Krebs on Security

OCTOBER 28, 2021

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.

Phishing 226

Phishing Information Security Security IT 226

Data Breach Today

AUGUST 21, 2019

White House Report: No 'Major' Breaches Reported; Incidents Down 12 Percent Federal government agencies experienced 12 percent fewer cyber incidents in 2018, when there were no "major" data breaches, according to a new White House report. But the report notes there's still plenty of risk mitigation work to be done.

Data breaches 166

Data breaches Risk Government 166

Security Affairs

JUNE 20, 2021

Norway police secret service states said that China-linked APT31 group was behind the 2018 cyberattack on the government’s IT network. Norway’s Police Security Service (PST) said that the China-linked APT31 cyberespionage group was behind the attack that breached the government’s IT network in 2018. Pierluigi Paganini.

Government 131

Government Passwords Access Cloud 131

Data Breach Today

SEPTEMBER 26, 2018

A Guide to Video Interviews With Thought Leaders at This Year's Event At RSA Conference 2018 Asia Pacific & Japan, Information Security Media Group conducted dozens of video interviews with industry thought leaders. Here are the highlights.

Information Security 146

Information Security Security 146

Krebs on Security

JULY 10, 2018

According to SANS, at least three of the flaws — CVE-2018-8278 , CVE-2018-8313 , and CVE-2018-8314 — were previously disclosed publicly, meaning that attackers may have had a head start figuring out how to exploit these flaws for criminal gain.

Security 130

Security IT 130

IT Governance

MAY 25, 2023

As Andrea Jelenik, the chair of the EDPB, told a recent panel discussion at the IAPP 2023 Global Privacy Summit : When we started from scratch we had to give guidance because everyone wanted to have guidance because the elephant in the room in 2018 was the GDPR. We’ve been analysing GDPR fines since the Regulation took effect in May 2018.

GDPR 96

GDPR Compliance Personal data Data Privacy 96

Data Breach Today

NOVEMBER 4, 2019

Patient Portal Incident Involved Third-Party Vendor A Utah eye clinic began notifying thousands of patients last week about a 2018 breach involving a third-party portal provider. What should other healthcare organizations learn from this incident?

113

113

Data Breach Today

AUGUST 21, 2018

million individuals - have been added in recent weeks to the official federal tally, pushing the total victim count for 2018 so far to 4.3 Analyzing the Latest 'Wall of Shame' Trends About 30 new health data breaches - including a phishing attack impacting 1.4

Data breaches 154

Data breaches Phishing 154

Security Affairs

OCTOBER 16, 2020

Britain’s information commissioner has fined British Airways 20 million pounds for the 2018 hack that exposed data of 400,000 customers. In September 2018, British Airways suffered a data breach that exposed the personal information of 400,000 customers. ” concludes the ICO. Pierluigi Paganini.

GDPR 112

GDPR Personal data Data breaches Communications 112

Data Breach Today

MAY 3, 2018

At RSA 2018, RSA's president said WannaCry was a wakeup call for vulnerability and risk management. Artificial Intelligence, Bug Squashing, Secure DevOps and More What matters most, right now, to the information security community? Other experts see artificial intelligence, machine learning and secure coding as hot trends.

Artificial Intelligence 144

Artificial Intelligence Cybersecurity Information Security Risk 144

Data Breach Today

JANUARY 4, 2018

A look ahead at five trends that should have a significant impact on cybersecurity in 2018 is featured in the final ISMG Security Report for 2017. Cybersecurity and privacy thought leader Christopher Pierson forecasts the likely occurrences.

Cybersecurity 160

Cybersecurity Privacy Security 160

Krebs on Security

AUGUST 15, 2018

According to security firm Ivanti , the first of the two zero-day flaws ( CVE-2018-8373 ) is a critical flaw in Internet Explorer that attackers could use to foist malware on IE users who browse to hacked or booby-trapped sites. One nifty little bug fixed in this patch batch is CVE-2018-8345. Microsoft’s analysis is here.

Paper 111

Paper Security IT 111

Data Breach Today

JULY 24, 2018

A Guide to Video Interviews With Thought Leaders at This Year's Event At Infosecurity Europe 2018, Information Security Media Group conducted dozens of video interviews with industry thought leaders. Here are the highlights.

Information Security 113

Information Security Security 113

Security Affairs

SEPTEMBER 14, 2021

The network equipment maker MikroTik revealed that the routers were previously compromised in 2018. “As far as we have seen, these attacks use the same routers that were compromised in 2018, when MikroTik RouterOS had a vulnerability, that was quickly patched.” ” reads a post published by MikroTik in a forum post.

Passwords 91

Passwords Access Security IT 91

Data Breach Today

JANUARY 4, 2018

Why Making a Prediction Is So Difficult So what actions can we expect in 2018 from the Department of Health and Human Services' Office for Civil Rights as it enforces the HIPAA privacy, security and breach notification rules? Making a prediction is difficult, given all the changes at HHS.

Privacy 113

Privacy Security IT 113

Data Breach Today

DECEMBER 15, 2020

Penalty Marks First Time US Tech Firm Penalized Under EU's Privacy Regulation For the first time, a U.S. technology firm has been fined under the European Union's General Data Protection Regulation.

Data breaches 259

Data breaches GDPR Privacy 259

Data Breach Today

APRIL 12, 2018

These are some of the hottest topics on tap at the 2018 RSA Conference, taking place April 16-20 in San Francisco. Regulations and New Technologies Are in the Spotlight GDPR compliance. New uses for blockchain. IoT security.

Blockchain 113

Blockchain IoT GDPR Compliance 113

Security Affairs

DECEMBER 21, 2019

Cisco has warned customers that hackers continue to target Cisco ASA and Firepower Appliance products by exploiting the CVE-2018-0296 flaw. Experts warn that threat actors continue to exploit the CVE-2018-0296 flaw to target Cisco ASA and Firepower Appliance. SecurityAffairs – Cisco ASA, CVE-2018-0296). Pierluigi Paganini.

Risk 75

Risk Authentication Security Cloud 75

Data Breach Today

MAY 24, 2018

A Guide to Video Interviews With Thought Leaders at This Year's Event At RSA Conference 2018 in San Francisco, Information Security Media Group's editorial team conducted more than 100 video interviews with industry thought leaders. Here are the highlights.

Information Security 100

Information Security Security 100

Security Affairs

JANUARY 30, 2019

According to the ENISA Threat Landscape Report 2018, 2018 has brought significant changes in the techniques, tactics, and procedures associated with cybercrime organizations and nation-state actors. 2018 was characterized by significant changes in the cyber threat landscape especially for TTPs associated with threat agent groups. .

IoT 89

IoT Cybersecurity Phishing Risk 89

IT Governance

MARCH 8, 2019

2018 saw some of the biggest data breaches yet , with Marriott, Under Armour and Facebook suffering breaches that affected 500 million, 150 million and 100 million people respectively. Using our monthly ‘ List of data breaches and cyber attacks ’ blog posts, we’ve created an infographic to sum up the reported data breaches of 2018.

Data breaches 109

Data breaches GDPR Personal data Compliance 109

Security Affairs

DECEMBER 5, 2018

Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks. Adobe is aware of reports that an exploit for CVE-2018-15982 exists in the wild.” Securi ty Affairs – Flash zero-day, CVE-2018-15982). Pierluigi Paganini.

Archiving 110

Archiving Security Access IT 110

Security Affairs

OCTOBER 26, 2018

Security researcher discovered a highly critical vulnerability (CVE-2018-14665) in X.Org Server package that affects major Linux distributions. Xorg published a security advisory on the CVE-2018-14665 flaw. OpenBSD #0day Xorg LPE via CVE-2018-14665 can be triggered from a remote SSH session, does not need to be on a local console.

Security 108

Security IT 108

Security Affairs

SEPTEMBER 23, 2021

BulletProofLink has been active since 2018, it was used by multiple threat actors in either one-off or monthly subscription-based business models. The post BulletProofLink, a large-scale phishing-as-a-service active since 2018 appeared first on Security Affairs. ” Follow me on Twitter: @securityaffairs and Facebook.

Phishing 100

Phishing Ransomware IT Access 100

Security Affairs

OCTOBER 6, 2018

Users are reporting problems with the CCleaner software that appears to be partially broken after the installation of Windows 10 October 2018 Update. Other users discovered that some files on their machines were deleted after the Windows 10 October 2018 Update was installed. Security Affairs – Windows 10 October 2018 Update ).

Security 98

Security IT 98

Security Affairs

SEPTEMBER 28, 2018

Google Project Zero disclosed details for a high severity Linux kernel a use-after-free vulnerability tracked as CVE-2018-1718. The vulnerability is a use-after-free tracked as CVE-2018-17182, it was discovered by Google Project Zero’s Jann Horn. ships a kernel that was last updated 2018-08-27.” of the Linux kernel.

Security 108

Security IT 108

Security Affairs

SEPTEMBER 18, 2021

” Our research shows that this actor has been targeting the aviation industry since at least 2018, with files mentioning both “Trip Itinerary Details” and “Bombardier” at the time using the URL akconsult[.]linkpc[.]net.” ” Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Phishing 108

Phishing Marketing Security Risk 108

PerezBox

OCTOBER 20, 2018

On September 28th, 2018, Facebook announced it’s biggest data breach to date. The post The 2018 Facebook Data Breach appeared first on PerezBox. They estimated 50 million accounts were affected at the time of the disclosure. Subsequent to the disclosure, security.

Data breaches 76

Data breaches Security IT Cybersecurity 76

IT Governance

MARCH 11, 2019

But that was somewhat misleading, because the same day the GDPR came into force, the UK adopted the DPA 2018. The DPA 2018 is essentially a UK-specific complement to the GDPR, and was created for three reasons. The DPA 2018 is essentially a UK-specific complement to the GDPR, and was created for three reasons. Wait… what?

GDPR 79

GDPR Personal data Compliance Government 79

IBM Big Data Hub

AUGUST 24, 2023

Formed in 2018 to compete in the inaugural Call for Code Global Challenge — which it won — Project OWL is a global team of entrepreneurs focused on creating radically cost-effective and easy to use aerospace technologies. This is where Project OWL comes into play: developing new technologies to help address these challenges.

Communications 72

Communications IT Libraries Analytics 72

Security Affairs

DECEMBER 12, 2018

Experts from Kaspersky Lab reported that that the recently patched Windows kernel zero-day vulnerability ( CVE-2018-8611 ) has been exploited by several threat actors. Microsoft’s Patch Tuesday updates for December 2018 address nearly 40 flaws, including a zero-day vulnerability affecting the Windows kernel. Pierluigi Paganini.

Security 105

Security IT 105

OpenText Information Management

JANUARY 2, 2018

Over the next 10 years, there will be five billion … The post 2018 top tech predictions appeared first on OpenText Blogs. Software is powering digital transformations and will enable the Intelligent Enterprise—and a new way to work.

Digital transformation 75

Digital transformation IT Artificial Intelligence Big data 75

Security Affairs

NOVEMBER 14, 2018

Kaspersky revealed that the CVE-2018-8589 Windows 0-day fixed by Microsoft Nov. 2018 Patch Tuesday has been exploited by at least one APT group in attacks in the Middle East. Kaspersky Lab described the CVE-2018-8589 flaw as a race condition in win32k!xxxMoveWindow Securi ty Affairs – CVE-2018-8589, hacking).

Authentication 98

Authentication Government Security IT 98

OpenText Information Management

JANUARY 29, 2018

Digital transformation continues to progress in the government sector and this is unlikely to change in 2018. Instead, they cover areas where government agencies are likely to begin to realize … The post Top 2018 tech trends for Government appeared first on OpenText Blogs.

Government 86

Government Digital transformation 86

Security Affairs

MAY 8, 2019

Threat actors are exploiting a Jenkins vulnerability (CVE-2018-1000861) disclosed in 2018 to deliver a cryptocurrency miner using the Kerberods dropper. According to SANS handler Renato Marinho, a proof-of-concept (PoC) exploit for CVE-2018-1000861 was released in early March. ” reads the analysis published by Marinho. .

Honeypots 96

Honeypots Libraries IT Access 96

Security Affairs

JANUARY 20, 2019

Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch software is affected by a critical and unpatched vulnerability (CVE-2018-15439) that could be exploited by a remote, unauthenticated attacker to gain full control over the device.

Passwords 108

Passwords Authentication Cloud Access 108