What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-04 13:41:58 | Hackers steal StormShield firewall source code in data breach (lien direct) | Leading French cybersecurity company StormShield disclosed that their systems were hacked, allowing a threat actor to access the companies' support ticket system and steal source code for Stormshield Network Security firewall software. [...] | Data Breach Threat Guideline | ||
 |
2021-02-04 10:03:48 | (Déjà vu) 1.4 million Washington unemployment claimants affected by state auditor breach (lien direct) | On Monday, The Washington State Auditor Office disclosed that it had suffered a data breach that exposed the personal information of some 1.4 million employment claimants. It appears that the records became exposed in December, following a data breach of Accellion, a software provider used by the State Auditor Office for the transfer of large […] | Data Breach | ||
|
2021-02-03 22:30:08 | Oxfam Australia investigates data breach after database sold online (lien direct) | Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database belonging on a hacker forum. [...] | Data Breach Threat | ||
 |
2021-02-03 16:18:11 | What should you say if you have a data breach? Catch up with Jason Nurse at Sophos Evolve (lien direct) | Learn why it's way better to rehearse what to say if you suffer a data breach than to make it up as you go along. | Data Breach | ||
|
2021-02-03 10:49:10 | Newspaper speculates Foxtons Group data breach (lien direct) | The i newspaper speculated that Foxtons Group has experienced a data breach, with thousands of customers’ personal and financial data leaked on the dark web. The exclusive news for i claims that Foxtons did not take action when they first found out in January that their customers’ data was available on the dark web following […] | Data Breach | ||
 |
2021-02-03 09:48:00 | Over Three Million US Drivers Exposed in Data Breach (lien direct) | Dealership service provider appears to have been targeted | Data Breach | ||
 |
2021-02-03 06:38:44 | Hackers stole personnel records of software developer Wind River (lien direct) | The global leader of embedded system software Wind River Systems discloses a data breach that resulted in the theft of customers’ personal information. Wind River Systems, a global leader in delivering software for smart connected systems, discloses a data breach. The company claims its technology is found in more than 2 billion products, it develops […] | Data Breach Guideline | ||
|
2021-02-03 03:03:03 | Female escort review site data breach affects 470,000 members (lien direct) | An online community promoting female escorts and reviews of their services has suffered a data breach after a hacker downloaded the site's database. [...] | Data Breach | ||
 |
2021-02-02 18:32:45 | Embedded Software Developer Wind River Discloses Data Breach (lien direct) | Embedded system software provider Wind River Systems has started informing employees of a data breach that resulted in their personal information being stolen by a third party. | Data Breach | ||
|
2021-02-02 13:23:40 | Over 1 Million Impacted by Data Breach at Washington State Auditor (lien direct) | The Office of the Washington State Auditor (SAO) has disclosed a cybersecurity incident in which the personal information of more than 1 million individuals might have been stolen. | Data Breach | ||
|
2021-02-02 11:57:59 | (Déjà vu) 1.6 million Washington unemployment claims exposed in data breach (lien direct) | The Office of the Washington State Auditor (SAO) has experienced a data breach which has resulted in the exposure of 1.6 million employment claims, and the sensitive personal information that they contain. The Washington SAO revealed that a threat actor had exploited a vulnerability in Accellion, a secure file transfer service that helps organisations share […] | Data Breach Vulnerability Threat | ||
 |
2021-02-02 00:00:00 | (Déjà vu) Mélanges clés de la montée des ransomwares en 2020: Ransomware-as-a-service et double extorse. Key Drivers of Rise of Ransomware in 2020: Ransomware-as-a-Service and Double ExtortionThe key drivers in the rise of ransomware have been double extortion and RaaS.Read More (lien direct) |
Ransomware-as-a-Service and Double ExtortionâRansomware has been a known method for cyber attacks for more than 30 years and has significantly evolved within this timespan. The growth in the number of ransomware attacks in 2020 has marked a pivotal milestone in the ransomware evolution. According to a Check Point study, Global Surges in Ransomware Attacks, in Q3 2020 the daily average of ransomware attacks has increased by 50%, and has specifically increased by 98.1% in the United States. Additionally, the average amount of money requested by attackers in Q3 2020 increased by 178% compared to Q4 of 2019. Supporting this trend, Coalitionâs Cyber Insurance Claims Report stated that more than 40% of the cyber incident claims in Q1 and Q2 2020 were due to ransomware attacks. âTaking into account these statistics, Kovrr has conducted research that included monitoring the activity of trending threats actors, the attacks they were involved with and the victims of these operations through 2020. The research included data from various proprietary and third party data sources including leaked data from the dark web. The research revealed that ransomware attacks have evolved in the following two areas:âMethodology - unlike ransomware attacks witnessed in the past, the last half year of 2020 was characterized by adoption of a new attack method which includes - stealing the companyâs data along with encrypting the attacked companyâs data. This practice is also known as âDouble Extortionâ because the attacker not only encrypts the data but also threatens to publish the companyâs stolen data.  Ransomware as - a - service (RaaS) - a method that recently became popular, which enables potential attackers to purchase already existing ransomware and use it for their desired purposes. âKovrr has researched 16 active âdouble extortionâ ransomware attack campaigns in the last year. Of the campaigns studied, 75% use social engineering (phishing emails) to propagate, while 25% of them involve exploiting a vulnerability in remote access software. In order to fully understand the effect of the ransomware campaigns, Kovrr applied the CRIMZON⢠framework to better analyze and report findings of the research. CRIMZON are an easy to use open framework to measure and understand cyber risk exposure that focus on the minimal elements needed to describe cyber risk accumulation. Elements of the CRIMZON include location, industry, and entity size. Applying the CRIMZON framework to the ransomware campaign research found the top 5 CRIMZON exposed were: âUS_NY_I_S [United States_New York_Services_Small Company]GB_I_S [Great Britain_Services_Small Company] CA_I_S [Canada_Services_Small Company] CA_E_S [Canada_Transportation & Communications_Small Company] US_CA_I_S [United States_California_Services_Small Company]âMost of the attacked companies are located in the U.S. (more than 50% of the targets), followed by Canada, the United Kingdom, Germany and France. Within the U.S., the main states affected were California, Texas, Florida and New York. The industries to which most of the attacked companies belong to are Services (20% of the services category is attributed to educational services), Transportation and Communication, and Manufacturing. âThese findings have a significant impact on the cyber insurance market both in terms of rising claim numbers and entity of the amount claimed. The increase in attacks is more concentrated in particular combinations of location, industry, and entity size (CRIMZON), meaning certain CRIMZON are more susceptible to an attack than others. This paper addresses new ransomware trend characteristics by providing an overview of two major ransomware campaigns encountered in the research; provides examples of ways in which a portfolio can be influenced as a result of the wide a | Ransomware Data Breach Tool Vulnerability Threat Prediction | ★★★ | |
|
2021-02-01 16:15:30 | Data breach exposes 1.6 million Washington unemployment claims (lien direct) | Washington's State Auditor office has suffered a data breach that exposed the personal information in 1.6 million employment claims. [...] | Data Breach | ||
 |
2021-02-01 14:21:06 | Florida Medicaid Website Hacked For 7 Rears, Hundreds Of Thousands Affected (lien direct) | Tallahassee-based children Medicaid health plan Florida Healthy Kids Corp. began notifying members on Jan. 27 of a 7-year data breach that exposed the personal information of hundreds of thousands of health plan… | Data Breach | ||
|
2021-01-30 21:37:25 | UScellular data breach: attackers ported customer phone numbers (lien direct) | US wireless carrier UScellular discloses data breach, personal information of customers may have been exposed and their phone numbers ported. US wireless carrier UScellular discloses a data breach that exposed personal information of its customers. United States Cellular Corporation, is the fourth-largest wireless carrier in the United States, with over 4.9 million customers in 426 […] | Data Breach | ||
|
2021-01-29 13:49:51 | USCellular suffers data breach (lien direct) | USCellular has suffered a data breach due to hackers gaining access to their CRM. Once the hackers infiltrated the CRM they were then able to view customers’ accounts and personal data. USCellular stated in a data breach notification filed to the attorney general’s office in Vermont, that the retail store’s employees were victims of a […] | Data Breach | ★★ | |
|
2021-01-29 12:25:41 | Stranded Australians\' Data “unintentionally” Shared (lien direct) | The Australian government admitted to unintentionally sharing sensitive passenger information with one of the department’s consular clients. This data breach occurred on January 24th, in which passenger’s full name, gender, date of birth, email address, passport details (number, expiry, issuing country), Australian citizenship status, phone number, current location, and flight booking reference of those booked […] | Data Breach | ||
 |
2021-01-29 06:56:04 | Sensitive Data Shared with Cloud Services, (Fri, Jan 29th) (lien direct) | Yesterday was the data protection day in Europe[1]. I was not on duty so I'm writing this quick diary a bit late. Back in 2020, the Nitro PDF service suffered from a data breach that impacted many companies around the world. This popular service allows you to create, edit and sign PDF documents. A few days ago, the database leak was released in the wild[2]: 14GB compressed, 77M credentials. | Data Breach | ||
|
2021-01-28 20:07:08 | Threat Modeling and Social Issues (lien direct) | For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now: “Does your organization have a plan in place if one of your employees is accused via Twitter of being an insurrectionist? If your software was being used to spread plans for a riot, could… | Data Breach Threat | ||
|
2021-01-28 18:41:34 | USCellular hit by a data breach after hackers access CRM software (lien direct) | Mobile network operator USCellular suffered a data breach after hackers gained access to its CRM and viewed customers' accounts. [...] | Data Breach | ||
|
2021-01-28 14:08:06 | VIP Games Data Breach Exposes Millions Of Users\' Data (lien direct) | It has been reported that casual gaming provider VIP Games has suffered a data breach, exposing millions of records relating to users of the service. VIP games have more than 20,000 active… | Data Breach | ||
 |
2021-01-28 10:12:36 | Citrix\'s $2.3 million settlement offer for employees impacted by data breach approved (lien direct) | Hackers lurked undetected in company systems for five months. | Data Breach | ||
 |
2021-01-26 12:15:38 | Massive Brazilian Data Breach (lien direct) | I think this is the largest data breach of all time: 220 million people. (Lots more stories are in Portuguese.) | Data Breach | ||
 |
2021-01-25 21:08:02 | 2.28M MeetMindful Daters Compromised in Data Breach (lien direct) | The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download. | Data Breach | ||
|
2021-01-25 18:21:00 | San Francisco Law Firm Investigating PupBox Data Breach (lien direct) | Investigation launched after payment card info of 30k PupBox customers exposed | Data Breach | ||
|
2021-01-25 16:02:44 | Clothing Brand Bonobos Informs Users of Data Breach (lien direct) | Menswear brand Bonobos has started informing customers of a data breach that may have resulted in their personal information getting compromised. | Data Breach | ||
 |
2021-01-25 13:00:00 | Credential Stuffing: AI\'s Role in Slaying a Hydra (lien direct) | One data breach can lead to another. Because so much of the data stolen in breaches ends up for sale on the dark web, a threat actor can purchase authentication credentials — the emails and passwords — of the organization’s employees without having to steal them directly. With that information in hand, threat actors have […] | Data Breach Threat Guideline | ||
|
2021-01-22 14:11:38 | (Déjà vu) Bonobos clothing store suffers a data breach, hacker leaks 70GB database (lien direct) | Bonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information after a cloud backup was downloaded by a threat actor. The corporate systems were not breached by the attacker. [...] | Data Breach Threat | ||
|
2021-01-22 14:11:38 | Bonobos clothing store confirms breach after hacker leaks 70GB database (lien direct) | Bonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information. [...] | Data Breach | ||
|
2021-01-18 20:10:20 | OpenWRT reports data breach after hacker gained access to forum admin account (lien direct) | The OpenWRT wiki, which contains the official download links, was not compromised, the project said. | Data Breach | ||
|
2021-01-18 17:15:00 | Health Insurer Fined $5.1m Over Data Breach (lien direct) | Excellus Health Plan agrees to pay $5.1m to settle HIPAA violation case | Data Breach | ||
|
2021-01-18 13:23:34 | OpenWRT Forum user data stolen in weekend data breach (lien direct) | The administrators of the OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach. [...] | Data Breach | ||
|
2021-01-14 17:04:00 | Hy-Vee Data Breach Settlement Proposed (lien direct) | Victims of months-long Hy-Vee data breach could receive $225 each under proposed settlement | Data Breach | ||
|
2021-01-14 15:26:59 | (Déjà vu) British Airways Subject To Lawsuit After Data Breach – Industry Leader Comments (lien direct) | Following news that British Airways is facing a lawsuit for its failure to protect the personal data in 2018, please see the comment below from cybersecurity experts. Following news that British Airways is facing… The ISBuzz Post: This Post British Airways Subject To Lawsuit After Data Breach – Industry Leader Comments | Data Breach Guideline | ||
|
2021-01-13 19:04:00 | Capcom Data Breach May Have Impacted Extra 40k Customers (lien direct) | Gaming company warns ransomware attack may have compromised data of up to 390k customers | Ransomware Data Breach | ||
|
2021-01-13 14:54:23 | Pfizer COVID-19 Vaccine Data Leaked Online (lien direct) | Following a data breach in December, the European Medicines Agency (EMA) today revealed, that data concerning the Pfizer/BioNTech COVID-19 vaccine, has been leaked online. Fortunately, the EMA has stated that the regulatory network remains fully functional and that any COVID-19 evaluation and approval timelines have not been affected by the breach. The stolen data includes […] | Data Breach | ★★★★ | |
|
2021-01-13 11:31:31 | Expert Reaction On Latest Update On Data Breach At Capcom (lien direct) | It has been reported that a ransomware attack launched against gaming company Capcom last November keeps getting worse. As per company announcement, personal data of up to 400,000 of its… The ISBuzz Post: This Post Expert Reaction On Latest Update On Data Breach At Capcom | Ransomware Data Breach | ||
|
2021-01-12 16:37:31 | Capcom: 390,000 people may be affected by ransomware data breach (lien direct) | Capcom has released a new update for their data breach investigation and state that up to 390,000 people may now be affected by their November ransomware attack. [...] | Ransomware Data Breach | ||
 |
2021-01-12 16:19:12 | Capcom confirms at least 16,000 people affected by Nov. data breach (lien direct) | "Sales reports, financial information, [and] game development documents" also got out. | Data Breach | ||
|
2021-01-12 12:28:43 | New Zealand Reserve Bank breached using bug patched on Xmas Eve (lien direct) | A recent data breach at the Reserve Bank of New Zealand, known as Te Pūtea Matua, was caused by attackers exploiting a critical vulnerability patched the same day. [...] | Data Breach Vulnerability | ||
 |
2021-01-12 11:00:00 | Why cybersecurity awareness is a team sport (lien direct) |
Image Source
This blog was written by an independent guest blogger.
Cybersecurity may be different based on a person's viewpoint. One may want to simply protect and secure their social media accounts from hackers, and that would be the definition of what cybersecurity is to them. On the other hand, a small business owner may want to protect and secure credit card information gathered from their point-of-sale registers and that is what they define as cybersecurity.
Despite differences in implementation, at its core, cybersecurity pertains to the mitigation of potential intrusion of unauthorized persons into your system(s). It should encompass all aspects of one’s digital experience--whether you are an individual user or a company.
Your cyber protection needs to cover your online platforms, devices, servers, and even your cloud storage. Any unprotected area of your digital journey can serve as an exploit point for hackers and cyber criminals intent on finding vulnerabilities.
People assume that it is the responsibility of the IT Department to stop any intrusion. That may be true up to a certain point, cybersecurity responsibility rests with everyone, in reality.
Cybersecurity should be everybody’s business.
The cybersecurity landscape is changing. With 68% of businesses saying that their cybersecurity risks have increased, it is no wonder that businesses have been making increased efforts to protect from, and mitigate attacks.
During the height of the pandemic, about 46% of the workforce shifted to working from home. We saw a surge in cybersecurity attacks - for example, RDP brute-force attacks increased by 400% around the same time.
This is why cybersecurity must be and should be everybody’s business. According to the 2019 Cost of Cybercrime Study, cyberattacks often are successful due to employees willingly participating as an internal actors or or employees and affiliates carelessly clicking a link by accident.
Sadly, it is still happening today. Unsuspecting employees can be caught vulnerable and cause a corporate-wide cyberattack by opening a phishing email or bringing risks into the company’s network in a BYOD (Bring Your Own Device) system.
Just a decade ago, Yahoo experienced a series of major data breaches, via a backdoor to their network system established by a hacker (or a group of hackers). Further digital forensic investigation shows the breach started from a phishing email opened by an employee.
Another example was Equifax when it experienced a data breach in 2017 and was liable for fines amounting to $425 million by the Federal Trade Commission (FTC).
Companies continue to double up on their investments in cybersecurity and privacy protection today to ensure that incidents like these do not happen to their own networks. But a network is only as strong as its weakest link. Hackers continue to innovate, making their attacks more and mo |
Ransomware Data Breach Malware Vulnerability Guideline | Equifax Equifax Yahoo Yahoo | |
|
2021-01-12 10:34:34 | Experts Insight On UN\'s Environmental Program Breach-100K+ Employee Records Leaked (lien direct) | A data breach has been discovered in the United Nations which exposed over 100k of UNEP's staff records. Researchers with Sakura Samurai, an ethical hacking and research group, discovered the… The ISBuzz Post: This Post Experts Insight On UN's Environmental Program Breach-100K+ Employee Records Leaked | Data Breach | ||
|
2021-01-11 23:08:33 | Ubiquiti discloses a data breach (lien direct) | American technology company Ubiquiti Networks is disclosed a data breach and is notifying its customers via email. American technology vendor Ubiquiti Networks suffered a data breach and is sending out notification emails to its customers asking them to change their passwords and enable 2FA for their accounts. The company discovered unauthorized access to some of […] | Data Breach | ||
|
2021-01-11 15:41:51 | Networking giant Ubiquiti alerts customers of potential data breach (lien direct) | Networking device maker Ubiquiti has announced a security incident that may have exposed its customers' data. [...] | Data Breach | ||
|
2021-01-11 01:52:09 | United Nations data breach exposed over 100k UNEP staff records (lien direct) | This week, researchers have responsibly disclosed a vulnerability by exploiting which they could access over 100K private records of United Nations Environmental Programme (UNEP). The data breach stemmed from exposed Git directories which let researchers clone Git repositories and gather PII of a large number of employees. [...] | Data Breach Vulnerability | ||
|
2021-01-10 15:43:43 | New Zealand Reserve Bank suffers data breach via hacked storage partner (lien direct) | The Reserve Bank of New Zealand, known as Te Pūtea Matua, has suffered a data breach after threat actors hacked a third-party hosting partner. [...] | Data Breach Threat | ||
|
2021-01-09 18:55:09 | Dassault Falcon Jet hit by Ragnar Locker ransomware gang (lien direct) | Dassault Falcon Jet has disclosed a data breach that exposed personal information belonging to current and former employees. In December Dassault, Dassault Falcon Jet (DFJ) was the victim of a cyber attack that may have exposed personal information belonging to current and former employees. The data security incident also exposed information belonging to employees’ spouses […] | Ransomware Data Breach | ||
|
2021-01-08 14:04:50 | Dassault Falcon Jet reports data breach after ransomware attack (lien direct) | Dassault Falcon Jet has disclosed a data breach that may have led to the exposure of personal information belonging to current and former employees, as well as their spouses and dependents. [...] | Ransomware Data Breach | ||
 |
2021-01-07 09:18:28 | How to Communicate Application Security Success to Your Executive Leadership (lien direct) |  Over the past several years, there have been many changes to software development and software security, including new and enhanced application security (AppSec) scans and architectural shifts like serverless functions and microservices. But despite these advancements, our recent State of Software Security (SOSS) report found that 76 percent of applications have security flaws. Yet CISOs and application security program owners still find themselves having to justify and defend application security initiatives.
Members of the Veracode Customer Advisory Board (CAB), a group of AppSec professionals in several industries, faced this challenge as well. In response, a working group subset of the CAB collaborated to establish a set of metrics that security professionals can use to establish, drive adoption, and operationalize their application security program. These data points should help inform decisions at different stages of program maturity while answering the basic question: is the application security program effective or not?
How to determine and justify the required resources for an application security program
AppSec managers need a justi?ャ?able AppSec approach and dataset that set parameters around the program, give a starting point, and set up how the program will grow over time. That approach starts with providing evidence that an application security program is necessary and that it will reduce risk.
To show that an AppSec program is necessary, call attention to data points around flaw prevalence in applications (76 percent) or the average cost of a data breach ($3.86 million).
To show that AppSec programs reduce risk, consider stats like the one from our SOSS report that found that organizations scanning for security the most (more than 300 times per year) fix flaws 11.5x faster than organizations scanning the least.
How to determine and prove that development teams are adopting software security practices
AppSec success hinges on development buy-in and engagement. Therefore, proving that your AppSec program is effective requires evidence of developer adoption.
Consider highlighting the rate at which development teams are taking advantage of APIs to integrate security into their processes Then prove that developers are taking the time to fix the identified flaws by showing your developer???s fix rate (the # of findings closed / the # of findings open).
By examining the fix rate, you can see if developers are actively adopting AppSec practices by fixing ??? not just finding ??? vulnerabilities. The fix rate also shows you where additional training or resourcing investment is needed.
How to determine if the application security program is operating efficiently
AppSec programs are meant to be ongoing ??? not a one-off project with an end date. An effective AppSec program is ultimately a component of the software development process, just like QA, and the measures of success need to reflect that.
A key metric here is the correlation between security activities early in the development process and the number of security flaws found in a release candidate or in production. For example, the figure below shows the relationship between security test |
Data Breach Guideline | ||
|
2021-01-05 17:15:29 | Italian mobile operator offers to replace SIM cards after massive data breach (lien direct) | Hackers stole the personal data for 2.5 million Ho Mobile subscribers. | Data Breach |
To see everything:
Our RSS (filtrered)
