This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T10:26:28+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch Data on more than 830K people exposed in the 2021 cyberattack.]]> 2023-05-11T18:20:00+00:00 https://www.darkreading.com/attacks-breaches/north-korean-hackers-behind-hospital-data-breach-in-seoul www.secnews.physaphae.fr/article.php?IdArticle=8335719 False Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform. [...]]]> 2023-05-11T16:25:25+00:00 https://www.bleepingcomputer.com/news/security/brightly-warns-of-schooldude-data-breach-exposing-credentials/ www.secnews.physaphae.fr/article.php?IdArticle=8335733 False Data Breach None 2.0000000000000000 Dark Reading - Informationweek Branch Food distribution company first learned of the cyberattack in March 2023.]]> 2023-05-10T18:00:00+00:00 https://www.darkreading.com/attacks-breaches/sysco-data-breach-exposes-customer-employee-data www.secnews.physaphae.fr/article.php?IdArticle=8335391 False Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain Sysco, a leading global food distribution company, has confirmed that its network was breached earlier this year by attackers who stole sensitive information, including business, customer, and employee data. [...]]]> 2023-05-09T15:47:42+00:00 https://www.bleepingcomputer.com/news/security/food-distribution-giant-sysco-warns-of-data-breach-after-cyberattack/ www.secnews.physaphae.fr/article.php?IdArticle=8334937 False Data Breach None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #19  |   May 9th, 2023 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages. "Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area." The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner. A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks. This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them. Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture. Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist, ]]> 2023-05-09T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-19-watch-your-back-new-fake-chrome-update-error-attack-targets-your-users www.secnews.physaphae.fr/article.php?IdArticle=8334782 False Ransomware,Data Breach,Spam,Malware,Tool,Threat,Prediction NotPetya,NotPetya,APT 28,ChatGPT,ChatGPT 2.0000000000000000 Dark Reading - Informationweek Branch BlackCat ransomware operators reportedly stole the sensitive data.]]> 2023-05-08T20:00:00+00:00 https://www.darkreading.com/application-security/1m-nextgen-healthcare-patient-records-stolen- www.secnews.physaphae.fr/article.php?IdArticle=8334408 False Ransomware,Data Breach None 2.0000000000000000 Dark Reading - Informationweek Branch The motivations of an attacker help establish what protections to put into place to protect assets.]]> 2023-05-08T16:29:00+00:00 https://www.darkreading.com/edge-articles/why-the-why-of-a-data-breach-matters www.secnews.physaphae.fr/article.php?IdArticle=8334312 False Data Breach None 2.0000000000000000 SecurityWeek - Security News NextGen Healthcare is informing roughly 1 million individuals that their personal information was compromised in a data breach.

---

>NextGen Healthcare is informing roughly 1 million individuals that their personal information was compromised in a data breach. ]]> 2023-05-08T10:52:53+00:00 https://www.securityweek.com/1-million-impacted-by-data-breach-at-nextgen-healthcare/ www.secnews.physaphae.fr/article.php?IdArticle=8334250 False Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack. [...]]]> 2023-05-07T12:10:45+00:00 https://www.bleepingcomputer.com/news/security/western-digital-says-hackers-stole-customer-data-in-march-cyberattack/ www.secnews.physaphae.fr/article.php?IdArticle=8334131 False Data Breach None 2.0000000000000000 Dark Reading - Informationweek Branch Tell other CISO\'s "you got a break," judge says in handing down a three-year probation sentence to Joseph Sullivan.]]> 2023-05-05T18:53:00+00:00 https://www.darkreading.com/attacks-breaches/judge-spares-former-uber-ciso-jail-time-over-2016-data-breach-charges www.secnews.physaphae.fr/article.php?IdArticle=8333852 False Data Breach Uber,Uber 2.0000000000000000 SecurityWeek - Security News L'ancien chef de la sécurité d'Uber, Joe Sullivan, a été condamné à la probation et au service communautaire pour couvrir la violation des données subie par le géant du covoiturage en 2016.

---

>Former Uber security chief Joe Sullivan was sentenced to probation and community service for covering up the data breach suffered by the ride-sharing giant in 2016. ]]> 2023-05-05T00:35:45+00:00 https://www.securityweek.com/former-uber-cso-joe-sullivan-avoids-prison-time-over-data-breach-cover-up/ www.secnews.physaphae.fr/article.php?IdArticle=8333654 False Data Breach Uber,Uber 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) IT and cybersecurity teams are so inundated with security notifications and alerts within their own systems, it\'s difficult to monitor external malicious environments – which only makes them that much more threatening.  In March, a high-profile data breach hit national headlines when personally identifiable information connected to hundreds of lawmakers and staff was leaked on the dark web. The]]> 2023-05-04T16:45:00+00:00 https://thehackernews.com/2023/05/why-things-you-dont-know-about-dark-web.html www.secnews.physaphae.fr/article.php?IdArticle=8333428 False Data Breach,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain Pediatric mental health provider Brightline is warning patients that it suffered a data breach impacting 783,606 people after a ransomware gang stole data using a zero-day vulnerability in its Fortra GoAnywhere MFT secure file-sharing platform. [...]]]> 2023-05-03T10:33:29+00:00 https://www.bleepingcomputer.com/news/security/brightline-data-breach-impacts-783k-pediatric-mental-health-patients/ www.secnews.physaphae.fr/article.php?IdArticle=8333169 False Ransomware,Data Breach,Vulnerability None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC OT cybersecurity, an emerging area geared toward safeguarding industrial control systems (ICS) at the core of critical infrastructure entities. Vulnerability testing, in turn, aims to pinpoint flaws in software and helps understand how to address them. Bug bounty programs are usually limited to mobile or web applications and may or may not match a real intruder’s behavior model. In addition, the objective of a bug bounty hunter is to find a vulnerability and submit a report as quickly as possible to get a reward rather than investigating the problem in depth. BAS is the newest technique on the list. It follows a “scan, exploit, and repeat” logic and pushes a deeper automation agenda, relying on tools that execute the testing with little to no human involvement. These projects are continuous by nature and generate results dynamically as changes occur across the network. By and large, there are two things that set pentesting aside from adjacent security activities. Firstly, it is done by humans and hinges on manual offensive tactics, for the most part. Secondly, it always presupposes a comprehensive assessment of the discovered security imperfections and prioritization of the fixes based on how critical the vulnerable infrastructure components are. Choosing a penetration testing team worth its salt Let’s zoom into what factors to consider when approaching companies in this area, how to find professionals amid eye-catching marketing claims, and what pitfalls this process may entail. As a rule, the following criteria are the name of t]]> 2023-05-03T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/looking-at-a-penetration-test-through-the-eyes-of-a-target www.secnews.physaphae.fr/article.php?IdArticle=8333063 False Data Breach,Tool,Vulnerability,Threat,Industrial None 2.0000000000000000 Dark Reading - Informationweek Branch Hundreds of customers are at risk of identity theft after the mobile communication company faces its second breach of the year.]]> 2023-05-02T20:00:00+00:00 https://www.darkreading.com/attacks-breaches/t-mobile-experiences-another-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8332941 False Data Breach None 2.0000000000000000 SecurityWeek - Security News L'opérateur sans fil T-Mobile affirme que les informations personnelles d'un petit nombre de personnes ont été exposées dans une violation récente de données.

---

>Wireless carrier T-Mobile says the personal information of a small number of individuals was exposed in a recent data breach. ]]> 2023-05-02T11:30:40+00:00 https://www.securityweek.com/t-mobile-says-personal-information-stolen-in-new-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8332807 False Data Breach None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Although this breach only affected 1,000 customers as opposed to the 37 million affected by the previous one, T-Mobile US Inc. disclosed another data breach, its second disclosed breach in 2023. This is the eighth data breach since 2018. 836 customers were impacted by the most recent data breach, which was found in March. T-Mobile […]]]> 2023-05-02T08:25:26+00:00 https://informationsecuritybuzz.com/t-mobile-data-breach-the-second/ www.secnews.physaphae.fr/article.php?IdArticle=8332730 False Data Breach None 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism Hack affecting 836 subscribers, lasted for more than a month before it was discovered.]]> 2023-05-01T23:40:36+00:00 https://arstechnica.com/?p=1935885 www.secnews.physaphae.fr/article.php?IdArticle=8332670 False Data Breach,Hack None 2.0000000000000000 Bleeping Computer - Magazine Américain T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds of customers for more than a month, starting late February 2023. [...]]]> 2023-05-01T13:28:16+00:00 https://www.bleepingcomputer.com/news/security/t-mobile-discloses-second-data-breach-since-the-start-of-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8332584 False Data Breach None 2.0000000000000000 SecurityWeek - Security News Les poursuites intentées contre des sociétés qui ont subi une violation de données sont de plus en plus courantes, les mesures étant prises même pour les incidents affectant moins de 1 000 personnes.

---

>Lawsuits filed against companies that have suffered a data breach are increasingly common, with action being taken even for incidents affecting less than 1,000 people. ]]> 2023-05-01T10:56:45+00:00 https://www.securityweek.com/companies-increasingly-hit-with-data-breach-lawsuits-law-firm/ www.secnews.physaphae.fr/article.php?IdArticle=8332519 False Data Breach None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC It\'s important to understand that not all risks are created equal. While detection and incident response are critical, addressing risks that can be easily and relatively inexpensively mitigated is sensible. By eliminating the risks that can be controlled, considerable resources can be saved that would otherwise be needed to deal with a successful attack. Automation is the future of cybersecurity and incident response management. Organizations can rely on solutions that can automate an incident response protocol to help eliminate barriers, such as locating incident response plans, communicating roles and tasks to response teams, and monitoring actions during and after the threat. Establish Incident Response support before an attack In today’s rapidly changing threat environment, consider an Incident Response Retainer service which can help your organization with a team of cyber crisis specialists on speed dial, ready to take swift action. Choose a provider who can help supporting your organization at every stage of the incident response life cycle, from cyber risk assessment through remediation and recovery. Effective cybersecurity strategies are the first step in protecting your business against cybercrime. These strategies should include policies and procedures that can be used to identify and respond to potential threats and guidance on how to protect company data best. Outlining the roles and responsibilities of managing cybersecurity, especially during an economic downturn, is also essential. Managing vulnerabilities continues to be a struggle for many organizations today. It\'s essential to move from detecting vulnerabilities and weaknesses to remediation. Cybersecurity training is also crucial, as employees unaware of possible risks or failing to follow security protocols can leave the business open to attack. All employees must know how to identify phishing and follow the principle of verifying requests before trusting them. Penetration testing is an excellent way for businesses to reduce data breach risks, ensure compliance, and assure their supplier network that they are proactively safeguarding sensitive information. Successful incident response requires collaboration across an organization\'s internal and external parties. A top-down approach where senior leadership encourages a strong security culture encourages every department to do their part to support in case of an incident. Responding to a cloud incident requires understanding the differences between your visibility and control with on-premises resources and what you have in the cloud, which is especially important given the prevalence of hybrid models. Protective cybersecurity measures are essential for businesses, especially during economic downturns. By prioritizing cybersecurity, companie]]> 2023-04-25T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/improving-your-bottom-line-with-cybersecurity-top-of-mind www.secnews.physaphae.fr/article.php?IdArticle=8330871 False Data Breach,Threat,Cloud None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes de cyber-recherche pour la semaine du 24 avril, veuillez télécharger nos principales attaques de menace_ingence et violation de l'American Bar Association (ABA), la plus grande association mondiale d'avocats et de professionnels du droit, a subi une violation de données avec les pirates qui gagnentAccès aux anciennes références de 1 466 000 membres.La brèche a été d'abord [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 24th April, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES The American Bar Association (ABA), the largest global association of lawyers and legal professionals, has suffered a data breach with hackers gaining access to older credentials of 1,466,000 members. The breach was first […] ]]> 2023-04-24T16:06:53+00:00 https://research.checkpoint.com/2023/24th-april-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8330625 False Data Breach,Threat None 2.0000000000000000 SecurityWeek - Security News Un administrateur de haut niveau avec la bourse d'assurance maladie de Washington \\ s'est excusé auprès des membres de la Chambre mercredi pour la violation de données qui a entraîné la divulgation d'informations personnelles pour des milliers d'utilisateurs.

---

>A top administrator with Washington\'s health insurance exchange apologized to House members on Wednesday for the data breach that resulted in the disclosure of personal information for thousands of users. ]]> 2023-04-21T10:50:33+00:00 https://www.securityweek.com/house-committee-hears-testimony-on-dc-health-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8329894 False Data Breach None 2.0000000000000000 SecurityWeek - Security News Capita a finalement confirmé que les pirates ont volé des données après que le groupe Black Basta Ransomware a proposé de vendre des informations prétendument volées à la société.

---

>Capita finally confirmed that hackers stole data after the Black Basta ransomware group offered to sell information allegedly stolen from the company. ]]> 2023-04-21T10:40:48+00:00 https://www.securityweek.com/capita-confirms-data-breach-after-ransomware-group-offers-to-sell-stolen-information/ www.secnews.physaphae.fr/article.php?IdArticle=8329895 False Ransomware,Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members. [...]]]> 2023-04-21T09:56:10+00:00 https://www.bleepingcomputer.com/news/security/american-bar-association-data-breach-hits-14-million-members/ www.secnews.physaphae.fr/article.php?IdArticle=8329940 False Data Breach None 2.0000000000000000 Dark Reading - Informationweek Branch The sensitivity of the personal information involved in the breach has yet to be determined by agency officials, but it affects 256,000 consumers.]]> 2023-04-20T20:30:00+00:00 https://www.darkreading.com/attacks-breaches/major-us-cfpb-data-breach-employee www.secnews.physaphae.fr/article.php?IdArticle=8329787 False Data Breach None 2.0000000000000000 Recorded Future - FLux Recorded Future Le Consumer Financial Protection Bureau (CFPB) a confirmé jeudi une violation de données impliquant les informations personnelles de «environ 256 000 comptes de consommation dans une seule institution».Un responsable de la CFPB a déclaré à Future News enregistré qu'il avait découvert qu'un ancien employé avait envoyé des dossiers confidentiels à son compte de messagerie personnel dans 14 e-mails différents.L'employé

---

The Consumer Financial Protection Bureau (CFPB) confirmed a data breach on Thursday involving the personal information of “roughly 256,000 consumer accounts at a single institution.” An official at the CFPB told Recorded Future News that they discovered that a former employee sent confidential records to their personal email account in 14 different emails. The employee]]> 2023-04-20T17:38:00+00:00 https://therecord.media/cfpb-employee-sent-confidential-information-to-personal-email www.secnews.physaphae.fr/article.php?IdArticle=8329743 False Data Breach None 2.0000000000000000 SecurityWeek - Security News La récente violation de données d'informations personnelles pour des milliers d'utilisateurs de Washington D.C. \'s Health Insurance Exchange, y compris les membres du Congrès, a été causée par une erreur humaine de base

---

>The recent data breach of personal information for thousands of users of Washington D.C.\'s health insurance exchange, including members of Congress, was caused by basic human error ]]> 2023-04-20T08:52:03+00:00 https://www.securityweek.com/dc-health-link-data-breach-blamed-on-human-error/ www.secnews.physaphae.fr/article.php?IdArticle=8329605 False Data Breach None 2.0000000000000000 ZoneAlarm - Security Firm Blog Kodi, le logiciel populaire du lecteur multimédia, a récemment confirmé une violation de données qui a eu un impact sur environ 400 000 utilisateurs.La violation des utilisateurs exposés & # 8217;Des informations personnelles telles que les noms d'utilisateur, les adresses e-mail et les mots de passe, ainsi que leurs messages privés.La violation a été causée par une vulnérabilité dans le logiciel du forum MYBB, que Kodi a utilisé pour héberger son & # 8230;

---

>Kodi, the popular media player software, has recently confirmed a data breach that has impacted around 400,000 users. The breach exposed users’ personal information such as usernames, email addresses, and passwords, as well as their private messages. The breach was caused by a vulnerability in the MyBB forum software, which Kodi used to host its … ]]> 2023-04-18T13:57:19+00:00 https://blog.zonealarm.com/2023/04/kodi-confirms-data-breach-over-400k-user-accounts-compromised/ www.secnews.physaphae.fr/article.php?IdArticle=8328938 False Data Breach,Vulnerability None 2.0000000000000000 SecurityWeek - Security News L'affinité du développeur de logiciels créatives basée au Royaume-Uni a récemment informé les 175 000 utilisateurs de son forum de violation de données survenue le 6 avril

---

>UK-based creative software developer Affinity recently informed the 175,000 users of its forum of a data breach that occurred on April 6. ]]> 2023-04-18T08:24:00+00:00 https://www.securityweek.com/creative-software-maker-affinity-informs-customers-of-forum-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8328845 False Data Breach None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Open source media player software provider Kodi has confirmed a data breach after threat actors stole the company\'s MyBB forum database containing user data and private messages. What\'s more, the unknown threat actors attempted to sell the data dump comprising 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace. "MyBB admin logs show the account of a trusted but currently]]> 2023-04-14T15:52:00+00:00 https://thehackernews.com/2023/04/kodi-confirms-data-breach-400k-user.html www.secnews.physaphae.fr/article.php?IdArticle=8327742 False Data Breach,Threat None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite After hackers stole the Kodi Foundation’s MyBB forum database, which contained user information and private messages, and made an attempt to sell it online, the organization disclosed the Kodi data breach. Open-source, cross-platform Kodi is a media player, organizer, and streaming suite that allows users to access content from various sources and personalize their viewing. […]]]> 2023-04-14T14:35:40+00:00 https://informationsecuritybuzz.com/kodi-data-breach-hits-users-records-private-messages/ www.secnews.physaphae.fr/article.php?IdArticle=8327801 False Data Breach None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The breach was due to an attack on a contractor\'s computer systems]]> 2023-04-13T16:30:00+00:00 https://www.infosecurity-magazine.com/news/20000-iowa-medicaid-members-data/ www.secnews.physaphae.fr/article.php?IdArticle=8327506 False Data Breach None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Hyundai Notifies Vehicle Owners in France and Italy of Data Breach. Hyundai, a South Korean multinational automaker that sells over 500,000 automobiles a year throughout Europe, has announced a data breach that has affected car owners in France and Italy. The company has warned that a hacker got unlawful access to the personal information of […]]]> 2023-04-13T14:08:30+00:00 https://informationsecuritybuzz.com/hyundai-data-breach-france-italy-reveals-car-owners/ www.secnews.physaphae.fr/article.php?IdArticle=8327461 False Data Breach None 2.0000000000000000 SecurityWeek - Security News Le fabricant de lecteur multimédia Kodi a commencé à reconstruire son forum utilisateur après que les pirates ont volé des bases de données contenant des publications d'utilisateurs, des messages et des informations d'identification de connexion.

---

>Media player maker Kodi has started rebuilding its user forum after hackers stole databases containing user posts, messages, and login credentials. ]]> 2023-04-12T13:29:28+00:00 https://www.securityweek.com/400000-users-hit-by-data-breach-at-media-player-maker-kodi/ www.secnews.physaphae.fr/article.php?IdArticle=8327084 False Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain Hyundai has disclosed a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data. [...]]]> 2023-04-12T10:55:52+00:00 https://www.bleepingcomputer.com/news/security/hyundai-data-breach-exposes-owner-details-in-france-and-italy/ www.secnews.physaphae.fr/article.php?IdArticle=8327095 False Data Breach None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite A notice of security breach to warn the public has been filled by a Yum! Brands, Inc., the parent company of KFC, Pizza Hut, Taco Bell, and The Habit Burger Grills. Based on a cybersecurity incident that happened in mid-January 2023 and affected people’s personal information. Notwithstanding the fact that some data had been taken […]]]> 2023-04-11T13:48:31+00:00 https://informationsecuritybuzz.com/yum-brands-report-data-breach-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8326662 False Ransomware,Data Breach None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #15  |   April 11th, 2023 [The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams The Federal Trade Commission is alerting consumers about a next-level, more sophisticated family emergency scam that uses AI which imitates the voice of a "family member in distress." They started out with: "You get a call. There\'s a panicked voice on the line. It\'s your grandson. He says he\'s in deep trouble - he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You\'ve heard about grandparent scams. But darn, it sounds just like him. How could it be a scam? Voice cloning, that\'s how." "Don\'t Trust The Voice" The FTC explains: "Artificial intelligence is no longer a far-fetched idea out of a sci-fi movie. We\'re living with it, here and now. A scammer could use AI to clone the voice of your loved one. All he needs is a short audio clip of your family member\'s voice - which he could get from content posted online - and a voice-cloning program. When the scammer calls you, he\'ll sound just like your loved one. "So how can you tell if a family member is in trouble or if it\'s a scammer using a cloned voice? Don\'t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs. If you can\'t reach your loved one, try to get in touch with them through another family member or their friends." Full text of the alert is at the FTC website. Share with friends, family and co-workers:https://blog.knowbe4.com/the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams A Master Class on IT Security: Roger A. Grimes Teaches Ransomware Mitigation Cybercriminals have become thoughtful about ransomware attacks; taking time to maximize your organization\'s potential damage and their payoff. Protecting your network from this growing threat is more important than ever. And nobody knows this more than Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4. With 30+ years of experience as a computer security consultant, instructor, and award-winning author, Roger has dedicated his life to making]]> 2023-04-11T13:16:54+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-15-the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams www.secnews.physaphae.fr/article.php?IdArticle=8326650 False Ransomware,Data Breach,Spam,Malware,Hack,Tool,Threat ChatGPT,ChatGPT 2.0000000000000000 Bleeping Computer - Magazine Américain The Kodi Foundation has disclosed a data breach after hackers stole the organization\'s MyBB forum database containing user data and private messages and attempted to sell it online. [...]]]> 2023-04-11T12:31:09+00:00 https://www.bleepingcomputer.com/news/security/kodi-discloses-data-breach-after-forum-database-for-sale-online/ www.secnews.physaphae.fr/article.php?IdArticle=8326719 False Data Breach None 2.0000000000000000 knowbe4 - cybersecurity services 2023-04-11T12:00:00+00:00 https://blog.knowbe4.com/free-tool-securitycoach-free-preview www.secnews.physaphae.fr/article.php?IdArticle=8326601 False Data Breach,Hack None 2.0000000000000000 SecurityWeek - Security News La société mère de KFC et Taco Bell, Yum Brands, affirme que les informations personnelles ont été compromises dans une attaque de ransomware de janvier 2023.

---

>KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack. ]]> 2023-04-11T10:19:49+00:00 https://www.securityweek.com/yum-brands-discloses-data-breach-following-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8326600 False Ransomware,Data Breach None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Yum! Brands warns of fallout from January incident]]> 2023-04-11T09:10:00+00:00 https://www.infosecurity-magazine.com/news/kfc-owner-discloses-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8326564 False Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain Yum! Brands, the brand owner of the KFC, Pizza Hut, and Taco Bell fast food chains, is now sending data breach notification letters to an undisclosed number of individuals whose personal information was stolen in a January 13 ransomware attack. [...]]]> 2023-04-10T14:23:40+00:00 https://www.bleepingcomputer.com/news/security/kfc-pizza-hut-owner-discloses-data-breach-after-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8326405 False Ransomware,Data Breach None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Here is the rundown of news and events that happened this week in the world of cybersecurity. TMX Financial Reveals 4.8 Million Persons Affected By Data Breach TMX Finance, an American consumer loan company, announced a major data breach three months ago. The Savannah, Georgia-based corporation informed the Maine Attorney General that the breach likely […]]]> 2023-04-08T14:09:45+00:00 https://informationsecuritybuzz.com/review-of-news-and-events-happened-this-week/ www.secnews.physaphae.fr/article.php?IdArticle=8326040 False Data Breach None 2.0000000000000000 Dark Reading - Informationweek Branch The company behind digital storage brand SanDisk says its systems were compromised on March 26.]]> 2023-04-03T19:15:00+00:00 https://www.darkreading.com/attacks-breaches/security-breach-strikes-western-digital www.secnews.physaphae.fr/article.php?IdArticle=8324450 False Data Breach None 2.0000000000000000 knowbe4 - cybersecurity services 2023-04-03T18:32:00+00:00 https://blog.knowbe4.com/latitude-breach-aftermath www.secnews.physaphae.fr/article.php?IdArticle=8324435 False Data Breach,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Data storage devices maker Western Digital on Monday disclosed a "network security incident" that involved unauthorized access to its systems. The breach is said to have occurred on March 26, 2023, enabling an unnamed third party to gain access to a "number of the company\'s systems." Following the discovery of the hack, Western Digital said it has initiated incident response efforts and enlisted]]> 2023-04-03T17:11:00+00:00 https://thehackernews.com/2023/04/western-digital-hit-by-network-security.html www.secnews.physaphae.fr/article.php?IdArticle=8324351 False Data Breach,General Information None 2.0000000000000000 Recorded Future - FLux Recorded Future Le géant du stockage de données Western Digital a déclaré que les pirates ont eu accès à ses systèmes et aux données de l'entreprise dans une cyberattaque en cours qui a commencé la semaine dernière.Dans un communiqué publié lundi matin, la société a déclaré que son équipe informatique avait initialement découvert l'incident de sécurité du réseau le 26 mars. Les pirates ont pu voler des données, la déclaration

---

Data storage giant Western Digital said hackers have gained access to its systems and company data in an ongoing cyberattack that began last week. In a statement released Monday morning, the company said its IT team initially discovered the network security incident on March 26. The hackers have been able to steal data, the statement]]> 2023-04-03T14:42:00+00:00 https://therecord.media/western-digital-cyberattack-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8324369 False Data Breach None 2.0000000000000000 Recorded Future - FLux Recorded Future Capita, la plus grande entreprise d'externalisation du Royaume-Uni, a confirmé lundi qu'une panne informatique qui a laissé le personnel enfermé de leurs comptes vendredi était causée par «un cyber-incident».Le personnel tentant de se connecter a été informé à tort que leurs mots de passe habituels étaient «incorrects» selon [Reports] (https://www.theguardian.com/business/2023/mar/31/capita-it-systems-fail-cyber-attack-NHS-Fears), alimentant les spéculations selon lesquelles une cyberattaque était à blâmer, mais pas toutes

---

Capita, the United Kingdom\'s largest outsourcing company, confirmed Monday that an IT outage which left staff locked out of their accounts on Friday was caused by “a cyber incident.” Staff attempting to login were erroneously told their usual passwords were “incorrect” according to [reports](https://www.theguardian.com/business/2023/mar/31/capita-it-systems-fail-cyber-attack-nhs-fears), fueling speculation that a cyberattack was to blame, although not all]]> 2023-04-03T12:20:00+00:00 https://therecord.media/capita-cyber-incident-uk-defense-contractor www.secnews.physaphae.fr/article.php?IdArticle=8324348 False Data Breach,General Information None 2.0000000000000000 SecurityWeek - Security News Western Digital shuts down several of its services after discovering a network security breach. ]]> 2023-04-03T11:39:02+00:00 https://www.securityweek.com/western-digital-shuts-down-services-due-to-cybersecurity-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8324350 False Data Breach,General Information None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite On March 30, 2023, TMX Finance Corporate Services, Inc. (hereafter referred to as “TMX Finance” or “TMX”) notified the Attorney General of Maine of a data breach. This is after realizing that a third party had gained access to and possibly removed sensitive consumer data housed on the business’s computer network. According to the business’s […]]]> 2023-04-03T11:12:16+00:00 https://informationsecuritybuzz.com/tmx-financial-reveals-persons-affected-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8324338 False Data Breach None 2.0000000000000000 SecurityWeek - Security News Le fournisseur de prêts aux consommateurs TMX Finance informe plus de 4,8 millions de personnes que leurs informations personnelles ont été volées dans une violation de données.

---

>Consumer loan provider TMX Finance is informing over 4.8 million individuals that their personal information was stolen in a data breach. ]]> 2023-04-03T10:20:10+00:00 https://www.securityweek.com/4-8-million-impacted-by-data-breach-at-tmx-finance/ www.secnews.physaphae.fr/article.php?IdArticle=8324336 False Data Breach None 2.0000000000000000 Silicon - Site de News Francais 2023-04-03T10:11:47+00:00 https://www.silicon.fr/twitter-publie-algorithme-premiers-constats-462018.html www.secnews.physaphae.fr/article.php?IdArticle=8324322 False Data Breach,General Information None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Nearly five million impacted by December 2022 incident]]> 2023-04-03T09:20:00+00:00 https://www.infosecurity-magazine.com/news/consumer-loans-tmx-reveals-major/ www.secnews.physaphae.fr/article.php?IdArticle=8324313 False Data Breach None 2.0000000000000000 SecurityWeek - Security News L'Italie bloque temporairement le logiciel d'intelligence artificielle Chatgpt à la suite d'une violation de données en étudiant une éventuelle violation des règles strictes de protection des données de l'Union européenne.

---

>Italy is temporarily blocking the artificial intelligence software ChatGPT in the wake of a data breach as it investigates a possible violation of stringent European Union data protection rules. ]]> 2023-04-01T02:06:20+00:00 https://www.securityweek.com/italy-temporarily-blocks-chatgpt-over-privacy-concerns/ www.secnews.physaphae.fr/article.php?IdArticle=8323927 False Data Breach ChatGPT,ChatGPT 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite The significance of keeping data integrity has never been more important in a world where data breaches appear to occur every day. It is because cybersecurity threats are expanding at an alarming rate. Businesses must take proactive steps to ensure the security and integrity of their data.  A data breach can have disastrous repercussions, including […]]]> 2023-03-31T13:37:34+00:00 https://informationsecuritybuzz.com/data-integrity-cybersecurity-concerns/ www.secnews.physaphae.fr/article.php?IdArticle=8323768 False Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan have collectively disclosed a data breach that exposed the personal data of 4,822,580 customers. [...]]]> 2023-03-31T10:18:32+00:00 https://www.bleepingcomputer.com/news/security/consumer-lender-tmx-discloses-data-breach-impacting-48-million-people/ www.secnews.physaphae.fr/article.php?IdArticle=8323781 False Data Breach None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS. Successful exploitation of the shortcoming could be abused to hijack TCP connections or intercept client and web traffic, researchers Domien Schepers, Aanjhan Ranganathan,]]> 2023-03-30T17:51:00+00:00 https://thehackernews.com/2023/03/new-wi-fi-protocol-security-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8323450 False Data Breach,Vulnerability,Threat None 3.0000000000000000 SecurityWeek - Security News NCB Management Services informe environ 500 000 personnes d'une violation de données ayant un impact sur leurs informations personnelles.

---

>NCB Management Services is informing roughly 500,000 individuals of a data breach impacting their personal information. ]]> 2023-03-30T12:48:36+00:00 https://www.securityweek.com/500k-impacted-by-data-breach-at-debt-buyer-ncb/ www.secnews.physaphae.fr/article.php?IdArticle=8323448 False Data Breach None 2.0000000000000000 BBC - BBC News - Technology An error by NHS Highland led to all recipients of an email being able to see personal addresses.]]> 2023-03-30T09:46:34+00:00 https://www.bbc.co.uk/news/uk-scotland-highlands-islands-65122951?at_medium=RSS&at_campaign=KARANGA www.secnews.physaphae.fr/article.php?IdArticle=8323395 False Data Breach None 2.0000000000000000 ComputerWeekly - Computer Magazine 2023-03-30T07:30:00+00:00 https://www.computerweekly.com/news/365534229/NHS-Highland-rapped-over-data-breach-affecting-HIV-patients www.secnews.physaphae.fr/article.php?IdArticle=8323415 False Data Breach None 2.0000000000000000 Recorded Future - FLux Recorded Future Latitude Financial, l'activité australienne de crédit à la consommation, affirme qu'elle estime désormais que des données sur 14 millions de clients ont été volées dans une cyberattaque plutôt que sur les 330 000 qu'elle avait initialement estimées.La société a révélé lundi qu'elle avait détecté une activité suspecte sur ses réseaux plus tôt ce mois-ci, mais son chiffre initial pour le nombre de clients

---

Latitude Financial, the Australian consumer credit business, says that it now believes data on 14 million customers was stolen in a cyberattack rather than the 330,000 it had initially estimated. The company disclosed Monday that it had detected suspicious activity on its networks earlier this month, but its initial figure for the number of customers]]> 2023-03-28T16:05:00+00:00 https://therecord.media/latitude-financial-hack-australia-new-zealand www.secnews.physaphae.fr/article.php?IdArticle=8322586 False Data Breach None 3.0000000000000000 SecurityWeek - Security News OpenAI a confirmé une violation de données de ChatGPT le même jour qu'une entreprise de sécurité a déclaré avoir vu l'utilisation d'un composant affecté par une vulnérabilité activement exploitée.

---

>OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an actively exploited vulnerability. ]]> 2023-03-28T12:59:20+00:00 https://www.securityweek.com/chatgpt-data-breach-confirmed-as-security-firm-warns-of-vulnerable-component-exploitation/ www.secnews.physaphae.fr/article.php?IdArticle=8322522 False Data Breach ChatGPT,ChatGPT 3.0000000000000000 Bleeping Computer - Magazine Américain Crown Resorts, Australia\'s largest gambling and entertainment company, has confirmed that it suffered a data breach after its GoAnywhere secure file-sharing server was breached using a zero-day vulnerability. [...]]]> 2023-03-28T12:26:40+00:00 https://www.bleepingcomputer.com/news/security/crown-resorts-confirms-ransom-demand-after-goanywhere-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8322587 False Data Breach None 3.0000000000000000 SecurityWeek - Security News Le fournisseur de services financiers australiens Latitude indique qu'environ 14 millions de dossiers utilisateurs ont été volés dans une cyberattaque récente.

---

>Australian financial services provider Latitude says roughly 14 million user records were stolen in a recent cyberattack. ]]> 2023-03-28T10:45:45+00:00 https://www.securityweek.com/14-million-records-stolen-in-data-breach-at-latitude-financial-services/ www.secnews.physaphae.fr/article.php?IdArticle=8322491 False Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain Australian loan giant Latitude Financial Services (Latitude) is warning customers that its data breach is much more significant than initially stated, taking the number of affected individuals from 328,000 to 14 million. [...]]]> 2023-03-28T09:50:17+00:00 https://www.bleepingcomputer.com/news/security/latitude-financial-data-breach-now-impacts-14-million-customers/ www.secnews.physaphae.fr/article.php?IdArticle=8322519 False Data Breach None 2.0000000000000000 Zataz - Magazine Francais de secu 2023-03-27T00:58:04+00:00 https://www.zataz.com/la-police-arrete-7-pirates-de-donnees/ www.secnews.physaphae.fr/article.php?IdArticle=8321932 False Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees after its GoAnywhere MFT secure file-sharing platform was compromised in early February. [...]]]> 2023-03-24T13:54:29+00:00 https://www.bleepingcomputer.com/news/security/procter-and-gamble-confirms-data-theft-via-goanywhere-zero-day/ www.secnews.physaphae.fr/article.php?IdArticle=8321296 False Data Breach None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber TikTok came to win hearts and minds with technology and reason. It lost. ]]> 2023-03-23T20:54:48+00:00 https://cyberscoop.com/tiktok-congress-privacy-security-concerns/ www.secnews.physaphae.fr/article.php?IdArticle=8321044 False Data Breach,General Information,Legislation None 3.0000000000000000 UnderNews - Site de news "pirate" francais En début de semaine, Chat GPT, l’agent conversationnel piloté par IA, a connu un important dysfonctionnement, rendant public à d’autres internautes l'historique de conversations de certains utilisateurs. Un bug rapidement maîtrisé par OpenAI, mais qui pose de nombreuses questions en matière de cybersécurité et de protection des données personnelles…   Vladislav Tushkanov, Lead Data Scientist chez […] The post Leak des historiques de conversation sur ChatGPT first appeared on UnderNews.]]> 2023-03-23T17:00:20+00:00 https://www.undernews.fr/undernews/leak-des-historiques-de-conversation-sur-chatgpt.html www.secnews.physaphae.fr/article.php?IdArticle=8320945 False Data Breach,Guideline ChatGPT,ChatGPT 3.0000000000000000 Zataz - Magazine Francais de secu 2023-03-23T14:14:37+00:00 https://www.zataz.com/un-ver-dans-le-cheval-cabre/ www.secnews.physaphae.fr/article.php?IdArticle=8320921 False Data Breach None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Incident was linked to previously disclosed ransomware attack]]> 2023-03-23T09:30:00+00:00 https://www.infosecurity-magazine.com/news/irish-food-dole-employee-data/ www.secnews.physaphae.fr/article.php?IdArticle=8320842 False Ransomware,Ransomware,Data Breach None 3.0000000000000000 The Register - Site journalistique Anglais 2023-03-23T02:29:11+00:00 https://go.theregister.com/feed/www.theregister.com/2023/03/23/south_korea_privacy_fines_mcdonalds/ www.secnews.physaphae.fr/article.php?IdArticle=8320776 False Data Breach None 3.0000000000000000 Dark Reading - Informationweek Branch With more than $36M nearly swindled away, an almost-successful BEC attempt in the commercial real estate space shows how sophisticated and convincing fraud attacks are becoming.]]> 2023-03-22T19:49:00+00:00 https://www.darkreading.com/risk/bec-fraud-attempt-thwarted-ai www.secnews.physaphae.fr/article.php?IdArticle=8320721 False Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain Fresh produce giant Dole Food Company has confirmed that the information of an undisclosed number of employees was accessed during a February ransomware attack. [...]]]> 2023-03-22T15:04:35+00:00 https://www.bleepingcomputer.com/news/security/dole-discloses-employee-data-breach-after-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8320659 False Ransomware,Data Breach None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite A notice has been issued by the National Basketball Association (NBA) to inform its fans about a data breach incident that resulted in the theft of certain personal information. An email titled “Notice of Cybersecurity Incident” to an unspecified number of fans informing them that an unauthorized third party had obtained their name and email […]]]> 2023-03-21T15:36:27+00:00 https://informationsecuritybuzz.com/nba-alerts-hack-third-party-service-provider/ www.secnews.physaphae.fr/article.php?IdArticle=8320246 False Data Breach,Hack None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Ferrari, a luxury automaker, admitted a data leak after hackers demanded a ransom. The event occurred last month, and the company is cooperating with law police to investigate. The Italian automaker said in a statement that the breach only involved a small number of workers’ personal information, which the attackers stole. According to the firm, […]]]> 2023-03-21T11:09:46+00:00 https://informationsecuritybuzz.com/ferrari-data-breach-ransom-demand/ www.secnews.physaphae.fr/article.php?IdArticle=8320192 False Data Breach None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Carmaker says it didn\'t pay its extorters]]> 2023-03-21T09:40:00+00:00 https://www.infosecurity-magazine.com/news/ferrari-reveals-data-breach-ransom/ www.secnews.physaphae.fr/article.php?IdArticle=8320153 False Data Breach None 2.0000000000000000 SecurityWeek - Security News Ferrari a déclaré qu'une attaque de ransomware était responsable d'une violation de données qui a exposé les détails du client, mais n'a pas eu d'impact sur les opérations de l'entreprise.

---

>Ferrari said that a ransomware attack was responsible for a data breach that exposed customer details, but did not impact company operations. ]]> 2023-03-21T01:50:05+00:00 https://www.securityweek.com/ferrari-says-ransomware-attack-exposed-customer-data/ www.secnews.physaphae.fr/article.php?IdArticle=8320080 False Ransomware,Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain Ferrari has disclosed a data breach following a ransom demand received after attackers gained access to some of the company\'s IT systems. [...]]]> 2023-03-20T19:20:47+00:00 https://www.bleepingcomputer.com/news/security/ferrari-discloses-data-breach-after-receiving-ransom-demand/ www.secnews.physaphae.fr/article.php?IdArticle=8320064 False Data Breach None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite For the latest discoveries in cyber research for the week of 20th March, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES Hitachi Energy reported a data breach caused by the Clop ransomware group which exploited a zero-day vulnerability (CVE-2023-0669) in the Fortra GoAnywhere MFT system, which was used by Hitachi. Check Point IPS, Threat […] ]]> 2023-03-20T16:19:35+00:00 https://research.checkpoint.com/2023/20th-march-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8319978 False Ransomware,Data Breach,Vulnerability,Threat None 2.0000000000000000 SecurityWeek - Security News Hitachi Energy has blamed a data breach affecting employees on the recent exploitation of a zero-day vulnerability in Fortra's GoAnywhere solution. ]]> 2023-03-20T11:53:33+00:00 https://www.securityweek.com/hitachi-energy-blames-data-breach-on-zero-day-as-ransomware-gang-threatens-firm/ www.secnews.physaphae.fr/article.php?IdArticle=8319913 False Ransomware,Data Breach,Vulnerability None 2.0000000000000000 SecurityWeek - Security News NBA is notifying individuals that their information was stolen in a data breach at a third-party mailing services provider. ]]> 2023-03-20T10:42:12+00:00 https://www.securityweek.com/nba-notifying-individuals-of-data-breach-at-mailing-services-provider/ www.secnews.physaphae.fr/article.php?IdArticle=8319914 False Data Breach None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-03-17T16:57:59+00:00 https://informationsecuritybuzz.com/healthcare-firm-ils-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8319443 False Data Breach,Medical None 3.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-17T16:21:13+00:00 https://www.bleepingcomputer.com/news/security/nba-alerts-fans-of-a-data-breach-exposing-personal-information/ www.secnews.physaphae.fr/article.php?IdArticle=8319495 False Data Breach None 2.0000000000000000 SecurityWeek - Security News 2023-03-17T15:05:58+00:00 https://www.securityweek.com/latitude-financial-services-data-breach-impacts-300000-customers/ www.secnews.physaphae.fr/article.php?IdArticle=8319445 False Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-17T12:20:58+00:00 https://www.bleepingcomputer.com/news/security/hitachi-energy-confirms-data-breach-after-clop-goanywhere-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8319459 False Ransomware,Data Breach,Industrial None 3.0000000000000000 Recorded Future - FLux Recorded Future The sensitive healthcare data of more than four million people was accessed by hackers who broke into the network of Independent Living Systems (ILS), a healthcare software company based in Miami. The company has provided third-party administrative services to health plans, providers, hospitals, and pharmaceutical and medical device companies for nearly two decades. ILS began]]> 2023-03-16T12:45:00+00:00 https://therecord.media/ils-data-breach-patient-information www.secnews.physaphae.fr/article.php?IdArticle=8319081 False Data Breach,Medical None 2.0000000000000000 SecurityWeek - Security News Health services company Independent Living Systems has disclosed a data breach that impacts more than 4 million individuals. ]]> 2023-03-16T12:31:59+00:00 https://www.securityweek.com/data-breach-at-independent-living-systems-impacts-4-million-individuals/ www.secnews.physaphae.fr/article.php?IdArticle=8319095 False Data Breach None 2.0000000000000000 Resecurity - cyber risk firms 2023-03-16T00:00:00+00:00 https://www.resecurity.com/blog/article/three-key-provisions-in-the-fccs-new-rule-proposal-for-data-breach-reporting www.secnews.physaphae.fr/article.php?IdArticle=8416130 False Data Breach None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-03-15T19:37:00+00:00 https://www.darkreading.com/application-security/telerik-bug-exploited-steal-federal-agency-data-cisa-warns www.secnews.physaphae.fr/article.php?IdArticle=8318898 False Data Breach,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-03-15T15:13:00+00:00 https://thehackernews.com/2023/03/the-different-methods-and-stages-of.html www.secnews.physaphae.fr/article.php?IdArticle=8318755 False Data Breach None 3.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-15T11:50:03+00:00 https://www.bleepingcomputer.com/news/security/healthcare-provider-ils-warns-42-million-people-of-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8318815 False Data Breach None 2.0000000000000000 SecurityWeek - Security News 2023-03-15T10:59:00+00:00 https://www.securityweek.com/hawaii-health-department-says-death-records-compromised-in-recent-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8318777 False Data Breach None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC secure domain email address is one of the most important ways to ensure that company emails and other sensitive data remain safe. Email providers such as Google, Microsoft, Zoho, and Postale offer secure domain email addresses which encrypt all emails sent and received in transit. This makes it more difficult for hackers to gain access to confidential information or launch attacks on vulnerable systems. Using a secure email provider is essential for any organization looking to maximize its data protection efforts. By taking advantage of these services, businesses can rest assured knowing their emails are secure and protected from malicious actors. 2. Implement strong authentication Strong authentication refers to the use of two or more forms of authentication to authenticate a user's identity. This could include using a one-time password for each login, biometric factors such as fingerprints, or utilizing an encrypted token. Strong authentication ensures that only authorized users can access company networks and confidential data. Having strong authentication measures in place is an essential step in protecting data, as it helps to prevent unauthorized access and keeps sensitive information secure. 3. Install mobile security software Mobile security software (also known as mobile device management or MDM) can help protect devices from malicious attacks. Mobile security software can be installed on all company-owned devices, providing a layer of protection by scanning for and blocking malicious applications. It can also offer additional layers of protection such as remote wiping capability, encryption, and the ability to remotely lock lost or stolen devices. 4. Enforce use policies By having clear use policies in place, businesses can ensure their employees understand the importance of mobile security and that they are adhering to the established rules. These policies should include restrictions on downloading or installing unapproved apps, accessing unknown or suspicious websites, or sharing confidential information with unauthorized personnel. Enforcing use policies is essential for keeping company networks and data secure. By ensuring that all employees abide by the same set of rules, businesses can greatly reduce their risk of a data breach or other malicious attack. 5. Utilize cloud storage Cloud storage provides an effective way to store business data securely off-site. Data stored in the cloud is encrypted and kept safe from physical damage or theft. It also eliminates the need for large servers and other physical infrastructure, reducing both costs and the potential risk of data breaches. Additionally, cloud storage allows employees to access their data from any device, anytime and anywhere]]> 2023-03-15T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/10-ways-b2b-companies-can-improve-mobile-security www.secnews.physaphae.fr/article.php?IdArticle=8318728 False Data Breach,Malware,Guideline,Cloud None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-03-14T13:09:20+00:00 https://informationsecuritybuzz.com/people-affected-zoll-medical-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8318440 False Data Breach,Medical None 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #11  |   March 14th, 2023 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes. I'm giving you a short extract of the story and the link to the whole article is below. "Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service. "In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM. "In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company. "And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven. "'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'" Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this. Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl]]> 2023-03-14T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-11-heads-up-employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears www.secnews.physaphae.fr/article.php?IdArticle=8318404 False Ransomware,Data Breach,Spam,Malware,Threat,Guideline,Medical ChatGPT,ChatGPT 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC OWASP, 2019), broken object-level authorization (BOLA) is the most significant vulnerability confronting modern application programming interfaces (APIs). It can be exciting to pursue innovations in the API area, but while doing so, programmers must ensure that they are adequately attentive to security concerns and that they develop protocols that can address such concerns. This article will describe the problem of BOLA and its consequences, and then it will present potential actions that can be taken to solve the problem. The problem ​OWASP (2019) indicates the following regarding BOLA: “Attackers can exploit API endpoints that are vulnerable to broken object-level authorization by manipulating the ID of an object that is sent within the request” (para. 1). For example, a hacker may access information regarding how various shops make requests to an e-commerce platform. The hacker may then observe that a certain pattern exists in the codes for these requests. If the hacker can gain access to the codes and has the authorization to manipulate them, then they could establish a different endpoint in the code and thereby redirect all the data to themselves. The exploitation of BOLA vulnerabilities is very common because, without the implementation of an authorization protocol, APIs essentially have no protection whatsoever against hackers. To attack this kind of APIs, the hacker only needs the capability to access request code systems and intercept data by manipulating the codes, which can be done rather easily by anyone who has the requisite skills and resources (Viriya & Muliono, 2021). APIs that do not have security measures in place are thus simply hoping that no one will know how to conduct such an attack or have the desire to do so. Once a willing hacker enters the picture, however, the APIs would have no actual protections to stop the hacker from gaining access to the system and all the data contained within it and transmitted across it. The consequences ​BOLA attacks have significant consequences in terms of data security: “Unauthorized access can result in data disclosure to unauthorized parties, data loss, or data manipulation. Unauthorized access can also lead to full account takeover” (OWASP, 2019, para. 3). In short, BOLA attacks produce data breaches. Stories about data breaches are all too common in the news, with a very recent one involving a healthcare organization in Texas (Marfin, 2022). While not all data breaches are the result of BOLA attacks, many of them are, given that BOLA is a very common vulnerability in APIs. The specific consequences of a successful BOLA attack, as well as the magnitude of those consequences, would depend on the target of the attack. For example, if the target is a healthcare organization, then the data breach could lead to hackers gaining access to patients' private health insurance. If the target is a bank, then the hackers would likely be able to access customers’ social security numbers. If the target is an e-commerce website, then data regarding customers’ credit card numbers and home addresses would be compromised. In all cases, the central consequence of a BOLA attack is that hackers can gain access to personal information due to a lack of adequate security measures within the APIs in question. The solution ​The solution to BOLA is for programmers to implement authorization protocols for accessing any d]]> 2023-03-14T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/broken-object-level-authorization-api-securitys-worst-enemy www.secnews.physaphae.fr/article.php?IdArticle=8318330 False Data Breach,Vulnerability,Guideline None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite 2023-03-13T16:18:58+00:00 https://informationsecuritybuzz.com/att-data-breach-hits-nine-million-customers/ www.secnews.physaphae.fr/article.php?IdArticle=8318112 False Data Breach None 2.0000000000000000 Bleeping Computer - Magazine Américain 2023-03-13T15:51:33+00:00 https://www.bleepingcomputer.com/news/security/la-housing-authority-discloses-data-breach-after-ransomware-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8318167 False Ransomware,Data Breach None 2.0000000000000000