What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-03 14:22:31 | Experts Reaction On Malaysia Airlines 9 Years Old Data Breach (lien direct) | Malaysia Airlines reported suffering a data breach compromising information belonging to members of its frequent flyer program. It is believed that the breach occurred roughly nine years ago. The airline… | Data Breach | ||
 |
2021-03-03 11:39:56 | (Déjà vu) Cybersecurity firm Qualys is the latest victim of Accellion hacks (lien direct) | Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. [...] | Data Breach Vulnerability | ||
|
2021-03-03 11:39:56 | Cybersecurity firm Qualys likely latest victim of Accellion hacks (lien direct) | Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. [...] | Data Breach Vulnerability | ||
|
2021-03-02 13:13:36 | Malaysia Airlines discloses a nine-year-long data breach (lien direct) | Malaysia Airlines has suffered a data breach spanning nine years that exposed the personal information of members in its Enrich frequent flyer program. [...] | Data Breach | ||
 |
2021-03-02 11:18:03 | Oxfam Australia supporters embroiled in new data breach (lien direct) | Personal data, including partial payment information, is thought to be included. | Data Breach | ||
|
2021-03-02 10:47:45 | Oxfam Australia confirms data breach after stolen info sold online (lien direct) | Oxfam Australia has confirmed a data breach after suffering a cyberattack and their donor databases put up for sale on a hacker forum in January. [...] | Data Breach | ||
|
2021-03-01 17:35:35 | European e-ticketing platform Ticketcounter extorted in data breach (lien direct) | A Dutch e-Ticketing platform has suffered a data breach after a database was stolen from an unsecured staging server. [...] | Data Breach | ||
|
2021-03-01 11:43:07 | NSW Transport agency extorted by ransomware gang after Accellion attack (lien direct) | The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files. [...] | Ransomware Data Breach Vulnerability | ||
 |
2021-02-27 13:55:31 | T-Mobile customers were hit with SIM swapping attacks (lien direct) | The telecommunications giant T-Mobile disclosed a data breach after some of its customers were apparently affected by SIM swap attacks. The telecommunications provider T-Mobile has disclosed a data breach after it became aware that some of its customers were allegedly victims of SIM swap attacks. Crooks conduct SIM swapping attacks to take control of victims’ […] | Data Breach | ||
|
2021-02-26 15:18:57 | T-Mobile discloses data breach after SIM swapping attacks (lien direct) | American telecommunications provider T-Mobile has disclosed a data breach after an unknown number of customers were apparently affected by SIM swap attacks. [...] | Data Breach | ||
|
2021-02-26 14:41:43 | Data Breach: Turkish legal advising company exposed over 15,000 clients (lien direct) | Data Breach: WizCase team uncovered a massive data leak containing private information about Turkish Citizens through a misconfigured Amazon S3 bucket. The server contained 55,000 court papers regarding over 15,000 legal cases, which affected hundreds of thousands of people. What's Going On? Our online security team has uncovered a massive data breach originating from a misconfigured […] | Data Breach | ||
 |
2021-02-26 11:31:44 | Npower scraps app, and urges customers to change passwords, after data breach (lien direct) | UK energy firm Npower has scrapped its smartphone app following an attack by hackers that saw some users' accounts accessed and personal information stolen. | Data Breach | ||
|
2021-02-26 10:51:33 | Sequoia Capital Discloses Data Breach – Expert Insights (lien direct) | The VC firm Sequoia Capital disclosed an email data breach in a DOJ notice of breach sent to affected individuals. Excerpt: “On or about January 20, 2021, we learned that an unauthorized… | Data Breach | ||
|
2021-02-25 09:36:37 | (Déjà vu) VC giant Sequoia Capital discloses data breach after failed BEC attack (lien direct) | American VC firm Sequoia Capital has disclosed a data breach following what looks like a failed business email compromise (BEC) attack from January. [...] | Data Breach | ||
|
2021-02-25 09:36:37 | VC giant Sequoia discloses data breach after failed BEC attack (lien direct) | American venture capital firm Sequoia has disclosed a data breach following what looks like a failed business email compromise (BEC) attack from January. [...] | Data Breach | ||
 |
2021-02-24 14:17:41 | Kroger data breach highlights urgent need to replace legacy, end-of-life tools (lien direct) | Attackers used an outdated File Transfer Appliance from Accellion to gain access to data, the company said. | Data Breach | ||
 |
2021-02-24 13:30:31 | Dangers of Only Scanning First-Party Code (lien direct) |  When it comes to securing your applications, it???s not unusual to only consider the risks from your first-party code. But if you???re solely considering your own code, then your attack surface is likely bigger than you think.
Our recent State of Software Security report found that 97 percent of the typical Java application is made up of open source libraries. That means your attack surface is exponentially larger than just the code written in-house. Yet a study conducted by Enterprise Strategy Group (ESG) established that less than half of organizations have invested in security controls to scan for open source vulnerabilities.
If the majority of applications are made up of open source libraries, why are most organizations only scanning their first-party code? Because most organizations assume that third-party code was already scanned for vulnerabilities by the library developer. But you can???t base the safety of your applications on assumptions. Our State of Software Security: Open Source Edition report revealed that approximately 42 percent of the third-party code pulled directly by an application developer has a flaw on first scan. And even if the third-party code appears to be free of flaws, more than 47 percent of third-party code has a transitive flaw that???s pulled indirectly from another library in use.
Over the years, several organizations have learned the hard way just how dangerous it is to only scan first-party code.
In 2014, the notorious open source vulnerability ??? Heartbleed ??? occurred. Heartbleed was the result of a flaw in OpenSSL, a third-party library that implemented the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The vulnerability enabled cyberattackers to access over 4.5 million healthcare records from Community Health Systems Inc.
In 2015, there was a critical vulnerability in Glibc, a GNU C library. The open source security vulnerability nicknamed ???Ghost,??? affected all Linux servers and web frameworks such as Python, PHP, Ruby on Rails as well as API web services that use the Glibc library. The vulnerability made it possible for hackers to compromise applications with a man-in-the-middle attack.
In 2017, Equifax suffered a massive data breach from Apache Struts which compromised the data ??? including social security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent.
On the good news front: Close to 74 percent of open source flaws can be fixed with an update like a revision or patch. Even high-priority open source flaws don???t require extensive refactoring of code ??? close to 91 percent can be fixed with an update. Equifax had to pay up to $425 million to help people affected by the data breach that the court deemed ???entirely preventable.??? In fact, it was discovered that the breach could have been avoided with a simple patch to its open source library, Apache Struts.
Don???t become a victim to the monsters lurking in your third-party libraries. Download our whitepaper Accelerating Software Development with Secure Open Source So |
Data Breach Vulnerability | Equifax Equifax | |
|
2021-02-24 09:01:09 | Ransomware gang extorts jet maker Bombardier after Accellion breach (lien direct) | Business jet maker Bombardier is the latest company to suffer a data breach by the Clop ransomware gang after attackers exploited a zero-day vulnerability to steal company data. [...] | Ransomware Data Breach Vulnerability | ||
 |
2021-02-23 12:14:13 | VC Giant Sequoia Capital Informs Investors of Data Breach (lien direct) | Silicon Valley-based venture capital giant Sequoia Capital informed investors last week that their information may have been compromised in a data breach. | Data Breach | ||
|
2021-02-23 10:44:20 | NurseryCam suffers data breach after security concerns raised (lien direct) | A CCTV service designed to let parents remotely watch their children playing at nursery has suffered a data breach after it disputed concerns about its security. | Data Breach | ||
 |
2021-02-23 10:39:56 | Transport for NSW affected by Accellion breach (lien direct) | Accellion systems are used to share and store files by as many as 300 organisations all around the world. Recently, they suffered a data breach following an attack linked to the ransomware gangs, Clop and FIN11. Accellion has claimed that less than 100 customers were affected by the attack, including Transport for New South Wales. […] | Ransomware Data Breach | ||
|
2021-02-22 15:26:49 | Clubhouse suffer a \'data breach\' (lien direct) | Security concerns have recently arisen concerning the popular audio chatroom app Clubhouse. The app’s users privacy policy has been questioned in the past, with the app saying it would take steps to ensure user data could not be accessed by malicious hackers. However, news has broken that the app has now suffered a data breach […] | Data Breach | ||
|
2021-02-22 15:11:51 | Experts Reacted On Retail Giant Kroger Data Breach (lien direct) | It has been reported that Kroger Co. has announced it was among the victims of a data breach involving Accellion’s file-transfer service. The company believed that only 1% of its customers were affected… | Data Breach | ||
|
2021-02-22 13:46:03 | Supermarket Chain Kroger Discloses Data Breach (lien direct) | Grocery and pharmacy chain Kroger has started informing customers and associates of a data breach involving Accellion's file transfer service FTA. The Cincinnati-based retail company operates more than 2,900 locations across 35 states and the District of Columbia, including department stores, hypermarkets, jewelry stores, supermarkets, and superstores. | Data Breach | ||
|
2021-02-20 18:46:39 | Sequoia Capital Venture Capital firm discloses a data breach (lien direct) | Sequoia Capital, one of the most prominent venture capital firms, told its investors that an unauthorized third party had access to their information. Sequoia Capital, one of the most prominent venture capital firms that focus on the technology industry, discloses a data breach. The company informed its investors that an unauthorized third party had access to their […] | Data Breach | ||
|
2021-02-20 12:57:44 | Kroger data breach exposes pharmacy and employee data (lien direct) | Supermarket giant Kroger has suffered a data breach after a service used to transfer files securely was hacked, and threat actors stole files. [...] | Data Breach Threat | ||
|
2021-02-19 17:16:51 | International law firm Jones Day hacked with data posted on dark web (lien direct) | This week, it was confirmed that international law firm Jones Day had data stolen from cybercriminals and is a direct result of the wider data breach suffered by file-sharing service Accellion. The hacker, which goes by the name Clop, had uploaded much of the sensitive information on the dark web which may have included data […] | Data Breach | ||
|
2021-02-19 11:11:34 | Millions of Californian DMV records possibly exposed in breach (lien direct) | The Californian Department of Motor Vehicles (DMV) has suffered a data breach that could have possibly exposed over a year’s worth of data after a third-party contractor was compromised during a cyberattack. During this breach customer addresses and licence plate numbers were exposed, but the DMV has confirmed that social security numbers, birthdates, voter registration, […] | Data Breach | ||
|
2021-02-18 23:02:17 | US cities disclose data breaches after vendor\'s ransomware attack (lien direct) | A ransomware attack against the widely used payment processor ATFS has sparked data breach notifications from numerous cities and agencies within California and Washington. [...] | Ransomware Data Breach | ||
 |
2021-02-18 17:25:00 | California DMV Halts Data Transfers After Vendor Breach (lien direct) | California drivers warned of data breach after Seattle verification company suffers ransomware attack | Ransomware Data Breach | ||
|
2021-02-18 14:38:59 | Expert On Hundreds Of Thousands Immigration And COVID Records Exposed In Jamaica (lien direct) | It has been reported that Jamaica just experienced a massive data breach that exposed the immigration and COVID-19 records of hundreds of thousands of people who visited the island over the… | Data Breach | ||
 |
2021-02-17 18:35:26 | Global Law Firm Attributes Data Breach to Compromise at File Sharing Provider (lien direct) |
An international law firm attributed a data breach to a compromise at a cloud solutions company that provides file-sharing services. According to the Wall Street Journal, a threat actor claimed to have stolen data from global law firm Jones Day and published that information on the dark web. |
Data Breach Threat | ||
|
2021-02-17 17:31:00 | Jones Day Denies Network Breach (lien direct) | America's tenth-largest law firm says its network was not compromised following Accellion data breach | Data Breach | ||
 |
2021-02-17 06:01:00 | What is an incident response plan? Reviewing common IR templates, methodologies (lien direct) | This article was written by an independent guest author. In today’s threat landscape, it’s no longer if an incident will happen, it’s when. Defending your organization and having a plan for what to do if an incident occurs is more critical than ever. And frankly, the benefits of having an incident response plan are quantifiable. Ponemon’s Cost of a Data Breach Report compared organizations boasting robust security Incident Response (IR) capabilities with those that do not. Well-prepared businesses reported less breach-related costs by an average of about $2 million USD. What is an incident response plan? An Incident Response Plan (IRP) serves as a blueprint, outlining the steps to be followed when responding to a security incident. Think of the IRP as a set of guidelines and processes your security team can follow so threats can be identified, eliminated, and recovered from. It is an essential tool for minimizing damage caused by threats, such as data loss, loss of customer trust, or abuse of resources. With a robust IRP, your company’s team can respond quickly and more efficiently against any type of threat. No matter what type of attack an organization faces, all cyberattacks require incident response. The best scenarios are those in which sufficient preventive measures are in place, including threat detection and intelligence integration tools. For organizations looking to get started with an IRP, there are many templates and frameworks available. Two industry standard incident response frameworks are the National Institute of Standards and Technology (NIST) framework and the SysAdmin, Audit, Network, and Security (SANS) institute framework. We’ve compared the SANS and NIST frameworks here. Whichever playbook, template or framework you choose, make sure you have the right team in place and are prepared to dedicate the time and resources to this critical organizational process. Who should carry out an incident response plan? While a robust incident response plan is incredibly important, having the right people with the relevant skillsets to execute the plans is equally crucial. To handle a cybersecurity incident effectively, your company should have an incident response team in place. In some organizations, it’s called a Computer Security Incident Response Team (CSIRT) and others may refer to it as a Security Incident Response Team (SIRT) or Computer Incident Response Team (CIRT). The team’s mission is to execute on the incident response plan as soon as an incident is discovered. The incident response team is divided into several groups, each playing a key role in mitigating an incident's potential damage. The team should be comprised of technical and non-technical people who can work together to identify, manage, eradicate and recover from any threat. They are responsible for collecting, analyzing and taking action based on incident data and information, and well as communicating with other stakeholders in the organization and critical third parties, including press, legal, affected customers and law enforcement. The best-prepared CSIRTs should include the following specialized teams: The Security Operations Centers (SOC), | Data Breach Tool Threat | ★★★★★ | |
|
2021-02-15 14:20:03 | 3.2 billion emails and passwords leaked in data breach (lien direct) | Over 3.2 billion email addresses and paired passwords have been posted online in what is being called one of the biggest breaches of all time. The database of passwords and emails are thought to have been compiled following data breaches carries out on various platforms, such as Netflix, Gmail, LinkedIn and many more. According to […] | Data Breach | ||
 |
2021-02-12 20:39:52 | (Déjà vu) Yandex Employee Caught Selling Access to Users\' Email Inboxes (lien direct) | Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users.
The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for personal gain.
"The employee was one of three system administrators with the necessary access |
Data Breach | ||
 |
2021-02-12 20:17:10 | Yandex Data Breach Exposes 4K+ Email Accounts (lien direct) | In a security notice, Yandex said an employee had been providing unauthorized access to users' email accounts “for personal gain.” | Data Breach | ||
|
2021-02-12 11:02:37 | (Déjà vu) Yandex suffers data breach after sysadmin sold access to user emails (lien direct) | Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. [...] | Data Breach | ||
|
2021-02-10 12:36:31 | Investor data breach \'fatigue\' reduces Wall Street punishment for cybersecurity failures (lien direct) | As data breaches are now common, acceptance now lessens the impact on share prices. | Data Breach | ||
|
2021-02-10 04:45:25 | Antivirus Firm Emsisoft Discloses Data Breach (lien direct) | Antivirus solutions provider Emsisoft revealed last week that a third-party had accessed a publicly exposed database containing technical logs. | Data Breach | ||
 |
2021-02-09 13:00:00 | Cloud Security Considerations to Watch Out for During Mergers and Acquisitions (lien direct) | Staying vigilant through each phase of a mergers and acquisitions (M&A) process can help businesses overcome cloud threats. Threat actors have hit victims during M&As in the past, such as the data breach that affected more than 500 million customers in 2018. Such cases force businesses to look into data exposure before and after M&As, […] | Data Breach Threat | ★★★★ | |
|
2021-02-08 18:12:00 | Law Firm Data Breach Impacts UPMC Patients (lien direct) | PHI of more than 36k UPMC patients may have been exposed following attack on law firm | Data Breach | ||
|
2021-02-08 14:00:25 | Web Developer Hub SitePoint Discloses Data Breach (lien direct) | Web development resources provider SitePoint has notified users of a data breach that resulted in some of their information being stolen. Based in Melbourne, Australia, and established more than two decades ago, SitePoint provides users with access to tutorials and books that can help them learn the basics of web development. | Data Breach | ||
|
2021-02-07 10:44:34 | Web developers SitePoint discloses a data breach (lien direct) | The website, and publisher of books, courses and articles for web developers, SitePoint discloses a data breach that impacted 1M users. SitePoint is an Australian-based website, and publisher of books, courses and articles for web developers. The company has disclosed a data breach and notified its users via email. Threat actors offered for sale an archive containing […] | Data Breach Threat | ||
|
2021-02-05 20:31:39 | Webdev tutorials site SitePoint discloses data breach (lien direct) | SitePoint admits data breach after one million user creds were sold on a hacking forum last December. | Data Breach | ||
|
2021-02-05 13:30:00 | BA Data Breach Victims Granted Extension to File Claims (lien direct) | Breach victims who have not filed their claim encouraged to do so | Data Breach | ||
|
2021-02-05 12:34:09 | SitePoint discloses data breach after stolen info used in attacks (lien direct) | The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum. [...] | Data Breach | ||
|
2021-02-05 10:22:03 | Foxtons Group hack: database of stolen data for sale on the dark web (lien direct) | British estate agency Foxtons Group suffered a major data breach in October last year, which enabled attackers to exfiltrate a database of personal and financial information. The personal identifiable information was then uploaded on dark web forums, where evidence suggests it was accessed over 15,073 times. According to iNews, Foxtons Group was informed by the […] | Data Breach | ||
|
2021-02-04 20:58:19 | Expert Commentary: Several Thousand Addresses Leaked In FHKC Insurance Data Breach (lien direct) | The Florida Healthy Kids Corporation (FHKC), a US provider of children's health insurance, data breach which exposed the addresses of several thousands of who applied for or renewed insurance coverage online… | Data Breach | ||
|
2021-02-04 15:42:15 | Airbus CyberSecurity Subsidiary Stormshield Discloses Data Breach (lien direct) | Stormshield, a wholly-owned subsidiary of France-based cybersecurity company Airbus CyberSecurity, has disclosed a data breach that resulted in source code and customer information getting compromised. | Data Breach |
To see everything:
Our RSS (filtrered)
