitive is the breached data? What is the type of data affected? Does the data contain high-risk information? Was the data encrypted and can it be restored (did the company backup their data)? It’s crucial that you perform this analysis before going on to the next step. Otherwise, your response to the breach could look uninformed and casual to an outsider. Get the facts straight, in other words, before customers start asking awkward questions. 3. Notify those affected Then it’s time to come clean. Inform everyone who is likely to be affected by the breach at the earliest possible opportunity. While it’s not a terrible idea to make sure your systems are safe before breaking the news, that doesn’t give you a license to wait months “just in case.” It’s tempting to play down the breach. Maybe omit some damaging details in hopes of preserving your brand integrity. Unthink those thoughts! If you are not totally honest and it’s discovered later - which it almost certainly will be - brand damage could be much, much worse. There is also the possibility of legal action. Any nasty, negative online comments the breach gen | Data Breach Hack | ||
 |
2021-04-01 17:05:00 | Forensic Audit of MobiKwik Ordered (lien direct) | Reserve Bank of India orders audit of country's largest mobile payment network after alleged data breach | Data Breach | ||
|
2021-04-01 16:53:01 | Whistle-blower Claims Ubiquiti Networks Data Breach Was \'catastrophic\' (lien direct) | A whistle-blower involved in the response to a data breach suffered by Ubiquiti Networks has claimed the incident was downplayed and could be described as “catastrophic.” On January 11, the… | Data Breach | ||
 |
2021-04-01 14:30:21 | Ubiquiti Shares Dive After Reportedly Downplaying \'Catastrophic\' Data Breach (lien direct) | Shares of New York City-based IoT device maker Ubiquiti (NYSE: UI) fell significantly this week following a report claiming that the recently disclosed data breach was “catastrophic” and that its impact was downplayed. | Data Breach | ||
 |
2021-04-01 11:27:15 | (Déjà vu) Ubiquiti: cyberattack worse than originally reported (lien direct) | Ubiquiti suffered a data breach, which they disclosed in January 2021. Recent information, however, claims that the data breach report was potentially a cover-up of a larger incident that put customer data and devices deployed on corporate and home networks at risk. Ubiquiti originally reported that an attacker had accessed some of its IT systems, […] | Data Breach | ||
|
2021-04-01 09:58:40 | Ubiquiti security breach may be a catastrophe (lien direct) | The data breach disclosed by Ubiquiti in January could be just the tip of the iceberg, a deeper incident could have hit the company. In January, American technology vendor Ubiquiti Networks suffered a data breach, it sent out notification emails to its customers asking them to change their passwords and enable 2FA for their accounts. […] | Data Breach | ||
|
2021-04-01 03:04:05 | Ubiquiti cyberattack may be far worse than originally disclosed (lien direct) | The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks. [...] | Data Breach | ||
 |
2021-03-31 19:10:25 | Whistleblower Accuses Ubiquiti of Downplaying Major Data Breach (lien direct) |
A security professional who assisted Ubiquiti in its response to a data breach accused the Internet-of-Things (IoT) device vendor of having downplayed the incident's severity. |
Data Breach | ||
|
2021-03-31 12:02:40 | MobiKwik Data Breach – Thoughts From Experts (lien direct) | Indian payment services provider MobiKwik is currently investigating a huge data breach affecting millions of its customers. An unknown user at an underground marketplace has 8.2 TB of data from the company,… | Data Breach | ||
 |
2021-03-31 07:38:24 | Whistleblower claims Ubiquiti Networks data breach was \'catastrophic\' (lien direct) | The source alleges the January security incident was severely downplayed. | Data Breach | ||
|
2021-03-30 11:20:35 | Leading Indian fintech platform MobiKwik denies data breach (lien direct) | Indian digital financial services platform Mobikwik denies claims that almost 8 TB of data put up for sale was allegedly stolen from its servers. [...] | Data Breach | ||
|
2021-03-29 23:21:45 | MobiKwik Suffers Major Breach - KYC Data of 3.5 Million Users Exposed (lien direct) | Popular Indian mobile payments service MobiKwik on Monday came under fire after 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web in the aftermath of a major data breach that came to light earlier this month.
The leaked data includes sensitive personal information such as:customer names,hashed passwords,email addresses,residential addresses,GPS |
Data Breach | ||
|
2021-03-29 11:30:14 | 300,000 User Accounts Exposed After Credit Card Hacking Forum Is Hacked (lien direct) | Carding Mafia, a forum for stealing and trading credit cards, has fallen victim to being hacked by hackers – with almost 300,000 user accounts exposed, according to data breach notification… | Data Breach | ★★ | |
|
2021-03-27 09:41:12 | FatFace sends controversial data breach email after ransomware attack (lien direct) | British clothing brand FatFace has sent a controversial 'confidential' data breach notification to customers after suffering a ransomware attack earlier this year. [...] | Ransomware Data Breach | ||
|
2021-03-26 16:54:13 | Report: US Gov Executive Order to Mandate Data Breach Disclosure (lien direct) | A proposed executive order would set new rules on the disclosure of data breaches that also affect United States government agencies, according to a Reuters news report. | Data Breach | ||
|
2021-03-25 13:38:55 | 30 million Americans affected by the Astoria Company data breach (lien direct) | Researchers discovered the availability in the DarK Web of 30M of records of Americans affected by the Astoria Company data breach Astoria Company LLC is a lead generation company that leverages on a network of websites to collect information on a person that may be looking for discounted car loans, different medical insurance, or even […] | Data Breach Guideline | ||
 |
2021-03-25 12:54:46 | FatFace would like everyone to keep its data breach “strictly private and confidential” (lien direct) | British fashion retailer FatFace has been hacked. Whoops! I said it. Sorry. I'm not sure they wanted anyone to talk about it, so maybe I shouldn't have mentioned it. | Data Breach | ||
|
2021-03-24 17:54:24 | Air Charter Firm Solairus Aviation Suffers Data Breach (lien direct) | Private aviation services provider Solairus Aviation on Tuesday announced that some employee and customer data was compromised in a security incident at third-party vendor Avianis. | Data Breach | ★★ | |
|
2021-03-24 11:13:16 | California Controller\'s Office employee falls for phishing link (lien direct) | A California State Controller’s Office employee fell for a phishing link, leading to a data breach that resulted in the theft of around 9,000 records. The employee, who worked in the Unclaimed Property division clicked on a phishing link received in an email and then proceeded to enter a user ID and password. This gave […] | Data Breach Guideline | ||
|
2021-03-23 11:36:21 | Oil giant Shell discloses data breach linked to Accellion FTA vulnerability (lien direct) | The information of stakeholders has been compromised. | Data Breach Vulnerability | ||
|
2021-03-23 11:01:27 | Michigan Bank loses Customers\' SNNs (lien direct) | The Michigan based bank Flagstar, has contacted its customers informing them of a data breach during which hackers accessed their SSNs. The bank finally admitted that the attack resulted in the loss of customers’ Social Security Numbers, home addresses, full name and phone numbers – a detail that was not publicly disclosed when the data […] | Data Breach | ||
|
2021-03-23 09:06:06 | Energy giant Shell discloses data breach caused by Accellion FTA hack (lien direct) | Oil and gas giant Royal Dutch Shell (Shell) discloses a data breach resulting from the compromise of its Accellion File Transfer Appliance (FTA) file sharing service. Energy giant Shell disclosed a data breach resulting from the compromise of an Accellion File Transfer Appliance (FTA) used by the company. Shell is an Anglo-Dutch multinational oil and […] | Data Breach Hack | ||
|
2021-03-22 10:58:16 | Energy giant Shell discloses data breach after Accellion hack (lien direct) | Energy giant Shell has disclosed a data breach after attackers compromised the company's secure file-sharing system powered by Accellion's File Transfer Appliance (FTA). [...] | Data Breach Hack | ||
|
2021-03-18 11:01:00 | What is a security operations center (SOC)? Explaining the SOC framework (lien direct) | This article was written by an independent guest author. If you’re responsible for stopping cyber threats within your organization, your job is more challenging than ever. The exposure to threats for any organization continues to escalate, and breaches are occurring every day. Consider: The average cost of a data breach is approximately $3.92M On average, it takes 280 days to identify and contain a breach If your company doesn’t have a security operations center (SOC), it may be time to change that. In fact, a recent study indicates 86% of organizations rate the SOC as anywhere from important to essential to an organization's cybersecurity strategy. What is a SOC? The security operations center (SOC) identifies, investigates, prioritizes, and resolves issues that could affect the security of an organization’s critical infrastructure and data. A well-developed and well-run SOC performs real-time threat detection and incident response, allowing SOC analysts to rapidly deliver security intelligence to stakeholders and senior management. The SOC framework was introduced by The Open Web Application Security Project (OWASP), a nonprofit foundation established to improve software security as a means for responding to cybersecurity incidents. The framework includes technical controls (Security Information and Events Management (SIEM) systems), organizational controls (processes), and also includes a human component (detection and response). Perhaps the most crucial function for a SOC involves a detailed and ongoing attack analysis. This means gathering and reporting on attack data that provides answers to these questions: When did the attack start? Who is behind the attack? How is the attack being carried out? What resources, systems, or data are at risk of being compromised or have already been compromised? A proactive and reactive mechanism Beyond attack analysis, the SOC also provides critical cybersecurity functions that should be a cornerstone for every business today: prevention, detection and response. An effective SOC prioritizes a proactive approach rather than relying on reactive measures. The SOC typically works around the clock to monitor the network for abnormal or malicious activity, which might stop attacks before they happen. How does this work? SOC analysts are well-equipped to prevent threats because they have access to comprehensive network data and possess up-to-date intel on global threat intelligence stats and data covering the latest hacker tools, trends, and methodologies. When it comes to response, think of the SOC as a first responder, carrying out the critical actions that “stop the bleeding” from an attack. When the incident is over, the SOC will also assist or lead restoration and recovery processes. What are the goals of a well-functioning SOC? A well-functioning SOC provides a multitude of benefits, but in order to get the most out of your security operations center, you’ll need to ensure you have experienced personnel to make u | Data Breach Threat Guideline | ||
|
2021-03-17 10:53:39 | Defunct WeLeakInfo site suffered own data breach (lien direct) | A threat actor has leaked data from the now-defunct WeLeakInfo data breach site, including payment and customer information. Last Thursday, the hacker published am archive of payment processing data used by the strip of a hacking forum known as RaidForums. The WeLeakInfo site offered paid subscriptions to users for searchable access to a database, which […] | Data Breach Threat | ||
|
2021-03-16 17:49:00 | Fastway Couriers Confirms Security Breach (lien direct) | Investigation launched after data breach puts 450k Fastway Couriers customers at risk | Data Breach | ||
 |
2021-03-16 09:00:00 | How attackers counter incident response after a data breach (lien direct) | Pas de details / No more details | Data Breach | ||
|
2021-03-15 16:20:00 | Vulnerable Australian Kids Impacted by Data Breach (lien direct) | Former caseworker accessed sensitive data of children hundreds of times after leaving their job | Data Breach | ||
|
2021-03-15 05:01:00 | What is network segmentation? NS best practices, requirements explained (lien direct) | This article was written by an independent guest author. If you follow cybersecurity current events, you may know that the cost and frequency of a data breach continue to skyrocket. Organizations are constantly under attack, and the shift to remote work is only exacerbating the problem. According to IBM’s 2020 Cost of a Data Breach Report, most respondents are concerned that identifying, containing, and paying for a data breach is more burdensome today than ever before. Seventy-one percent feel that remote work will increase the time to identify and contain a breach, while almost the same number believe remote work increases the cost of a breach. The numbers agree: remote work has added $137,000 to the average breach cost. In 2021 and beyond, reactive security measures—typically cumbersome and costly—are no longer sufficient. Instead, proactive strategies that anticipate potential risks or vulnerabilities and prevent them before they even happen are required. One such strategy, network segmentation, is critical for any organization. If you’re not deploying network segmentation, it’s time to get started. What is network segmentation? Network segmentation is a process in which your network is divided into multiple zones, with specific security protocols applied to each zone. The main goal of network segmentation is to have a better handle on managing security and compliance. Typically, traffic is segregated between network segments using VLANs (virtual local area networks), with firewalls representing an additional layer of security for application and data protection. By separating your network into smaller networks, your organization’s devices, servers, and applications are isolated from the rest of the network. Potential attackers that successfully breach your first perimeter of defense cannot get further, as they remain contained within the network segment accessed. How does network segmentation compare to micro segmentation? The concept of micro segmentation was created to reduce an organization’s network attack surface by applying granular security controls at the workload level and limiting east-west communication. While micro segmentation began as a method of moderating lateral traffic between servers within one segment, it has evolved to incorporate traffic in multiple segments. This intra-segment traffic would allow communication between both servers and applications, as long as the requesting resource meets the permissions set out for that host/application/server/user. Microsegmentation can also be used at a device level. For example, protecting IoT or connected manufacturing or medical devices—since many ship without endpoint security or are difficult to take offline in order to update endpoint security. The key differences between the two strategies can be boiled down like this: Segmentation works with the physical network, policies are broad, limits north-south traffic at the network level, and is typically hardware-based Micro segmentation works with a virtual network, policies are more granular, limits east-west traffic at the workload level, and is typically software-based. An analogy: if your network is a collection of castles, segmentation is like the huge walls surrounding the buildings, while micro segmentation is like armed guards outside each castle door. When deciding between segmentation and micro segmentation, it shouldn’t be a question of one over the other. Incorporating both models into your security strategy is best: segmentation north-south traffic and micro segmentation for east-west traffic. Best practices for segmenting network traffic However you go about segmenting your network, you’ll want to ensure the seg | Data Breach Vulnerability Guideline | ||
|
2021-03-12 20:57:04 | 10,000+ WeLeakInfo customer records leaked (lien direct) | An actor claimed to have registered one of the domains of WeLeakInfo, accessed details of 10000+ WeLeakInfo’ s customers, and leaked it. WeLeakInfo.com was a data breach notification service that was allowing its customers to verify if their credentials been compromised in data breaches. The service was claiming a database of over 12 billion records from over […] | Data Breach | ||
|
2021-03-12 17:48:00 | Settlement Reached Over Data Breach Impacting 24 Million Americans (lien direct) | Retrieval-Masters Creditors Bureau reaches multi-state settlement over AMCA data breach | Data Breach | ||
|
2021-03-12 17:15:00 | Utah Company Stored Passport Scans on Unsecured Server (lien direct) | Premier Diagnostics data breach exposes personal information of over 50k customers | Data Breach | ||
|
2021-03-12 16:30:41 | (Déjà vu) West Ham supporters have data leaked by club website (lien direct) | English Premier League football club, West Ham, has suffered an accidental data breach with personal information of supporters leaked via the clubs official website. Having first been reported by Forbes, error messages were being displayed on the West Ham’s website before showcasing the profile information of supporters to other fans who were attempting to log […] | Data Breach | ||
|
2021-03-12 14:11:47 | Fastway Couriers suffers data breach (lien direct) | An investigation has been opened into the data breach at Fastway Couriers, during which hackers stole the personal details of thousands of Irish online shoppers. The company has confirmed that the names, addresses, email accounts and phone numbers of 446,143 customers have been accessed. Fortunately, no financial information or other personal data was accessed or […] | Data Breach | ||
|
2021-03-10 09:13:45 | Cybersecurity Expert Insight: SITA Data Breach (lien direct) | Global air transport data giant SITA has confirmed a data breach involving passenger data. The company said in a brief statement on Thursday that it had been the “victim of a cyberattack,”… | Data Breach | ||
|
2021-03-09 13:37:36 | Experts On Elara Caring Discloses Data Breach (lien direct) | US healthcare provider Elara Caring has disclosed a data breach that exposed 100,000 patients’ information after an intruder gained access via a phishing attack targeting employees. US healthcare provider Elara… | Data Breach | ||
|
2021-03-08 10:21:59 | Flagstar Bank hit by data breach exposing customer, employee data (lien direct) | US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January. [...] | Ransomware Data Breach | ||
|
2021-03-05 23:13:44 | Millions of travelers of several airlines impacted by SITA data breach (lien direct) | SITA, a multinational IT company that provides services to the air transport industry was the victim of cyberattack that impacted multiple airlines. SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry. The company provides its services to around 400 members and 2,800 customers worldwide, which it claims is about 90% of the world’s airline business. Around the world, nearly […] | Data Breach | ||
|
2021-03-05 14:42:44 | Multiple Airlines Impacted by Data Breach at Aviation IT Firm SITA (lien direct) | SITA, a multinational company that specializes in air transport communications and IT, this week confirmed falling victim to a cyberattack that appears to have impacted multiple airlines around the world. | Data Breach | ||
|
2021-03-05 14:13:45 | SITA data breach affects millions of travelers from major airlines (lien direct) | Passenger data from multiple airlines around the world has been compromised after hackers breached servers belonging to SITA, a global information technology company. [...] | Data Breach | ||
|
2021-03-04 10:36:10 | Maza Russian cybercriminal forum suffers data breach (lien direct) | Forums can be areas to swap illicit tools and data, but they can also be the targets of cyberattackers in their turn. | Data Breach | ||
|
2021-03-04 01:49:19 | (Déjà vu) Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit (lien direct) | Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a data breach after zero-day vulnerabilities in its Accellion File Transfer Appliance (FTA) server were exploited to steal sensitive business documents.
As proof of access to the data, the cybercriminals behind the recent hacks targeting Accellion FTA servers have shared |
Data Breach | ||
 |
2021-03-03 21:15:16 | Malaysia Air Downplays Frequent-Flyer Program Data Breach (lien direct) | A third-party IT provider exposed valuable airline data that experts say could be a goldmine for cybercriminals. | Data Breach |
To see everything:
Our RSS (filtrered)
