Trending Articles

GDPR: 8,000 Data Breach Reports Filed So Far in UK

Data Breach Today

Privacy Watchdog Counts 41 Daily Breach Reports Since GDPR Enforcement Began The U.K.'s s privacy watchdog says that six months after enforcement of the EU's General Data Protection Regulation began, it's seen a dramatic increase in data breach reports - as well as privacy complaints from the publi

How Internet Savvy are Your Leaders?

Krebs on Security

Back in April 2015, I tweeted about receiving a letter via snail mail suggesting the search engine rankings for a domain registered in my name would suffer if I didn’t pay a bill for some kind of dubious-looking service I’d never heard of.

GUEST ESSAY: ‘Tis the season — to take proactive measures to improve data governance

The Last Watchdog

The holiday season is upon us and the bright lights and greenery aren’t the only indicators that we’ve reached December. Sadly, data breaches often occur at this time of year. Recently we’ve seen major news stories about breaches at Starwood Hotels and Quora. Related podcast: The need to lock down unstructured data. Last year, at this time, it was announced that there was a significant privacy leak at eBay affecting many customers.

Expert devised a new WiFi hack that works on WPA/WPA2

Security Affairs

The popular expert Jens ‘Atom’ Steube devised a new WiFi hack that allows cracking WiFi passwords of most modern routers.

Your Personal Data is Already Stolen

Schneier on Security

Access 113

Credit Card System Hack Led to HIPAA Breach Report

Data Breach Today

Baylor Scott & White Medical Center - Frisco Notifying Those Affected The hacking of a credit card processing system has prompted a Texas hospital to notify federal regulators and affected individuals of a breach as required by the HIPAA Breach Notification Rule

185

A Breach, or Just a Forced Password Reset?

Krebs on Security

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites.

More Trending

Hackers defaced Linux.org with DNS hijack

Security Affairs

The Linux.org website was defaced last week via DNS hijack, attackers breached into associated registrar account and changed the DNS settings.

Bad Consumer Security Advice

Schneier on Security

There are lots of articles about there telling people how to better secure their computers and online accounts. While I agree with some of it, this article contains some particularly bad advice: 1. Never, ever, ever use public (unsecured) Wi-Fi such as the Wi-Fi in a café, hotel or airport.

Top Republican Email Accounts Compromised

Data Breach Today

National Republican Congressional Committee Emails Spied On For Months Thousands of emails from four senior aides within the National Republican Congressional Committee were exposed after their accounts were compromised for several months earlier this year, Politico reports on Tuesday.

221

Jared, Kay Jewelers Parent Fixes Data Leak

Krebs on Security

The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers.

Data 185

GUEST ESSAY: Atrium Health data breach highlights lingering third-party exposures

The Last Watchdog

The healthcare industry has poured vast resources into cybersecurity since 2015, when a surge of major breaches began. While the nature of these breaches has evolved over the last four years, the growth in total healthcare incidents has unfortunately continued unabated. Related: How to get of HIPAA hit list. The recent disclosure from Atrium Health that more than 2.65

CVE-2018-15982 Adobe zero-day exploited in targeted attacks

Security Affairs

Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks.

Banks Attacked through Malicious Hardware Connected to the Local Network

Schneier on Security

Kaspersky is reporting on a series of bank hacks -- called DarkVishnya -- perpetrated through malicious hardware being surreptitiously installed into the target network: In 2017-2018, Kaspersky Lab specialists were invited to research a series of cybertheft incidents.

Tools 89

After Mega-Breach, Marriott May Pay for New Passports

Data Breach Today

Bomb Threat Hoaxer, DDos Boss Gets 3 Years

Krebs on Security

The ringleader of a gang of cyber hooligans that made bomb threats against hundreds of schools and launched distributed denial-of-service (DDoS) attacks against Web sites — including KrebsOnSecurity on multiple occasions — has been sentenced to three years in a U.K.

Groups 164

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

The United States Intelligence Community , or IC, is a federation of 16 separate U.S. intelligence agencies, plus a 17th administrative office. The IC gathers, stores and processes large amounts of data, from a variety of sources, in order to provide actionable information for key stakeholders. And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices. Related video: Using the NIST framework as a starting point.

Toyota presented PASTA (Portable Automotive Security Testbed) Car-Hacking Tool

Security Affairs

Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed).

Manafort and Cohen Sentencing Documents Put Donald Trump in Spotlight

WIRED Threat Level

The Mueller investigation has a long way to go, but the worst case scenario seems increasingly likely. Security

Incident Response: Why a Tabletop Exercise Is Essential

Data Breach Today

Attorney Ronald Raether on Building a Cybersecurity Culture Tabletop exercises are a critical way to make sure an organization's incident response plan is effective and everyone knows their roles, says Ronald Raether of the law firm Troutman Sanders

Have I Been Pwned - The Sticker

Troy Hunt

So today is Have I Been Pwned's (HIBP's) 5th birthday.

The DoJ's Secret Legal Arguments to Break Cryptography

Schneier on Security

Earlier this year, the US Department of Justice made a series of legal arguments as to why Facebook should be forced to help the government wiretap Facebook Messenger. Those arguments are still sealed. The ACLU is suing to make them public. aclu cryptowars cryptography nationalsecuritypolicy

Experts found data belonging to 82 Million US Users exposed on unprotected Elasticsearch Instances

Security Affairs

Security experts at HackenProof are warning Open Elasticsearch instances expose over 82 million users in the United States. Experts from HackenProof discovered Open Elasticsearch instances that expose over 82 million users in the United States.

Is It Time for a Federal U.S. Data Protection Law?

InfoGoTo

IT 80

Another Electronic Health Records Vendor Hacked

Data Breach Today

Ransomware Attack Hits Cloud-Based EHR Firm, Affecting Data of Eye Clinic Yet another cyberattack against a cloud-based electronic health records vendor has been revealed. This one involved a ransomware attack that potentially exposed data on 16,000 patients of a California eye clinic.

14 Questions Robert Mueller Knows the Answer To

WIRED Threat Level

The Russia investigation's known unknowns give valuable hints about the special counsel's next moves. Security

114 Million US Citizens and Companies Found Unprotected Online

Adam Levin

The data of 114 million businesses and individuals has been discovered in an unprotected database.

WordPress botnet composed of +20k installs targets other sites

Security Affairs

Experts from security firm Wordfence discovered a Botnet of 20,000 WordPress Sites Infecting other WordPress installs.

CMS 80

Financial Services Data – More at risk than you’d believe

Thales Data Security

One of the top findings from the 2018 Thales Data Threat Report, Financial Services Edition was that data breaches in U.S. financial services organizations are increasing at an alarming rate. Not only are breaches at record highs – with 65% of U.S.

3 Top Security Challenges in Healthcare

Data Breach Today

Chris Bowen of ClearDATA on Improving 'Change Management' Understanding where data is stored so it can be protected, overcoming security misconfiguration and improving vendor management diligence are three top challenges for healthcare organizations, says Chris Bowen of ClearDATA

Foreign Trolls Are Targeting Veterans on Facebook

WIRED Threat Level

Opinion: The VA needs to take preventative measures to protect vets—and more broadly, our democracy—from digital manipulation and fraud. Security Opinion

Five tips for getting the most out of your records digitization pilot

TAB OnRecord

Although most organizations can agree that pilot projects in general have beneficial outcomes, your pilot project can run into numerous pitfalls if you do not get the basics quite right.

Tips 78

4 Industries That Have to Fight the Hardest Against Cyberattacks

Security Affairs

Society’s dependence on internet-based technologies means security professionals must defend against cyberattacks as well as more traditional threats, such as robbers or disgruntled employees. However, cybercriminals target some industries at disproportionally high rates.

Mozilla Releases Annual Privacy Guide to Holiday Shopping

Adam Levin

The Mozilla Foundation has released the second installation of *Privacy Not included, the organization’s annual privacy guide to internet-connected gifts. The list was started to promote the idea that privacy and security by design can and should be a major selling point.

Eastern European Bank Hackers Wield Malicious Hardware

Data Breach Today

DarkVishnya' Heists Stole Tens of Millions of Dollars, Kaspersky Lab Says Hackers have been plugging inexpensive hardware into banks' local area networks to help perpetrate heists that have stolen tens of millions of dollars, warns Kaspersky Lab.

IT 161

Auditing your GDPR practices

IT Governance

Follow our advice to make sure your organisation is GDPR-compliant and avoids disciplinary action. After a relatively quiet few months, the EU GDPR (General Data Protection Regulation) is back in the news.

GDPR 76

IT Security Lessons from the Marriott Data Breach

eSecurity Planet

500 million people are at risk because of a data breach at Marriott's Starwood hotel chain. What steps can your organization take to limit the risk of suffering the same fate